mitigation

  1. AA19-024A: DNS Infrastructure Hijacking Campaign

    Original release date: January 24, 2019 Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised...
  2. Standing behind “MSRC Listens”

    Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community...
  3. Intel Foreshadow vulnerability

    Intel has revealed another major security vulnerability in its CPUs, similar to the Meltdown/Spectre vulnerabilities revealed earlier this year. It is understood that at this time there are no current exploits and further information can be found on the released Link Removed . AMD chips are...
  4. TA18-141A: Side-Channel Vulnerability Variants 3a and 4

    Original release date: May 21, 2018 Systems Affected CPU hardware implementations Overview On May 21, 2018, new variants—known as 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were Link Removed. These variants can allow an attacker to obtain access to...
  5. How do you balance privacy and security

    For a while now I've been trying to avoid Google and Microsoft services as much as possible. Yet we all know that's not probable if you want to function normally in today's world. Well I've kind of hit a point where the geeky side of me has won over the cautious once bitten twice from the...
  6. TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

    Original release date: April 16, 2018 Systems Affected Generic Routing Encapsulation (GRE) Enabled Devices Cisco Smart Install (SMI) Enabled Devices Simple Network Management Protocol (SNMP) Enabled Network Devices Overview This joint Technical Alert (TA) is the result of analytic efforts...
  7. Speculative Execution Bounty Launch

    Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat...
  8. KB4090007: Intel microcode updates

    Intel release updates for Spectre on 6th generation (Skylake) chips: Intel Link Removed that they have completed their validations and started to release microcode for newer CPU platforms around Spectre Variant 2 (CVE 2017-5715 (“Branch Target Injection”)). This update includes microcode...
  9. TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer

    Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS...
  10. TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

    Original release date: June 13, 2017 | Last revised: July 07, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...
  11. TA17-163A: CrashOverride Malware

    Original release date: June 12, 2017 | Last revised: July 27, 2017 Systems Affected Industrial Control Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial...
  12. TA17-156A: Reducing the Risk of SNMP Abuse

    Original release date: June 05, 2017 Systems Affected SNMP enabled devices Overview The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and...
  13. Announcing the Windows Bounty Program

    Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...
  14. TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

    Original release date: June 13, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the...
  15. TA17-163A: CrashOverride Malware

    Original release date: June 12, 2017 Systems Affected Industrial Controls Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack...
  16. TA17-156A: Reducing the Risk of SNMP Abuse

    Original release date: June 05, 2017 Systems Affected SNMP enabled devices Overview The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and...
  17. Strengthening the Microsoft Edge Sandbox

    In a recent post, we outlined the layered strategy that the Microsoft Edge security team employs to protect you from vulnerabilities that could be used to compromise your device or personal data. In particular, we showed how Microsoft Edge is leveraging technologies like Code Integrity Guard...
  18. TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets

    Original release date: October 14, 2016 Systems Affected Internet of Things (IoT)—an emerging network of devices (e.g., printers, routers, video cameras, smart TVs) that connect to one another via the Internet, often automatically sending and receiving data Overview Recently, IoT devices...
  19. TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations

    Original release date: September 06, 2016 Systems Affected Network Infrastructure Devices Overview The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security...
  20. TA16-132A: Exploitation of SAP Business Applications

    Original release date: May 11, 2016 Systems Affected Outdated or misconfigured SAP systems Overview At least 36 organizations worldwide are affected by an SAP vulnerability Link Removed. Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP...