US-CERT Alerts

US-CERT Alerts

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

Author: US-CERT
Posted: October 11, 2018, 3:19 pm
Original release date: October 11, 2018

Summary

This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]

In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools are:

  1. Remote Access Trojan: JBiFrost
  2. Webshell: China Chopper
  3. Credential Stealer: Mimikatz
  4. L...

Read More

TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers

Author: US-CERT
Posted: October 3, 2018, 11:47 am
Original release date: October 03, 2018

Systems Affected

Network Systems

Overview

The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims i...


Read More

TA18-276A: Using Rigorous Credential Control to Mitigate Trusted Network Exploitation

Author: US-CERT
Posted: October 3, 2018, 11:00 am
Original release date: October 03, 2018

Systems Affected

Network Systems

Overview

This technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credentials by Advanced Persistent Threat (APT) actors. It identifies APT actors' tactics, techniques, and procedures (TTPs) and describes the best practices that could be employed to mitigate each of them. The mitigations for each TTP are arranged according ...


Read More

TA18-275A: HIDDEN COBRA – FASTCash Campaign

Author: US-CERT
Posted: October 2, 2018, 3:45 pm
Original release date: October 02, 2018 | Last revised: October 08, 2018

Systems Affected

Retail Payment Systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the Nor...


Read More

TA18-201A: Emotet Malware

Author: US-CERT
Posted: July 20, 2018, 9:24 pm
Original release date: July 20, 2018

Systems Affected

Network Systems

Overview

Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.

This joint Technical Alert (TA) is the result of Multi-State Information Sharing & Analysis ...


Read More