Drupal Releases Security Updates

Original release date: October 18, 2018

Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC enc…

Original release date: October 18, 2018

Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


‘Operation Oceansalt’ Delivers Wave After Wave

A wall eight feet high with three strands of barbed wire is considered sufficient to deter a determined intruder, at least according to the advice offered by the CISSP professional certification. Although physical controls can be part of a multifaceted defense, an electronic attack affords the adversary time to develop the necessary tools to bypass …

The post ‘Operation Oceansalt’ Delivers Wave After Wave appeared first on McAfee Blogs.

A wall eight feet high with three strands of barbed wire is considered sufficient to deter a determined intruder, at least according to the advice offered by the CISSP professional certification. Although physical controls can be part of a multifaceted defense, an electronic attack affords the adversary time to develop the necessary tools to bypass any logical wall set before them. In the latest findings from the McAfee Advanced Threat Research team, we examine an adversary that was not content with a single campaign, but launched five distinct waves adapted to their separate targets. The new report “Operation Oceansalt Attacks South Korea, U.S., and Canada with Source Code from Chinese Hacker Group” analyzes these waves and their victims, primarily in South Korea but with a few in the United States and Canada.

Although one reaction is to marvel at the level of innovation displayed by the threat actor(s), we are not discussing five new, never-before-seen malware variants—rather the reuse of code from implants seen eight years prior. The Oceansalt malware uses large parts of code from the Seasalt implant, which was linked to the Chinese hacking group Comment Crew. The level of reuse is graphically depicted below:

Code Visualization of Recent Oceansalt with Older Seasalt

Oceansalt, 2018.

Seasalt, 2010.

Who is Behind the Oceansalt Attack?

Originally taking the title APT1, the Comment Crew was seen as the threat actor conducting offensive cyber operations against the United States almost 10 years before. The obvious suspect is Comment Crew and, although this may seem a logical conclusion, we have not seen any activity from this group since they were initially exposed. Is it possible that this group has returned and, if so, why target South Korea?

It is possible that the source code developed by Comment Crew has now been used by another adversary. The code to our knowledge, however, has never been made public. Alternatively, this could be a “false flag” operation to suggest that we are seeing the re-emergence of Comment Crew. Creating false flags is a common practice.

What Really Matters

It is likely that reactions to this research will focus on debating the identity of the threat actor. Although this question is of great interest, answering it will require more than the technical evidence that private industry can provide. These limitations are frustrating. However, we can focus on the indicators of compromise presented in this report to detect, correct, and protect our systems, regardless of the source of these attacks.

Perhaps more important is the possible return of a previously dormant threat actor and, further, why should this campaign occur now? Regardless of whether this is a false flag operation to suggest the rebirth of Comment Crew, the impact of the attack is unknown. However, one thing is certain. Threat actors have a wealth of code available to leverage new campaigns, as previous research from the Advanced Threat Research team has revealed. In this case we see that collaboration not within a group but potentially with another threat actor—offering up considerably more malicious assets. We often talk about partnerships within the private and public sector as the key to tackling the cybersecurity challenges facing society. The bad actors are not putting these initiatives on PowerPoint slides and marketing material; they are demonstrating that partnerships can suit their ends, too.

The post ‘Operation Oceansalt’ Delivers Wave After Wave appeared first on McAfee Blogs.

Cisco Releases Security Updates

Original release date: October 17, 2018

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC encourag…

Original release date: October 17, 2018

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Meet Helm, the startup taking on Gmail with a server that runs in your home

$500 service couples the security of a private server with the reliability of the cloud.

Meet Helm, the startup taking on Gmail with a server that runs in your home

Enlarge (credit: Helm)

There’s no doubt that Gmail has changed the way we consume email. It’s free, it gives most of us all the storage we’ll ever need, and it does a better job than most in weeding out spam and malware. But there’s a cost to all of this. The advertising model that makes this cost-free service possible means some of our most sensitive messages are being scanned for clues about who we are, what we care about, and what we do both online and offline. There’s also the possibility of Google either being hacked or legally compelled to turn over contents.

On Wednesday, a Seattle-based startup called Helm is launching a service designed to make it easy for people to securely take control of their email and other personal data. The company provides a small custom-built server that connects to a user's home or small-office network and sends, receives, and manages email, contacts, and calendars. Helm plans to offer photo storage and other services later.

With a 120GB solid-state drive, a three-minute setup, and the ability to store encrypted disk images that can only be decrypted by customers, Helm says its service provides the ease and reliability of Gmail and its tightly coupled contacts and calendar services. The startup is betting that people will be willing to pay $500 per year to be able to host some of their most precious assets in their own home.

Read 11 remaining paragraphs | Comments