Mozilla Releases Security Updates for Firefox

Original release date: October 02, 2018

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system.NCCIC encourages use…

Original release date: October 02, 2018

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisory for Firefox 62.0.3 and Firefox ESR 60.2.2 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Google taking new steps to prevent malicious Chrome extensions

Company plans stricter rules for developers, and greater control for users.

Article intro image

Google has announced plans to further restrict Chrome extensions in a bid to crack down on the number of malicious extensions found in the Chrome Web Store.

We've seen a spate of malicious extensions this year; the extensions do things like steal credentials and participate in click fraud schemes. The malicious extensions take advantage of the considerable access to Web pages that extensions have.

Google has already taken some steps to limit malicious extensions. Last year, a stricter multi-process model was applied to extensions to limit the impact of security flaws in the browser, and earlier this year Google deprecated the ability for extensions to offer installation from third-party websites (instead forcing all installations to go via the Chrome Web Store). This feature will be fully removed in Chrome 71 in December.

Read 5 remaining paragraphs | Comments

North Korean Malicious Cyber Activity

Original release date: October 02, 2018

The Department of Homeland Security, the Department of the Treasury, and the Federal Bureau of Investigation have identified malware and other indicators of compromise used by the North Korean government i…

Original release date: October 02, 2018

The Department of Homeland Security, the Department of the Treasury, and the Federal Bureau of Investigation have identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

NCCIC encourages users and administrators to review Alert TA18-275A: HIDDEN COBRA - FASTCash Campaign, Malware Analysis Report (MAR) MAR-10201537, and the page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices

Original release date: October 02, 2018

NCCIC is conducting a series of webinars on protecting enterprise network infrastructure devices. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below:Tuesday, October 2Thursday, October…

Original release date: October 02, 2018

NCCIC is conducting a series of webinars on protecting enterprise network infrastructure devices. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below:

NCCIC encourages decision makers, network defenders, and procurement analysts to register for the webinar by clicking on one of the dates listed above. The webinar will feature a discussion on identified threats, trends in the field, and insights from DHS’s binding operational directive impacting federal agencies.


This product is provided subject to this Notification and this Privacy & Use policy.