Microsoft Reports Cyberattacks on Targeted Email Accounts

Original release date: October 4, 2019

The Microsoft Threat Intelligence Center (MSTIC) has released a blog post describing an increase in malicious cyber activity from the Iranian group known as Phosphorus. These threat actors are exploiting password reset or account recovery features to take control of targeted email accounts.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the Microsoft blog for additional information and recommendations and CISA’s Tip on Supplementing Passwords.

This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerabilities Exploited in Multiple VPN Applications

Original release date: October 4, 2019

The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Alert for more information and to review the following security advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

NCSC Releases Fact Sheet on DNS Monitoring

Original release date: October 4, 2019

The Dutch National Cyber Security Centre (NCSC) has released a fact sheet on the increasing difficulty of Domain Name System (DNS) monitoring. NCSC warns that although modernization of transport protocols is helpful, it also makes it more difficult to monitor or modify DNS requests. These changes could render an organization’s security controls ineffective.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators review the Dutch NCSC fact sheet on DNS monitoring for additional information and recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

IC3 Issues Alert on Ransomware

Original release date: October 4, 2019

The Internet Crime Complaint Center (IC3) has released an alert on ransomware threats to U.S. businesses and organizations. Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Cyber criminals often infect organizations with ransomware through email phishing campaigns or exploiting vulnerabilities in software or Remote Desktop Protocol (RDP).

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and CISA’s resource page on ransomware for more information on protecting against and responding to ransomware.

This product is provided subject to this Notification and this Privacy & Use policy.