Microsoft Reports Global Cyberattacks on Sporting and Anti-Doping Organizations from Russian Espionage Actors

Original release date: October 29, 2019

Microsoft publicly released information revealing an uptick in cyberattacks globally targeting anti-doping authorities and sporting organizations. The Microsoft Threat Intelligence Center (MSTIC) routinely tracks malicious activity originating from the Russian advanced persistent threat (APT) group 28, also known as Fancy Bear, STRONTIUM, Swallowtail, Sofacy, Sednit, and Zebrocy. According to Microsoft, APT28 is targeting sporting and anti-doping organizations using spearphishing, password spraying (a brute force technique), fake Microsoft internet domains, as well as open-source and custom malware to exploit internet-connected devices.

To protect against similar attacks, Microsoft recommends:

  • Enabling two-factor authentication on all business and personal email accounts,
  • Learning how to spot phishing schemes and protect yourself from them, and
  • Enabling security alerts about links and files from suspicious websites.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages network defenders to remain vigilant and review the Microsoft article, the World Anti-Doping Agency article, and the following resources for additional information:

This product is provided subject to this Notification and this Privacy & Use policy.

Samba Releases Security Updates

Original release date: October 29, 2019

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-10218, CVE-2019-14833, and CVE-2019-14847 and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

FTC Provides Tips for Warding Off Hackers

Original release date: October 29, 2019

The Federal Trade Commission (FTC) has released an article with tips on how protect your personal information from being stolen by hackers. In support of National Cybersecurity Awareness Month (NCSAM), FTC provides recommendations on how to safeguard phones, computers, accounts, and personally identifiable information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article and the following additional resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.