US-Cert

The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications’ (CS&C) National Cybersecurity and Communications Integration Center (NCCIC). US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. The division brings advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad.

Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing …

Read More »

New Exploits for Unsecure SAP Systems

New Exploits for Unsecure SAP Systems - blackMORE Ops

A presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet, as it is an untrusted network. Malicious cyber actors can attack and compromise these unsecure systems with publicly available exploit tools, termed “10KBLAZE.” The presentation detailed the new exploit tools and reports on systems exposed to the internet.

Read More »

Side-Channel Vulnerability Variants 3a and 4 – Spectre and Meltdown

Advanced Persistent Threat Activity Exploiting Managed Service Providers

On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems. Systems Affected CPU hardware implementations Description Common CPU hardware …

Read More »

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.