Articles about us-cert

Forget sexy zero-days. Siemens medical scanners can be pwned by two-year-old-days

Hackers can exploit trivial flaws in network-connected Siemens' medical scanners to run arbitrary malicious code on the equipment. These remotely accessible vulnerabilities lurk in all of Siemens' positron emission tomography and computed tomography (PET-CT) scanners running Microsoft Windows 7. These are the molecular imaging …
Iain Thomson, 4 Aug 2017
Image by Sergey Nivens http://www.shutterstock.com/gallery-461077p1.html

Kill it with fire: US-CERT urges admins to firewall off Windows SMB

The US computer emergency readiness team is recommending organisations ditch old versions of the Windows SMB protocol and firewall off access to file servers – after a potential zero-day exploit was released by the Shadow Brokers hacking group. The call from the US security clearing house does not name the Shadow Brokers as …
Darren Pauli, 18 Jan 2017
A frustrated woman

US-CERT's top tip: Hack your crap Netgear router before miscreants arrive

Owners of three models of Netgear routers are being advised to exploit a security hole in their broadband boxes to, er, temporarily close said hole. The alternative is to switch off the boxes until a firmware update lands. Netgear says that the R6400, R7000, and R8000 series routers are all vulnerable to CVE-2016-582384, a …
Shaun Nichols, 13 Dec 2016
DDoS

Huge DDoS attacks are about to get bigger: Mirai bots infect Sierra Wireless gateways

Sierra Wireless cellular modems are being infected by the Mirai botnet malware used to smash systems offline. Mirai commandeers web-connected cameras, sensors and other Internet of Things (IoT) devices using the default factory-set login passwords in their firmware. It has been fingered for unleashing the largest DDoS attack …
Iain Thomson, 14 Oct 2016

US-CERT tells network operators to pay attention and harden up

The US-CERT is warning organisations to harden their networks, because resurgent malware plus the recent publication of powerful exploits proved too hot to ignore. The organisation says that threats like the a leak of Equation Group Adaptive Security Appliance (ASA) tooling are bad enough by themselves, but warns plenty of …
Darren Pauli, 9 Sep 2016

US-CERT advice says kill Quicktime for Windows, quickly

US-CERT has echoed The Register's advice to the effect that if you're running Quicktime for Windows, it's time to delete it. Right now. The United States' Department of Homeland Security's Computer Emergency Response Team's advice comes after Apple took Quicktime for Windows for its long drive down a country road. As noted by …
jaws

Man the HARPOONS: YOU can EASILY SLAY ad-scumware Superfish

+Updates The US government's Computer Emergency Readiness Team (US-CERT) has said the Superfish ad-injecting malware installed by Lenovo on its new laptops is a "critical" threat to security. Chinese PC peddler Lenovo bundled the software nasty to make a fast buck from its cheap, low-margin hardware: the application hijacks web …
Iain Thomson, 20 Feb 2015
Malware

Twitter 'news' spreads faster than Ebola #FakeCures #Malware

Updated Social media has become a conduit for the spread of fake cures and treatments for Ebola. As if that weren't bad enough, confusion about the epidemic is also being harnessed to push malware and other cybercrime scams, security watchers warn. The hoaxes began in the Twittersphere with the spread of false ways to treat Ebola. …
John Leyden, 20 Oct 2014
balaclava_thief_burglar

Did you swipe your card through one of these UPS Store tills? You may have been pwned

UPS has discovered an outbreak of debit and credit-card-reading malware in 51 of its branches in the US. Exactly which strain of malware was involved is not known; a spokesperson told The Register today: "We're still investigating the infection." It's hoped the identity of the malware will be revealed once that probe is …
The Register breaking news

Latest Java patch is not enough, warns US gov: Axe plugins NOW

Security experts advise users to not run Java in their web browsers despite a patch from Oracle that mitigates a widely exploited security vulnerability. The database giant issued an emergency out-of-band patch on Sunday, but despite this the US Department of Homeland Security continues to warn citizens to disable Java plugins …
John Leyden, 15 Jan 2013
The Register breaking news

US-CERT warns DKIM email open to spoofing

US-CERT has issued a warning that DomainKeys Identified Mail (DKIM) verifiers that use low-grade encryption are open to being spoofed and need to be upgraded to combat attackers wielding contemporary quantities of computing power. You might think this is no big deal – after all the value of strong cryptography has been …
Iain Thomson, 24 Oct 2012
cockroach

Tridium patches control systems bug after a year

More than 300,000 automation systems – covering lighting control, building automation and security, heating and air conditioning and more – need patching after a slew of vulnerabilities in the Tridium Niagara AX went public thanks to an ISC-CERT advisory. The announcement of the vulnerabilities comes nearly synchronously with …
The Register breaking news

Wi-Fi Protected Setup easily unlocked by security flaw

Security researcher Stefan Viehböck has demonstrated a critical flaw in the Wi-Fi Protected standard that opens up routers to attack and has prompted a US-CERT Vulnerability notice. Wi-Fi Protected Setup (WPS) is used to secure access to wireless networks and requires each router to have a unique eight-digit PIN. One mode of …
Bill Ray, 29 Dec 2011
The Register breaking news

DHS slams US gov network security

The US government is bad at protecting its networks and has neither the authority or manpower to respond to threats in real time. The US Computer Emergency Readiness Team, which is responsible for securing the government's systems, got a roasting yesterday in a report (pdf) published by the Department of Homeland Security's …
Robert Blincoe, 17 Jun 2010

Create a news alert about us-cert, or find more stories about us-cert.

Biting the hand that feeds IT © 1998–2018