Page 16 - Threat Intelligence 11-5-2019
P. 16

Threat Alerts




           And Advisories








            FTC Provides Tips for Warding Off Hackers
            The Federal Trade Commission (FTC) has released an article with tips on how protect your
            personal information from being stolen by hackers. In support of National Cybersecurity
            Awareness Month (NCSAM), FTC provides recommendations on how to safeguard phones,
            computers, accounts, and personally identifiable information.
            The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to
            review the FTC article and the following additional resources for more information:
            •NCSAM 2019 webpage
            •Protecting Your Privacy
            •Good Security Habits
            •Preventing and Responding to Identity Theft


            Samba Releases Security Updates
            The Samba Team has released security updates to address vulnerabilities in multiple
            versions of Samba. An attacker could exploit some of these vulnerabilities to obtain
            sensitive information.

            The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and
            administrators to review the Samba Security Announcements for CVE-2019-10218, CVE-
            2019-14833, and CVE-2019-14847 and apply the necessary updates and workarounds.


            Microsoft Reports Global Cyberattacks on Sporting and Anti-Doping Organizations from
            Russian Espionage Actors
            Microsoft publicly released information revealing an uptick in cyberattacks globally
            targeting anti-doping authorities and sporting organizations. The Microsoft Threat
            Intelligence Center (MSTIC) routinely tracks malicious activity originating from the Russian
            advanced persistent threat (APT) group 28, also known as Fancy Bear, STRONTIUM,
            Swallowtail, Sofacy, Sednit, and Zebrocy. According to Microsoft, APT28 is targeting
            sporting and anti-doping organizations using spearphishing, password spraying (a brute
            force technique), fake Microsoft internet domains, as well as open-source and custom
            malware to exploit internet-connected devices.


            To protect against similar attacks, Microsoft recommends:

            • Enabling two-factor authentication on all business and personal email accounts,
            • Learning how to spot phishing schemes and protect yourself from them, and
            • Enabling security alerts about links and files from suspicious websites.

            The Cybersecurity and Infrastructure Security Agency (CISA) encourages network defenders
            to remain vigilant and review the Microsoft article, the World Anti-Doping Agency article,
            and the following resources for additional information:


                                                    www.accumepartners.com
                                                                                                                    16
   11   12   13   14   15   16   17   18   19   20