Current Activities

WannaCry Ransomware v0.2 National KE-CIRT-CC Report

In May 2017, a cyber offensive, targeting a variety of organizations and institutions worldwide, disseminated WannaCry ransomware. The ransom note, written in different languages, demanded US$300-600 from the victims to decrypt their files. Infection cases were detected in multiple countries worldwide, including the UK, where several medical institutions were hit, Russia, where governmental offices were affected, Spain, Germany, China, and many others.

Read more about WannaCry Ransomware v0.2 National KE-CIRT-CC Report

Understanding Firewalls

What does a firewall do?

Read more about Understanding Firewalls

SSL 3.0 Protocol Vulnerability And POODLE Attack

Systems Affected

Systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

Some Transport Layer Security (TLS) implementations are also vulnerable to the POODLE attack.

Overview

Read more about SSL 3.0 Protocol Vulnerability And POODLE Attack

Memcached on port 11211 UDP & TCP being exploited

UPDATE: As of 2018-02-28, more attack using the memcached reflection vector have been unleashed on the Internet. Operators are asked to port filter (Exploitable Port Filters), rate limits the port 11211 UDP traffic (ingress and egress), and clean up any memcached exposed to the Internet (iptables on UNIX works). These mitigations should be on IPv4 and IPv6! There is not excuse for ISPs, Telcos, and other operators for not acting. NTT is an example of action. Click for more info

Read more about Memcached on port 11211 UDP & TCP being exploited

ISIS sympathizers exploiting WordPress plugins to hack websites, FBI warns

The Federal Bureau of Investigation warned Tuesday that attackers claiming to be sympathetic to the extremist group ISIS are targeting websites that have vulnerable WordPress plugins.

The content management system has a thriving community of third-party developers who have created some 37,000 plugins, but occasionally security vulnerabilities in one can put a large number of websites at risk.