MSS News: Today's Daily Report
Last Updated: 11:30AM EST
Recent Security News
Jigsaw Security monitors Press Releases for Intelligence Value - Jigsaw Security has added a module to our Jigsaw Analytic Platform to monitor common press release sites for information that may provide additional resources and information on our customers and clients. In addition we have added a corporate corruption dataset in our platform.
SCADA Highly Insecure - It should be noted that SCADA networks are highly insecure, namely because these control devices have been deployed for years and usually are not patched after deployment. That being said Jigsaw Security has added a new full text search product to search by product and provide insight into SCADA vulnerabilities as well as full text of ICS-ISAC data so security personnel can track new issues in near real time. This should allow Jigsaw customers to scan all text content and alerts in this space.
Tesla Sues Former Employee for Corporate Espionage - After an email alert on Sunday evening by Tesla CEO Elon Musk, the company has filed suit against a former employee. You can read the court filing here. Jigsaw Security believes that Tesla could benefit from our JTMM that would uncover not only this type of activity but additional threats not in the cyber security realm.
Recent Security Events
Drupal Vulnerabilities - We have added some indicators of abuse of a VPN service directly related to a Drupal vulnerability that is being exploited by bad actors. Event: 28758
SamSam Financial Services Attacks - We added an update to the long standing SamSam banking malware. Added new information. Event: 28756
UPS and IRS Themed Phishing Email - Added a screenshot of an email received yesterday that include both UPS and IRS themes. Event: 28749
Alert on Hidden Tunneling observed in the Financial Sector - A report by Jigsaw Security on recently observed tunnel exploitation in the banking sector with recommendations on how to eliminate or minimize this threat. Event: 28754
THRIP Attack - An attack reported by Alienvault that should be monitored. Event: 28755
In addition to these events. We are still seeing router exploits and many host scanning for telnet. Many of the host involved are suspected of being compromised and the activity is directly related to the VPNFilter information we have been updating in our threat intelligence platform and FirstWatch sensors to monitor the activity.