Information Technology

Satellite operator Viasat has confirmed that destructive malware was behind the problems with end-user modems in Ukraine and parts of Europe on the day Russia invaded Ukraine. SentinalLabs researchers Juan Andres Guerrero-Saade and Max van Amerongen have detailed their discovery of a new destructive malware variant they call “AcidRain” — a Linux file format (ELF) binary designed to wipe modems and routers — that they contend knocked out thousands of Vista’s KA-SAT routers on February 24.  AcidRain is the latest destructive malware discovered since Russia’s invasion on February 24, including WhisperGate, HermeticWiper, CaddyWiper, IssacWiper, and DoubleZero. SentinalLabs says AcidRain shares some similarities with stage 3 component of VPNFilter — the malware that Ukraine blocked in 2018 fearing an attack on its critical infrastructure and which prompted the FBI that year to tell everyone to reboot their routers to remove the malware. The security company released its findings on AcidRain on the heels of Viasat’s March 30 account of the February outage, which preceded an outage of Germany energy firm Enercon’s remote communication system to 5,800 wind turbines.    Viasat at the time confirmed the attack was not on the satellite network itself but was a denial of service attack from SurfBeam2 and SurfBeam2+ modems located within the Ukraine that knocked KA-SAT modems offline.  Viasat yesterday said the attack was localized to a single, consumer-oriented partition of the KA-SAT network operated on Viasat’s behalf by a Eutelsat subsidiary, Skylogic. It didn’t impact Viasat’s directly managed mobility or government users on the KA-SAT satellite, nor did it affect users on other Viasat networks, it said. The company noted that “destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable.”Viasat also said the attackers exploited a misconfigured VPN appliance to gain remote access to access the management segment of the KA-SAT network, then moved onto a portion used to manage and operate the network, before executing “legitimate, targeted management commands” on residential modems. SentinalLabs researchers put forward another idea: a supply chain attack, where the attackers somehow used a KA-SAT management mechanism to push the wiper to targeted modems and routers.  “The threat actor used the KA-SAT management mechanism in a supply-chain attack to push a wiper designed for modems and routers. A wiper for this kind of device would overwrite key data in the modem’s flash memory, rendering it inoperable and in need of reflashing or replacing,” SentinalLabs notes.  The SentinalLabs researchers spotted a MIPS ELF binary with the name ‘ukrop’ on VirusTotal that was uploaded on March 15.”Only the incident responders in the Viasat case could say definitively whether this was in fact the malware used in this particular incident,” they add. A Viasat spokesperson told ZDNet that the facts in SentinalLabs’ report were accurate and lined up with its own report, however Viasat disagrees that this was a supply chain attack.   “The facts provided in the Viasat Incident Report yesterday are accurate. The analysis in the SentinelLabs report regarding the ukrop binary is consistent with the facts in our report – specifically, SentinelLabs identifies the destructive executable that was run on the modems using a legitimate management command as Viasat previously described.””We don’t view this as a supply chain attack or vulnerability,” the spokesperson said. Per Viasat’s Thursday report: “Viasat has no evidence that standard modem software or firmware distribution or update processes involved in normal network operations were used or compromised in the attack.” Further, “there is no evidence that any end-user data was accessed or compromised.”The FBI and Cybersecurity and Infrastructure Security Agency (CISA) recently warned all SATCOM operators and their customers to review its guidance for protecting against attacks on satellite networks and very small-aperture terminal (VSAT) networks.   More

Ransomware attacks are creating risks to safety by disrupting public services including utilities, emergency services and education, the Federal Bureau of Investigation (FBI) has warned. The alert says that local government agencies are attractive targets for cyber criminals to hit with ransomware, because they oversee critical services on which the public depends. Ransomware attacks against local governments have caused disruptions to healthcare, emergency services and safety operations, and have seen sensitive personal data stolen by hackers, putting individuals at further risk of fraud and cybercrime. The attacks targeting local services show no signs of slowing down. 

ZDNet Recommends

“In the next year, local US government agencies almost certainly will continue to experience ransomware attacks, particularly as malware deployment and targeting tactics evolve, further endangering public health and safety, and resulting in significant financial liabilities,” warned the alert, which details how several ransomware attacks over the past year have caused disruption to vital everyday services. SEE: Windows 11 security: How to protect your home and small business PCsFor example, the FBI details how a January 2022 ransomware attack forced a US county to take computer systems offline, close public offices and obliged it to run emergency response operations on backup contingencies.  The attack also knocked out county jail surveillance cameras, data collection capabilities, internet access, and deactivated automated doors, resulting in safety concerns and a facility lockdown. Another ransomware incident against local government services in September 2021 led to a county courthouse being closed and cyber criminals stealing personal information about residents and employees. The hackers published the data on the dark web after the county refused to pay the ransom. In May 2021, a PayOrGrief ransomware attack infected local US county government systems, making servers inaccessible and disrupting online services, including the ability to book COVID-19 vaccination appointments. The attackers claimed to have stolen 2.5GB of data containing internal documents and personal information. The examples of cyberattacks detailed in the alert represent just a small fraction of the total number of ransomware incidents against government services during the past year alone – and only higher education and academia were more common victims for ransomware attacks during 2021. While the FBI and other law enforcement agencies say victims of ransomware attacks shouldn’t pay the ransom demand for a decryption key because it just encourages further attacks, in many cases the victims will pay because they feel as if it’s the quickest way to restore vital services – it’s why criminals target public services. But even if victims pay the ransom, restoring the network is an arduous task – and there’s no guarantee that the decryption key will work properly, or that the ransomware gangs won’t return with more attacks. Whether the victim pays the ransom or not, the FBI urges US organisations to report ransomware incidents as it could help prevent future attacks against others. SEE: A winning strategy for cybersecurity (ZDNet special report) The FBI has listed several cybersecurity measures that organisations can implement to help avoid becoming the victim of a ransomware attack. These include keeping operating systems and software up to date with security patches, so cyber criminals can’t exploit known vulnerabilities to access networks, and to require strong, unique passwords for online accounts, so it’s trickier for hackers to guess passwords. It’s also recommended that organisations require multi-factor authentication for online services including webmail, VPNs and accounts with access to critical systems, in order to provide an additional barrier against attacks. Organisations should also keep offline backups of data and ensure they’re regularly updated and tested, so in the event of a ransomware attack, it’s possible to restore the network without paying cyber criminals for a decryption key. MORE ON CYBERSECURITY More

Deep Panda has launched new attacks this month that exploit Log4Shell to deploy the new Fire Chili rootkit.Deep Panda is a Chinese advanced persistent threat (APT) hacking group that has been active for at least a decade. The APT targets government, defense, healthcare, telecoms, and financial organizations, to name a few, for purposes including data theft and surveillance.

The cyberattackers have a wide range of malicious tools, including the Milestone backdoor and the Infoadmin Remote Access Trojan (RAT) based on Gh0st RAT code. There may also be affiliation to Winnti, a separate Chinese group known to target game developers and vendors. A new campaign detected by FortiGuard Labs researchers is the work of Deep Panda, which is targeting organizations in the finance, travel, and cosmetic industries. During the past month, FortiGuard has detected the group’s active exploitation of Log4Shell, a critical vulnerability in the Apache Log4J Java logging library (CVE-2021-44228, CVSS 10.0), to spread a new, “novel” rootkit. Attackers from various groups use Log4Shell to compromise VMware Horizon servers for data exfiltration and cryptojacking. In Deep Panda’s case, the new rootkit, dubbed Fire Chili, is designed to keep activities under the radar and is deployed alongside the Milestone backdoor. Fire Chili has been signed with a stolen digital certificate — the same used by Winnti to sign-off malicious tools — and will check to ensure the victim machine is not running in safe mode. “It then checks the operating system version,” the researchers say. “The rootkit uses Direct Kernel Object Modification (DKOM), which involves undocumented kernel structures and objects, for its operations. For this reason, it relies on specific OS builds as otherwise, it may cause the infected machine to crash.”The latest supported build is Windows 10 Creators Update (Redstone 2). Drivers are implemented to hide malicious objects from existing security systems. The rootkit will also tamper with the registry to stop malicious processes from being terminated, and a callback is generated to disguise newly-created processes from utilities including Task Manager. The researchers collected four-driver samples, both 32-bit and 64-bit, compiled in 2017. The samples were signed with stolen certificates issued by U.S. and Korean gaming companies. In addition, the malware can hide registry keys and TCP network connections. The Milestone backdoor is then installed on the target machine for ongoing data theft and persistence. The researchers also discovered a dropper containing a Milestone loader.”Although both Deep Panda and Winnti are known to use rootkits as part of their toolset, Fire Chili is a novel strain with a unique code base different from the ones previously affiliated with the groups,” FortiGuard says. “The reason these tools are linked to two different groups is unclear at this time. It’s possible that the groups’ developers shared resources, such as stolen certificates and C2 infrastructure, with each other.”See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Getty Images
Startup SunVia believes that managing your own identity will be critical to the future metaverse. Identification will be the most important component in making the digital future work, and personal IDs will help individuals gain control of their data — taking it away from the big platforms. 

“Over the past 10 to 15 years, people’s digital identity has grown in importance; everyone now has a much larger digital life,” says Jay Williams, President and CTO of SunVia. “People want to be able to control their personal data and manage who has access to that data.”The current political sentiment is focusing on curbing corporate access to personal data through new privacy laws, such as those in California. Advertisers are finding it increasingly difficult to target individuals with relevant messages, but SunVia is betting there’s a solution to satisfy the stakeholders in this sensitive subject of data privacy.What is needed, Williams says, is a more ethical relationship between consumers and advertisers, specifically regarding how personal data can be used. SunVia is working on tools that will help create that ethical relationship by enabling people to manage their personal data and grant or deny access to it.Currently, there is no easy way for individuals to check the accuracy of personal data — or to control who profits from that data. Yet there’s a $100 billion advertising industry that relies on that data. It creates billions of dollars in profits for the vendors of personal data, and there’s a clear imbalance here with value being lost to third-parties. Williams believes that there needs to be new legislation to guarantee individual rights, and that legal code needs to be reflected in software code. The California Data Privacy laws show a strong shift to increasing an individual’s control over their data, and other states are introducing similar legislation. California residents, for example, can demand a company to reveal how it’s using their personal data and if that data has been sold. California’s tough approach, along with large punitive fines, is likely to limit the collection of personal data. Many organizations will conclude that the cost of generating data reports for individuals will eclipse any benefits from collecting that data.Less personal data creates a problem with targeting advertising. With SunVia, however, this problem is solved because consumers will own their data and manage the commercial messages they see. “Brands still want to have a direct and meaningful relationship with consumers, and this will be enabled through our platform. It will be based on ethical licenses,” explains Williams.For Williams and his colleague John Humphrey, Chief Revenue Officer at SunVia, almost everything about the digital future requires the need for verifiable IDs.”In 2020, during the lockdowns, the world crossed the Rubicon with 52% of the population with at least one online account; we’ve come even further now,” says Humphrey. “With individuals typically having multiple online accounts — and the introduction of new digital markets, such as trading NFTs — the need for verifiable IDs is critical to market growth.”SunVia has begun to roll out some of its technology and is looking for participants for Protagonist, an alpha version of what will become The Metaverse Operations Manager.SunVia recently published an article that reads like a manifesto and a call to action. Here is an excerpt: “… the Platforms own our identity. We gave it to them in exchange for some trinkets. They now own the most important and scarce resource on the planet. Ourselves.”People are not here to be used. We are not Consumers to be classified, sliced, diced, and resold to brands to fuel more consumption. We are Producers. We are Creators. We are the Brands. We are now the drivers of the economy.” It later adds, “We need a Decentralized Autonomous Association (DAA) to allow us to own ourselves and our information. This is the next economy. The Relationship Economy. Come join us.”You can read SunVia’s “Origin of the Relationship Economy” here.

Social Networking More

Welcome to the first installment of a new weekly advice column, Ask ZDNet. It’s a time-honored editorial format, like Dear Abby but with a much better grasp of modern tech. This week, we tackle three thorny questions: Are text messages too dangerous to use as a second factor for 2FA? Do you really need Windows 11 Pro edition? And why do smoke detector batteries always seem to die in the middle of the night? If you’ve got a question about any of the topics ZDNet covers, one of our team of editors and contributors probably has an answer. If they don’t, we’ll find an outside expert who can steer you in the right direction. Questions can cover just about any topic that’s remotely related to work and technology, including PCs and Macs, mobile devices, security and privacy, social media, home office gear, consumer electronics, business etiquette, financial advice … well, you get the idea. Send your questions to ask@zdnet.com. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about. Ask away. 

Is it OK to use text messages for 2-factor authentication?

I know I’m supposed to use 2-factor authentication for everything, but I keep reading that using text messages for 2FA is dangerous. Do I really need to worry about this? What are my alternatives?

First things first: Yes, setting up 2FA is a crucial security step for any important online account. When this form of authentication is enabled, you need to provide a second proof of your identity when signing in to an online service for the first time on a device. If your password is stolen in an online data breach or someone fools you into giving it up, the attacker can’t access your account because they don’t have access to a second authentication factor. (For a detailed explainer, see “Multi-factor authentication: How to enable 2FA to step up your security.”) The most basic form of 2FA involves a text message, sent via SMS to a phone you previously registered with your account. After you type in your password, you receive a text message with a code that you enter as the final step of authenticating. SMS-based 2FA is absolutely better than no 2FA. But it’s vulnerable to a variety of attacks, including SIM swapping, where the bad guy is able to intercept the SMS messages and take over the account. This type of attack takes a great deal of work and is most likely to target a high value account, like someone who works at the support desk for a big corporation. But even if you aren’t a target for a global hacking network, it’s smart to steer clear of SMS authentication whenever you can.There are two great alternatives to SMS-based 2FA codes. First is a free authenticator app, which generates 2FA codes or receives approval prompts directly on your phone. (For details, see “Protect yourself: How to choose the right two-factor authenticator app.”) For maximum security, consider a physical hardware key that you connect using USB or NFC. Hardware keys cost more and aren’t as easy to use, but they’re ideal for high-value accounts that need extra protection. (See “YubiKey hands-on: Hardware-based 2FA is more secure, but watch out for these gotchas.”) 

Where are all the PCs with Windows 11 Pro?

I’m ready to buy a new PC, but all of the computers I see for sale at my local retail outlets are running Windows 11 Home edition. Do I need to upgrade to Pro? How do I do that without spending a fortune?

 As you’ve noticed, the PC industry is extremely price-sensitive. The reason you see so many PCs running Windows Home edition is because it costs the PC makers less than the Pro edition, which in turn allows them to cut the price tag on a PC model by about $100. For most consumers, Home edition is good enough. Businesses that run on Windows enterprise networks need Pro edition, however, because it’s a requirement to join a PC to a Windows domain or Azure Active Directory account and then manage that PC with Group Policy and mobile device management software. Pro edition does have a few added features you might be willing to pay for, especially if you’re planning to use your PC for business. It supports full BitLocker encryption without requiring the user to sign in to a Microsoft account. It also allows the use of Windows Information Protection features for secure document sharing. You get to use the full Hyper-V virtualization platform to create and run virtual machines. You can configure Pro edition to be a remote desktop server, allowing you to connect to it remotely from another Windows PC (even one running Home edition) or from a Mac or a mobile device. Instead of installing updates on Microsoft’s schedule, you can set up custom schedules for devices, deferring updates for up to 30 days while you wait for other people to experience any update-related bugs. But that’s pretty much it. If you prefer a PC that comes with Windows 11 Pro (or Windows 10 Pro, for that matter), your best bet is to look online, where you can find stores that specialize in PCs built for business. You can also go to online dealers like Dell, who will happily configure a PC to your specifications. Adding the upgrade to Windows Pro typically costs $50-80.  Or you can buy one of those PCs with Home edition installed and upgrade it yourself. If you have a license key for a Pro or Business edition of Windows 7, Windows 8.1, or Windows 10, you can use it to upgrade. (Instructions here: “How to upgrade from Windows 10 Home to Pro for free.”) You can also buy the Pro license online. The full retail price is $200 (ouch) at the Microsoft Store. You can find legitimate discounts of $50 or so from other online retailers, but be very suspicious of any discount that’s more generous than that. If you see someone offering a “lifetime license” for Windows 11 Pro for $49, there’s a good chance that the seller is not authorized to distribute that license, and there’s a chance (small, but not zero) that Microsoft could revoke your license key in the future. 

How do I silence that chirping smoke alarm?

The smoke alarm mounted on my bedroom ceiling started chirping again last night, waking me out of a sound sleep. I’m tempted to just disconnect it completely. Any suggestions on how to set things up so I can get an uninterrupted night’s sleep once again?

According to the folks at Kidde, which manufactures smoke alarms, there’s actually a reason for those chirps in the night.As a smoke alarm’s battery nears the end of its life, the amount of power it produces causes an internal resistance. A drop in room temperature increases this resistance, which may impact the battery’s ability to deliver the power necessary to operate the unit in an alarm situation. This battery characteristic can cause a smoke alarm to enter the low battery chirp mode when air temperatures drop. Most homes are the coolest between 2 a.m. and 6 a.m. Now that we’ve settled, that, please don’t disconnect your smoke detector. It can literally save your life by giving you early warning of a fire so you have time to escape. Modern alarms can also detect another potential killer: the odorless but deadly carbon monoxide. The simplest fix is to set a calendar reminder to change those batteries around the same time every year, using fresh, high-quality lithium batteries. Don’t use rechargeable batteries, and don’t use batteries that have been in storage for a while. For those of us in the Northern Hemisphere, Halloween is a good date, in my experience, as it leads into the winter when windows are likely to be closed most of the time and house fires (and carbon monoxide poisoning) are statistically more likely. If you’d prefer to skip that annual chore, get batteries specifically intended for long-term use in smoke detectors and other critical devices. The Energizer Ultimate Lithium battery, for example, is designed to last 10 years, which is also how often most smoke detectors should be replaced. Just remember to set a calendar reminder for a decade from now to replace those batteries!   

Send your questions to ask@zdnet.com. Due to the volume of submissions, we can’t guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about. Be sure to include a working email address in case we have follow-up questions. We promise not to use it for any other purpose.    More

Zyxel is urging customers to immediately patch a critical vulnerability in the vendor’s firewall software.  

In a security advisory published this week, the Taiwanese networking giant said the security flaw can lead to the circumvention of firewall protection in Zyxel USG, ZyWALL, FLEX, ATP, VPN, and NSG product lines. Tracked as CVE-2022-0342 and issued a critical severity score of 9.8, the vulnerability is described as an “authentication bypass” caused by a proper access control mechanism failure.The bug is present in a number of CGI programs embedded in firewall software. “The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device,” Zyxel says. The following firmware is impacted: USG/ZyWALL: versions 4.20 through 4.70 USG FLEX: versions 4.50 through 5.20 ATP: versions 4.32 through 5.20VPN: versions 4.30 through 5.20NSG: versions 1.20 through 1.33 (Patch 4)Zyxel has released patches for impacted software, and users should upgrade their builds to protected versions as soon as possible. The vendor notes that after investigating the vulnerability, patches have been made available for products in their support period. Legacy product users should be aware that they may be vulnerable. Alessandro Sgreccia from Tecnical Service SrL, alongside Innotec Security’s Roberto Garcia and Victor Garcia, have been credited for reporting the bug. See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Google Cloud has published the results of a survey that it says shows the pervasive use of Microsoft tools in government is making workers less secure.The company, via the pollster Public Opinion Strategies, asked workers about their thoughts of the US government’s reliance on Office and Microsoft’s productivity software like Word, Teams, Outlook, and OneDrive. 

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

Respondents were asked: “Do you believe the federal government’s reliance on products and services from Microsoft makes it more vulnerable or less vulnerable to hacking or a cyberattack?”SEE: Cloud computing is the key to business success. But unlocking its benefits is hard workThe 2,600 people surveyed by Google Cloud included 600 workers from the D.C. metro area and 338 federal, state, or local governments employees from across the US.Nationwide, 60% of government employees said the government’s reliance on Microsoft’s productivity tech does make it more vulnerable. In the D.C. metro area, 57% of government employees thought so too. Workers in general, however, were more divided on the question: 51% of all workers nationwide said it does, while 49% in D.C. thought it does. While the results from the survey are finely balanced, Google Cloud’s take on the results was “Government workers say Microsoft tech makes them less secure.” “More than half of all respondents said that the government’s reliance on these Microsoft products actually made the federal government more vulnerable to hacking or cyberattacks,” says Jeanette Manfra, Google Cloud’s senior director of global risk and compliance, in a blogpost. Manfra, who joined Google Cloud in 2020 after a senior role at the US Cybersecurity and Infrastructure Agency (CISA), said the US government was hobbled by legacy software and a “legacy mindset”.”Many government agencies continue to rely on the same legacy productivity software,” said Manfra. But Microsoft’s corporate Vice President of Communications Frank X. Shaw said it was “unhelpful” to create divisions in the security community at a time when everyone should be working together on heightened alert. “We will continue to collaborate across the industry to jointly defend our customers and government agencies, and we will continue to support the U.S. government with our best software and security services,” he said in a statement.SEE: Cloud computing: Spreading the risk with the multicloud approachThe survey also asked respondents why government IT continues to rely on Microsoft, questioning them as to why their employer chooses Microsoft tools, and the responses did not suggest a huge enthusiasm for change. More than half (55%) of workers said it was because the tools are the most effective at helping them do their jobs; 45% said it was because their employer has always used those same products and services and doesn’t want to change.  But Manfra says the respondents believed the choice of Microsoft had “more to do with inertia than innovation”.Manfra argues this trend could be leading workers to use services at work that aren’t approved by IT departments aka “shadow IT”. Google Cloud’s survey found 35% of D.C. metro government employees have used shadow IT at work and as many as 41% of workers age 20 to 34. Manfra also notes its survey found that 70% of government workers use Gmail outside of work.   Microsoft Office 365’s rival is Google Workspace, which achieved FedRAMP High authorization in November. Google also earned IL4 authorization from the Defense Information Systems Agency (DISA) in November: Microsoft points out that Office 365 is accredited to IL6.  More

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on severe vulnerabilities impacting Rockwell Automation controllers. Rockwell Automation provides industrial digital and automation solutions, including digital twin solutions, engineering products, and factory floor optimization hardware.

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

On March 31, CISA pointed customers to two recent advisories, “ICSA-22-090-05: Rockwell Automation Logix Controllers” and “ICSA-22-090-07: Rockwell Automation Studio 5000 Logix Designer,” which detail severe vulnerabilities in controller products. The first advisory describes CVE-2022-1161, a vulnerability assigned a CVSS severity score of 10.0, the highest possible. The bug impacts a range of CompactLogix, Compact GuardLogix, ControlLogix, FlexLogix, DriveLogix, and SoftLogix controllers. According to the advisory, the vulnerability can be triggered remotely with low attack complexity. “Successful exploitation of this vulnerability may allow an attacker to modify user programs,” the US agency says. “A user could then unknowingly download those modified elements containing malicious code.”The second bug, tracked as CVE-2022-1159 and issued a CVSS ‘high’ severity score of 7.7, impacts Studio 5000 Logix Designer in ControlLogix, GuardLogix, and Compact GuardLogix controllers. This vulnerability requires an attacker to secure administrator access on a workstation running Studio 5000 Logix Designer first, but if they achieve this, they can inject controller code “undetectable to a user.”The vulnerabilities were reported by Claroty cybersecurity researchers Sharon Brizinov and Tal Keren. Claroty has compared the exploitation of these security issues to Stuxnet, as stealthy code could be operating without an engineer being aware of any tampering. “Successful stealthy exploits of programmable logic controllers (PLCs) are among the rarest, most time-consuming, and investment-heavy attacks,” the team commented. “Stuxnet’s authors established the playbook for hacking PLCs by figuring out how to conceal malicious bytecode running on a PLC while the engineer programming the controller sees only normalcy on their engineering workstation. Without advanced forensics utilities, the execution of such malicious code cannot be discovered.”Rockwell has published advisories (1,2) on the vulnerabilities with steps toward mitigation. Earlier this week, the US agency added a further 66 vulnerabilities to the Known Exploited Vulnerabilities Catalog federal agencies are instructed to remediate. The bugs currently under active exploitation in the wild include issues in networking kits, security appliances, and browsers. In February, CISA published an online guide containing free guidance and tools on incident response. The service also includes tips for organizations looking to reduce their risk exposure. See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More