IC3 Issues Alert on DDoS Extortion Campaigns

Original release date: July 31, 2015

The Internet Crime Complaint Center (IC3) has issued an alert to U.S. businesses about a rise in extortion campaigns. In a typical incident, a business receives an e-mail threatening a Distributed Denial of Service (DDoS) attack to its website unless it pays a ransom. Businesses are warned against communicating directly with attackers and advised to use DDoS mitigation techniques instead.

Users and administrators are encouraged to review the IC3 Alert for details and US-CERT Security Tip ST04-015 for more information on DDoS attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

Read More


Schneider Electric InduSoft Web Studio before Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Read More


Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.

Read More


IBM Business Process Manager (BPM) 8.0.x through, 8.5.0 through, 8.5.5 through, and 8.5.6 through, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.

Read More