July 09, 2020

U.S. warns old software makes companies vulnerable to North Korean cyber attacks
Government agencies publish five malware samples linked to DPRK in push to better secure infrastructure

U.S. businesses and the public sector remain vulnerable to North Korean cyber threats because software often remains unpatched, the Cybersecurity and Infrastructure Security Agency (CISA) warned on Tuesday after releasing five new malware samples attributed to the DPRK.

"Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets,” CISA explained in an alert on the “Top 10 Routinely Exploited Vulnerabilities” prepared in collaboration with the Federal Bureau of Investigation (FBI) and the broader U.S. government.