HomeMy WebLinkAbout_Possible SPAM_ Barracuda_ Fwd_ Advisory - IPAWS Vulnerability.msgCAUTION: This message originated outside of our City of Diamond Bar network.
All.
See email below
Diana Manzano-Garcia, MPA
Disaster Management Area Coordinator
Area D Office of Disaster Management
500 W. Bonita Ave., Suite 5
San Dimas, CA 91773
Office: 909-394-3399
Cell: 626-201-0919
dmanzano@areadonline.com
areadonline.com <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fareadonline.com&c=E,1,Hlr-C3i7Nc9wxksrHUS_MG6Bmho7mrXI6TvnJzWcPDwqGl-t4ewjq7lnYfteXnS9Gv8Dyaj38AMjM4xQGOIXqeN4xz_Kox-nYXBsYLN0I0mQ
&typo=1&ancr_add=1>
Excuse any typos, as this email was generated by an iPhone.
Begin forwarded message:
From: Michael Little <Michael.Little@jric.org>
Date: August 26, 2022 at 12:55:53 PM PDT
To: Michael Little <Michael.Little@jric.org>
Subject: Advisory - IPAWS Vulnerability
Colleagues,
Attached is a Cyber Security Advisory from the SNCTC entitled, IPAWS Vulnerability.
As the advisory points out, on 5 August 2022, the Department of Homeland Security and FEMA acknowledged they became aware of vulnerabilities within Emergency Alert System (EAS) encoder/decoder
devices. The specific encoder that was exploited is a Monroe Electronics R189 One‐Net DASDEC EAS device. This device is a standard 10/100 BASE‐T Ethernet connection device that can
communicate with your network using the new digital platforms, or it can be accessed via the Internet for monitoring or downloading upgrades.
Once the EAS device flaw is exploited, the actor has access to credentials, certificates, and devices; can exploit the web server; can send fake alerts via craft messages and have valid
and pre‐empting signals at will; and can lock out legitimate users neutralizing or disabling a response.
The advisory provides more details.
Michael Little
RTG Intelligence l Senior IO
Joint Regional Intelligence Center
562 345-1701 O
213 670-3447 M