Date Subject Detail
2024-10-04 Ireland fines Meta €91 million for storing passwords in plaintext The Data Protection Commission (DPC) in Ireland has fined Meta Platforms Ireland Limited (MPIL) €91 million for storing in plaintext passwords of hundreds of millions of users. The incident occurred in 2019. At the time, Meta disclosed it publicly and notified DPC, which initiated an investigation into the tech giant's practices for storing sensitive user data. It is worth noting that the passwords were not available to external parties and the review found no evidence of abuse or improper access. Further information
2024-10-04 ISACA: European Security Teams Are Understaffed and Underfunded European IT security teams are overstressed, underfunded and suffering from major skills gaps and shortages, according to ISACA. The industry body polled over 1800 members across the region to better understand the challenges facing professionals in the sector. It revealed that 61% believe their team is understaffed: 19% claimed their organization has unfilled entry-level positions available, while 48% said the same about roles requiring experience, a university degree or other credentials. Further information
2024-10-04 Why system resilience should mainly be the job of the OS, not just third-party applications Last week, a US congressional hearing regarding the CrowdStrike incident in July saw one of the company’s executives answer questions from policy makers. One suggestion was that future incidents of this magnitude could be avoided by some form of automated system recovery. Should automated recovery be the responsibility of the third-party software vendor or is this better framed as a wider issue of the resilience of the operating system (OS), meaning that the latter initiates some form of auto-recovery process in collaboration with a third-party application? Ultimately, this could go a long way toward improving system resilience and preventing widespread outages – like the one triggered by the faulty CrowdStrike update. Further information
2024-09-26 NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines Using a mixture of character types in your passwords and regularly changing passwords are officially no longer best password management practices according to new guidelines published by the US National Institute of Standards and Technology (NIST). Additionally, NIST required credential service providers (CSPs) not to use knowledge-based authentication (KBA) or security questions when choosing passwords. Other notable recommendations include that "Passwords should be of a minimum of 15 characters", and "CSPs should allow ASCII and Unicode characters to be included in passwords". Further information
2024-09-26 Automattic blocks WP Engine’s access to WordPress resources WordPress.org has banned WP Engine from accessing its resources and stopped delivering plugin updates to websites hosted on the platform, urging impacted users to choose other hosting providers. The open-source project claims that the move comes in response to WP Engine's alteration of a WordPress core feature for its own profit and its blocking of the dashboard's news widget on thousands of sites to prevent criticism of its actions from reaching users. The move, which is the latest in a conflict that has erupted between the two entities, essentially leaves thousands of end-users without security updates and, by extension, millions of internet users exposed to potential hacks. Further information
2024-09-26 U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech The U.S. Department of Commerce (DoC) said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People's Republic of China (PRC) and Russia. "These are the critical systems that, through specific hardware and software, allow for external connectivity and autonomous driving capabilities in connected vehicles." The agency said nefarious access to such systems could enable adversaries to harvest sensitive data and remotely manipulate cars on American roads. Further information
2024-09-20 GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging The GSM Association (GSMA), the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it's working towards implementing end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems. RCS, an improvement over the current SMS standard, is currently not end-to-end encrypted out of the box, prompting Google to implement the Signal protocol to secure RCS conversations on Android. The development comes a day after Apple officially rolled out iOS 18 with support for RCS in its Messages app, which comes with advanced features like message reactions, typing indications, read receipts, and high-quality media sharing, among others. Further information
2024-09-20 Microsoft Vows to Prevent Future CrowdStrike-Like Outages Microsoft has announced plans to provide new security capabilities designed to prevent IT outages like the CrowdStrike incident in July. The developments will build on security investments Microsoft has made in Windows 11, enabling more security capabilities for solution providers outside of kernel mode. The tech giant acknowledged that its customers and ecosystem partners want it to provide these additional capabilities to ensure they can continue to operate during future events. Further information
2024-09-13 Irish National Cyber Security Bill 2024 On 24 July 2024, the government gave its approval to the priority drafting of the National Cyber Security Bill 2024. The bill is the legislative vehicle for the transposition of the Network and Information Security Directive EU 2022/2555 (NIS2 Directive). National Competent Authorities (NCAs) have been designated for overseeing the implementation of the Directive and enforcement within each sector. The Minister also has the ability via secondary legislation to designate additional authorities as required. There are penalties for non-compliance with the Directive, including the power to restrict company CEOs and Directors and other senior managers from their positions in Essential and Important Entities where there has been a non-compliance with this act. There is also a power for an NCA, who issues a license to an entity to operate their business in the State, to suspend that license until there is a compliance with the provisions in the Directive. Further information
2024-09-13 UK Recognizes Data Centers as Critical National Infrastructure Data centers in the UK will be elevated to critical national infrastructure (CNI) alongside energy and water systems. This decision, announced on September 12 by the UK Technology Secretary Peter Kyle, aims to better protect UK data from cyber-attacks and prevent major IT blackouts. A dedicated CNI data infrastructure team of senior government officials will be set up to monitor and anticipate potential threats, provide prioritized access to security agencies including the UK National Cyber Security Centre (NCSC), and coordinate access to emergency services should an incident occur. Further information
2024-09-13 Open Source Updates Have 75% Chance of Breaking Apps Nearly all (95%) version upgrades of open source software contain at least one breaking change that causes other components to fail, with patches having a 75% chance of causing a break, according to Endor Labs. Endor Labs also identified another major challenge for end-users of buggy open source software – delays in the publication of vital information on vulnerabilities. The security vendor revealed the findings in its third annual Dependency Management Report, which is based on Endor Labs vulnerability and customer data, information in the Open Source Vulnerabilities (OSV) database and Java ARchives (JARs) related to the top 15 open source dependencies. Further information
2024-09-06 Warnings about Russian Military cyber unit The UK National Cybersecurity Center warns of the threat posed by the GRU 161st Specialist Training Center (Unit 29155). Their key tactic is to exploit unpatched systems with default user names and passwords. The UK NCSC re-iterates its advise to ensure all devices are appropriately patched and default usernames and passwords are changed or disabled - see https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a for details Further information
2024-09-06 The business of cyberattacks Article by Maor Shwartz about how the cyber attack industry emerged from a community between 2012 and 2022; addresses how a defence in depth impacts the economics of cyber attacks, and highlights the links between governments and attackers. Further information
2024-08-30 WhatsApp Scam Alert The Irish National Cybersecurity Center has released advice to prevent users being scammed via a WhatsApp account takeover attack. Never share verification or authentication codes with third parties. Further information
2024-08-30 Cyber Incident Reporting Guidance The US Cybersecurity and Infrastructure Agency has published new guidance on how and what to report on a cyber incident. The guidance complements their new voluntary reporting portal which aims to help the CISA better understand the real world cyber threat landscape. Further information
2024-08-30 Windows IPv6 vulnerability Proof of concept code has been released which exploits the Windows vulnerability in processing IPv6 packets. The flaw allows remote code execution (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063). A work around of disabling IPv6 prevents the exploit; Microsoft has released a security patch to resolve the issue on Aug 13th. Further information
2024-08-23 Bring your Own Vulnerable Device North Korean hacking group Lazarus exploited a zero day flaw in Windows AFD.sys device driver (Ancillary Function Driver for Winsock) to enable root kit access to machines. The flaw allows kernel level access thus avoiding detection by security software. Microsoft patched the issue on the 13 August 2024. Further information
2024-08-23 Cyber Resilience Audit Framework The UK's National Cybersecurity Center invites provides to sign up to the Cyber Resilience Audit Framework. The framework provides assurance that an organisation is (A) Managing Security Risk (B) Protecting against cyber attacks (C) Detecting cyber security events (D) Minimising the impact of cyber security incidents in an appropriate manner. Further information
2024-08-23 Phishing test causes health panic Santa Cruz university simulated test phishing campaign, to raise awareness of techniques used by hackers to steal credentials, triggered a public health scare. Based on an actual captured phishing message, the campaign claimed that a staff member had contracted Ebola, and asked recipients of the email to log on to a contact tracing portal. The UCSC Student Health Center was forced to publish a notice to re-assure students that the Ebola virus was not live on campus. Further information
2024-08-15 UN cybercrime treaty sparks global concern over privacy rights A special UN committee is expected to present a new treaty this week aimed at combating cybercrime. However, while the treaty seeks to address a worthy goal, it also grants governments extensive surveillance powers that may encroach on human rights and freedom of expression. The ongoing disagreements led to compromises in the treaty's language, resulting in vague and broad descriptions. The latest draft, agreed upon in May, has been so controversial that a coalition of 22 governmental and civil organizations globally called on governments to reject the treaty in its current form. Even the UN is concerned about the treaty. In a letter distributed ahead of the current round of discussions, the Office of the UN High Commissioner for Human Rights (OHCHR) highlighted significant shortcomings in the treaty's text, noting that many provisions fail to meet international human rights standards. Further information
2024-08-15 NIST Formalizes World's First Post-Quantum Cryptography Standards Quantum computers are predicted to develop to a stage where they can break existing encryption algorithms in the next five to 10 years, leaving all digital information exposed. The new NIST standards are designed to help organizations transition to quantum-secure encryption before the ‘Q-Day’ event occurs. Additionally, while Q-Day may still be some years away, Richard Marty, Chief Technology Officer at LGT Financial Services, emphasized that making the transition to quantum-secure cryptography should be done as soon as possible. This is due to the risk of “harvest now, decrypt later” attacks, whereby threat actors steal encrypted data with a view to decrypting it later on once quantum computers are ready. The standards contain the encryption algorithms’ computer code, instructions for how to implement them and their intended uses. The algorithms are all available for immediate use. Further information
2024-08-15 Microsoft Reveals Iranian US Election Interference Ops “This recent cyber-enabled influence activity arises from a combination of actors which are conducting initial cyber-reconnaissance and seeding online personas and websites into the information space,” it warned. “Looking forward, we expect Iranian actors will employ cyber-attacks against institutions and candidates while simultaneously intensifying their efforts to amplify existing divisive issues within the US, like racial tensions, economic disparities, and gender-related issues.” The “Sefid Flood” actor has been preparing the ground for influence operations since March. It specializes in impersonating activist groups and may even try to intimidate, dox or incite violence against political figures Further information
2024-08-08 Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net William Moody, IT security consultant at Certitude, blogged today about how First Contact Safety Tip – a banner displayed in Outlook when a user receives a message from an address that typically doesn't contact them – can be hidden (mostly) using CSS style tags. Because the First Contact Safety Tip is added to the HTML code of an email before the message content, all a phisher would have to do is craft an email solely in HTML, changing the banner's background and font both to white, and the banner is no longer visible. "We determined your finding is valid but does not meet our bar for immediate servicing considering this is mainly applicable for phishing attacks," Microsoft responded. Further information
2024-08-08 U.S. Releases High-Profile Russian Hackers in Diplomatic Prisoner Exchange Two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country. Seleznev, also known by the aliases Track2, Bulba, and nCux, was sentenced in 2017 to 27 years in prison for payment card fraud, causing nearly $170 million in damages to small businesses and financial institutions in the U.S. He was subsequently handed another 14-year jail term for his role in a $50 million cyber fraud ring and for defrauding banks of $9 million through a hacking scheme. The other Russian national going home is Klyushin, the owner of security penetration testing firm M-13 who was sentenced in the U.S. last September for stealing confidential financial information from U.S. companies in a $93 million insider-trading scheme. Further information
2024-08-08 Crowdstrike: Delta Air Lines refused free help to resolve IT outage Delta's outages lasted for five days as the company attempted to restore servers, leaving airline passengers stranded as thousands of flights were disrupted. CrowdStrike's CEO personally reached out to Delta's CEO to offer onsite assistance, but received no response. CrowdStrike followed up with Delta on the offer for onsite support and was told that the onsite resources were not needed." CrowdStrike also questioned why Delta's competitors, who faced similar challenges, could restore operations quicker, implicating that faulty procedures and infrastructure were partly responsible for the airline's lengthy outages. Further information
2024-08-01 Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. App-bound encryption is an improvement over DPAPI in that it interweaves an app's identity (i.e., Chrome in this case) into encrypted data to prevent another app on the system from accessing it when decryption is attempted. "Because the app-bound service is running with system privileges, attackers need to do more than just coax a user into running a malicious app," Harris said. "Now, the malware has to gain system privileges, or inject code into Chrome, something that legitimate software shouldn't be doing." Further information
2024-08-01 Despite Bans, AI Code Tools Widespread in Organizations Organizations are concerned about security threats stemming from developers using AI, according to a new Checkmarx report. The cloud-native application security provider found that 15% of organizations explicitly prohibit the use of AI tools for code generation, however 99% say that AI code-generating tools are being used regardless. Meanwhile, just 29% of organizations have established any form of governance for the use of generative AI. Further information
2024-08-01 DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation (DCV). "Before issuing a certificate to a customer, DigiCert validates the customer's control or ownership over the domain name for which they are requesting a certificate using one of several methods approved by the CA/Browser Forum (CABF)," it said. Further information
2024-07-25 North Korean Hackers Targeted Cybersecurity Firm KnowBe4 with Fake IT Worker Cybersecurity awareness training company KnowBe4 has revealed it was duped into hiring a fake IT worker from North Korea, resulting in attempted insider threat activity. The case demonstrates North Korea’s ongoing efforts to get fake workers employed in IT roles in Western companies, both as a means of generating revenue for the Democratic People’s Republic of Korea (DPRK) government and to conduct malicious cyber intrusions. KnowBe4 advertised for a software engineer role within its internal IT AI team and received a resume from an individual using a valid but stolen US-based identity. The picture provided on the application was AI ‘enhanced.’ Four video conference interviews were conducted on separate occasions, confirming the individual matched the photo provided on their application. Further information
2024-07-25 Microsoft's EU agreement means it will be hard to avoid CrowdStrike-like calamities in the future CrowdStrike's buggy software update and its kernel-level access to Windows lethally combined to cause the massive outage. The Microsoft-EU agreement states that the former must make the Windows Client and Server operating system APIs that its security software, like Microsoft Defender for Endpoint uses, available to other developers. This agreement with the European Commission resulted in a freer market for security products and prevented Microsoft from gaining a monopoly on antivirus and other security suites. Further information
2024-07-25 CrowdStrike Shares How a Rapid Response Content Update Caused Global Outage The issue impacted 8.5 million Windows devices globally. All Windows hosts running sensor version 7.11 and above that were online between Friday, July 19, 2024, 04:09 UTC and Friday, July 19, 2024, 05:27 UTC and received the update were affected. Crowdstrike uses InterProcessCommunication (IPC) Template Types to detect novel attack techniques. On July 19, two IPC Template Instances were deployed. One of these instances passed validation despite containing problematic content data. However, when the instances were received by the sensor and loaded into the Content Interpreter, the problematic content in Channel File 291 resulted in an out-of-bounds memory read triggering an exception. CrowdStrike said it plans to roll out improvements to its Rapid Response Content testing processes to prevent similar issues occurring in the future. Further information
2024-07-18 Malicious npm Packages Found Using Image Files to Hide Backdoor Code Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They contained sophisticated command and control functionality hidden in image files that would be executed during package installation," software supply chain security firm Phylum said in an analysis. Further information
2024-07-18 PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It was publicly disclosed in early June 2024. "CVE-2024-4577 is a flaw that allows an attacker to escape the command line and pass arguments to be interpreted directly by PHP," Akamai researchers Kyle Lefton, Allen West, and Sam Tinklenberg said in a Wednesday analysis. "The vulnerability itself lies in how Unicode characters are converted into ASCII." Further information
2024-07-18 Attackers Exploit URL Protections to Disguise Phishing Links Cybercriminals are abusing legitimate URL protection services to disguise malicious phishing links, Barracuda researchers have revealed. URL protection services are designed to protect users from visiting malicious websites via a phishing link. Whenever a URL is included in an email, the service will copy it, rewrite it, then embed the original URL within the rewritten one. If the email recipient clicks on this “wrapped” link, an email security scan of the original URL is triggered. If the scan is clear, the user is redirected to the URL. If not, they are blocked from entering the original URL. Further information
2024-07-11 Europol says Home Routing mobile encryption feature aids criminals Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement’s ability to intercept communications during criminal investigations. The agency has previously highlighted in its Digital Challenges series that law enforcement problem of end-to-end encryption on communication platforms is a hurdle when it comes to collecting admissible evidence. Home Routing is a system in telecommunication services that allows customers to route traffic (calls, messages, internet data) through their home network even when traveling abroad. Further information
2024-07-11 Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability Security researchers have uncovered a critical vulnerability, CVE-2024-38021, affecting most Microsoft Outlook applications. This zero-click remote code execution (RCE) vulnerability, now patched by Microsoft, did not require any authentication, setting it apart from the previously discovered CVE-2024-30103, which required at least an NTLM token. If exploited, CVE-2024-38021 could lead to data breaches, unauthorized access and other malicious activities. Microsoft has rated this vulnerability as "Important" and noted a distinction between trusted and untrusted senders. Further information
2024-07-11 Apple Removes VPN Apps from Russian App Store Amid Government Pressure Apple removed a number of virtual private network (VPN) apps in Russia from its App Store on July 4, 2024, following a request by Russia's state communications watchdog Roskomnadzor, Russian news media reported. "This event marks a significant step in Roskomnadzor's ongoing efforts to control internet access and content within Russian territory," Le VPN said. The development is part of a series of censorship moves Kremlin has announced since the start of the Russo-Ukrainian war in February 2022 that has resulted in the blockade of several media outlets as well as social media apps such as Facebook, Instagram, and X. Further information
2024-07-04 Meta’s ‘Pay or Consent’ Data Model Breaches EU Law The EU Commission has informed Meta that its ‘pay or consent’ model breaches EU law as it does not allow users to freely consent to their personal data being collected for advertising purposes. The Commission’s preliminary view is that the tech giant’s new approach is not compliant with Article 5(2) of the Digital Markets Act (DMA). This article requires gatekeepers to seek users' consent for combining their personal data between designated core platform services and other services. If a user refuses such consent, they should have access to a less personalized but equivalent alternative. Use of the service or certain functionalities cannot be made conditional on users’ consent. Further information
2024-07-04 Google to Block Entrust Certificates in Chrome Starting November 2024 Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted [certificate authority] owner," Google's Chrome security team said. To that end, the tech giant said it intends to no longer trust TLS server authentication certificates from Entrust starting with Chrome browser versions 127 and higher by default. However, it said that these settings can be overridden by Chrome users and enterprise customers should they wish to do so. Further information
2024-07-04 New regreSSHion OpenSSH RCE bug gives root on Linux servers A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. The flaw, discovered by researchers at Qualys in May 2024, and assigned the identifier CVE-2024-6387, is due to a signal handler race condition in sshd that allows unauthenticated remote attackers to execute arbitrary code as root. Exploitation of regreSSHion can have severe consequences for the targeted servers, potentially leading to complete system takeover. Further information
2024-06-27 Biden bans Kaspersky antivirus software in US over security concerns This ban not only involves the sale of Kaspersky products but also prevents the company from delivering antivirus and security updates to customers, making it critical for customers to provide alternative software by the end of September. While Kaspersky has denied any ties to the Russian government, the US government feels that due to the Russian government's cyber capabilities and ability to influence Kaspersky's operations, there was no way to mitigate the risk without a total ban on the company's services in the USA. Starting at midnight ET on July 20, 2024, Kaspersky is banned from entering into any new agreements with a US person of business. This includes any software or white- labelled product from the company. Further information
2024-06-27 UK Nuclear Site Pleads Guilty to Historic Cybersecurity Offenses The organization managing the world’s largest stockpile of plutonium has pleaded guilty to all criminal charges, in a first-of-its-kind case related to historic cybersecurity failings. A spokesman from the UK's Office for Nuclear Regulation (ONR) acknowledged the plea in a brief statement, but also confirmed Sellafield’s assertion that it wasn’t hacked, as per previous media reports. The charges relate to offenses spanning a four-year period (2019-23), when strict cybersecurity regulations “were not sufficiently adhered to,” according to lawyers acting for Sellafield. Further information
2024-06-27 Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. Polyfill is a popular library that incorporates support for modern functions in web browsers. Earlier this February, concerns were raised following its purchase by China-based content delivery network (CDN) company Funnull. The original creator of the project, Andrew Betts, urged website owners to immediately remove it, adding "no website today requires any of the polyfills in the polyfill[.]io library" and that "most features added to the web platform are quickly adopted by all major browsers". Further information
2024-06-18 Microsoft delays Windows Recall amid privacy and security concerns Microsoft is delaying the release of its AI-powered Windows Recall feature to test and secure it further before releasing it in a public preview on Copilot+ PCs. This update comes on the same day as a scathing report from ProPublica about how Microsoft put revenue above security and Microsoft President Brad Smith's meeting with the US Congress to discuss the company's recent security failures. The new AI-powered feature takes screenshots of every active window on your PC every couple of seconds. These screenshots are then analyzed by an Azure AI model that runs on the device to pull information from the image and add it to a SQLite database. Further information
2024-06-18 Meta Pauses AI Training on EU User Data Amid Privacy Concerns Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). At issue is Meta's plan to use personal data to train its artificial intelligence (AI) models without seeking users' explicit consent, instead relying on the legal basis of 'Legitimate Interests' for processing first and third- party data in the region. These changes were expected to come into effect on June 26, before when the company said users could opt out of having their data used by submitting a request "if they wish." Meta is already utilizing user-generated content to train its AI in other markets such as the U.S. Further information
2024-06-18 VMware Discloses Critical Vulnerabilities, Urges Immediate Remediation VMware has disclosed critical vulnerabilities impacting its VMware vSphere and VMware Cloud Foundation products, urging customers to immediately install updates containing patches. The issues are in the VMware vCenter Server, which is present in the affected products. The vulnerabilities are memory management and corruption flaws, potentially leading to remote code execution. Further information
2024-06-14 June is Internet Safety Month Since 2005, the US has designated June as National Internet Safety Month. This year is it pushing four simple things to do to ensure your safety online: 1. Use "strong" passwords - 16 characters random and unique to each account 2. Use multifactor Authentication (MFA) 3. Update software 4. Recognise and report phishing Further information
2024-06-14 Microsoft Exchange 2023 Attack The Cyber Safety Review Board found a cascade of avoidable errors allowed Beijing's Storm-0558 tens of thousands of sensitive emails from Microsoft Exchange. Key findings include a failure to manage key rotation and expiry correctly and an absence of logs and other forensic data to investigate the intrusion. Microsoft president Brad Smith has committed the equivalent of 34,000 engineers working full time to remediate the security shortcomings within Microsoft products. Further information
2024-06-14 Purple team strategies In cybersecurity, blue team defends, red team attacks; and purple team becomes the Roy Keane midfield general type combining both attack and defence. One strategy for making the purple team's efforts more effective is to develop standardised, tool-independent workflows that centralise and manage the sharing of detection rules. Further information
2024-06-04 Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. "From April to December 2023, BlueDelta deployed Headlace malware in three distinct phases using geofencing techniques to target networks throughout Europe with a heavy focus on Ukraine," Recorded Future's Insikt Group said. "BlueDelta's espionage activities reflect a broader strategy aimed at gathering intelligence on entities with military significance to Russia in the context of its ongoing aggression against Ukraine." Further information
2024-06-04 US-Led Operation Takes Down World’s Largest Botnet A US-led law enforcement operation has successfully disrupted the 911 S5 botnet, believed to be the world’s largest ever botnet. The 911 S5 botnet is a global network of millions of compromised residential Windows computers used to facilitate cyber-attacks, large scale fraud, child exploitation and other serious criminal activity. The US Department of Justice (DoJ) also announced the arrest of a Chinese national, YunHe Wang, 35, on charges relating to the creation and operation of 911 S5. Further information
2024-06-04 Russian indicted for selling access to US corporate networks A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "initial access broker" from February 2019 to May 2024. An initial access broker (IAB) is a threat actor who breaches corporate networks and then sells that access to other threat actors, who commonly use the access to conduct data theft or ransomware attacks. For now, the suspect hasn't been arrested, and given that he is based in Russia, it seems unlikely that he will ever be unless he leaves the country. Further information
2024-05-28 Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search The Microsoft outage started at approximately 3 AM EDT and seems to have primarily affected users in Asia and Europe. While Microsoft has yet to comment on the outage, OpenAI confirmed issues with ChatGPT internet search in an update on its support page. Further information
2024-05-28 National Records of Scotland Data Breached in NHS Cyber-Attack National Records of Scotland (NRS) has revealed that sensitive personal data it holds was accessed and published as a result of the ransomware attack on NHS Dumfries and Galloway. The NRS data was part of 3TB of data published by cybercriminals on the dark web on May 6. Less than 50 people have had information taken about them that is considered to have the potential to put them at risk of harm. These individuals have been contacted by the NRS. Further information
2024-05-28 PSNI Faces £750,000 Data Breach Fine After Spreadsheet Leak The Police Service of Northern Ireland (PSNI) would have faced a crippling fine of £5.6m for a serious data breach last year had the regulator not adopted a new policy towards public sector bodies, according to the Information Commissioner’s Office (ICO). The data protection watchdog instead today issued a fine of £750,000 to the PSNI for failing to protect highly sensitive information on its workforce. In a much-publicized incident last year, human error led to the publication online of a spreadsheet containing the surname, initials, rank and role of all 9483 serving PSNI officers and staff. Crucially, this included the details of individuals working in sensitive areas like surveillance and intelligence – raising concerns over the safety of officers and their families. Further information
2024-05-22 Microsoft to start enforcing Azure multi-factor authentication in July Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout for CLI, PowerShell, and Terraform. Redmond says customers will also receive additional information via email and official notifications before the MFA enforcement. Further information
2024-05-22 UK Government in £8.5m Bid to Tackle AI Cyber-Threats The UK has promised £8.5m ($10.8m) to fund new AI safety research designed to tackle cyber-threats including deepfakes. Announced by technology secretary Michelle Donelan at the AI Seoul Summit today, the research grants will focus on “systemic AI safety” – that is, understanding how better to protect society from AI risks and harness the technology’s benefits. The UK’s National Cyber Security Centre (NCSC) warned in January that malicious AI use will “almost certainly” lead to an increase in the volume and impact of cyber-attacks over the next two years, particularly ransomware. Further information
2024-05-22 Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. Zoom's post-quantum E2EE uses Kyber-768, which aims at security roughly equivalent to AES-192. Kyber was chosen by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) in July 2022 as the quantum-resistant cryptographic algorithm for general encryption. However, for post-quantum E2EE to be enabled by default, it requires all meeting participants to be on Zoom desktop or mobile app version 6.0.10 or higher. In the event some of the participants don't meet this minimum version requirement, standard E2EE will be used. Further information
2024-05-15 NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stalled A recent rise in software vulnerability exploits has come as the US National Vulnerability Database (NVD), the world’s most comprehensive vulnerability database, experiences its most significant crisis in history. After experiencing a vulnerability enrichment slowdown in mid-February 2024, experts working in software security have told Infosecurity that the database run by the US National Institute of Standards and Technology (NIST) stopped showing new vulnerabilities since May 9. Infosecurity has contacted NIST about the alleged CVE uploading halt. A NIST spokesperson denied any disruption in vulnerability processing. The issues were due to the NVD migrating to the new CVE JSON format. Further information
2024-05-15 RSAC: Researchers Share Lessons from the World's First AI Security Incident Response Team The AISIRT was developed in collaboration between Carnegie Mellon University and CERT Division's partner network. It became partly operational after it first launched in August 2023 and has been fully operational since October 2023.It is focused on identifying, understanding, and mitigating ‘vulnerabilities’ for AI systems that are of interest to and used by defense and national security organizations. It consists of four main components: an AI incident response element, an AI vulnerability discovery toolset, an AI vulnerability management framework, and an AI situational awareness service. Further information
2024-05-15 Cybersec chiefs team up with insurers to say 'no' to ransomware The coalition consists of the NCSC, the Association of British Insurers (ABI), the British Insurance Brokers' Association (BIBA), and the International Underwriting Association (IUA). Their guidance book, released today, provides detailed advice on how organizations can avoid paying ransoms. It does not provide a step-by-step guide on remediating ransomware attacks but rather offers a collection of approaches to consider before making a payment. "The NCSC does not encourage, endorse, or condone paying ransoms, and it's a dangerous misconception that doing so will make an incident go away or free victims of any future headaches," said Oswald. "In fact, every ransom that is paid signals to criminals that these attacks bear fruit and are worth doing. Further information
2024-05-09 Microsoft rolls out passkey auth for personal Microsoft accounts Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. Microsoft "consumer accounts" refer to personal accounts for accessing Microsoft services and products such as Windows, Office, 365, Outlook, One Drive, Copilot, and Xbox Live. Microsoft announced the new support for passkeys as part of World Password Day to increase security against phishing attacks, aiming to eliminate passwords altogether in the future. Further information
2024-05-09 Android Flaw Affected Apps With 4 Billion Installs Microsoft’s research team has unearthed a concerning vulnerability pattern in numerous popular Android applications, posing significant security risks to billions of users worldwide. The identified vulnerability pattern, linked to path traversal, enables a malicious application to manipulate files within the vulnerable app’s home directory. The impact of this vulnerability reportedly extended to several widely used applications found on the Google Play Store, with over four billion installations collectively. Further information
2024-05-09 Google Announces Passkeys Adopted by Over 400 Million Accounts "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google, said. The search giant notes that passkeys are already used for authentication on Google Accounts more often than legacy forms of two-factor authentication, such as SMS one-time passwords (OTPs) and app based OTPs combined. In addition, the company said it's expanding Cross-Account Protection, which alerts of suspicious events with third-party apps and services connected to a user's Google Account, to include more apps and services. Further information
2024-05-01 Smart gadgets: Tougher rules for sellers of internet-enabled devices in the UK It is designed to ensure there is better security around devices such as baby monitors, televisions and speakers that are linked to the internet. The new law has 3 requirements: stronger passwords, clarity around bug reporting, and clear information for customers on how long the device will receive support such as software updates. Sarah Lyons, from the National Cyber Security Centre, said firms making the products needed to take responsibility. Further information
2024-05-01 Google Chrome's new post-quantum cryptography may break TLS connections Some ​Google Chrome users report having issues connecting to websites, servers, and firewalls after Chrome 124 was released last week with the new quantum-resistant X25519Kyber768 encapsulation mechanism enabled by default. Google started testing the post-quantum secure TLS key encapsulation mechanism in August and has now enabled it in the latest Chrome version for all users. "This protects users' traffic from so-called 'store now decrypt later' attacks, in which a future quantum computer could decrypt encrypted traffic recorded today." Further information
2024-05-01 US Government Releases New Resources Against AI Threats These resources include guidelines designed to mitigate AI risks to critical infrastructure and a report focusing on AI misuse in the development and production of chemical, biological, radiological and nuclear (CBRN). Last week, the establishment of the Artificial Intelligence Safety and Security Board was announced. This board comprises technology and critical infrastructure executives, civil rights leaders, academics and policymakers, among others, aiming to advance responsible AI development and deployment. In addition, DHS collaborated with its Countering Weapons of Mass Destruction Office (CWMD) to analyse the risk of AI misuse in CBRN threat development. Further information
2024-04-23 GitHub comments abused to push malware via Microsoft repo URLs A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most of the malware activity has been based around the Microsoft GitHub URLs, this "flaw" could be abused with any public repository on GitHub, allowing threat actors to create very convincing lures. Yesterday, McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repositories for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg, and the STL library. Further information
2024-04-23 US Government and OpenSSF Partner on New SBOM Management Tool The Open Source Security Foundation (OpenSSF), in collaboration with the US government, has launched a new tool to simplify Software Bill of Materials (SBOMs) management for organizations. Protobom, the new open source software tool, will help all organizations read and generate SBOMs and file data, as well as translate this data across standard industry SBOM formats. It is designed to be integrated into applications that link SBOM information with external records of vulnerabilities and severity information from trusted sources. Therefore, it can provide system administrators and software development communities with information on available patches and mitigations for particular pieces of software. Further information
2024-04-23 German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies Thomas R. is believed to have acted as an agent for China's Ministry of State Security (MSS), gathering information about innovative technologies in Germany that could be used for military purposes. The defendant also sought the help of a married couple, Herwig F. and Ina F., who run a Düsseldorf-based business that established connections with the scientific and research community in Germany. This materialized in the form of an agreement with an unnamed German university to conduct a study for an unnamed Chinese contractor regarding the operation of high-performance marine engines for use on combat ships. Further information
2024-04-17 PuTTY SSH client flaw allows recovery of cryptographic private keys A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. The developers fixed the vulnerability in PuTTY version 0.81, which abandons the previous k-generation method and switches to the RFC 6979 technique for all DSA and ECDSA keys. However, it is noted that any P521 private keys generated using the vulnerable version of the tool should be considered unsafe and replaced by new, secure keys. Further information
2024-04-17 AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in the form of environment variables, which can be collected by adversaries when published by tools such as GitHub Actions," security researcher Roi Nisimi said in a report shared with The Hacker News. Amazon and Google consider this to be expected behavior, requiring that organizations take steps to avoid storing secrets in environment variables and instead use a dedicated secrets store service like AWS Secrets Manager or Google Cloud Secret Manager. Further information
2024-04-17 Open Source Leaders Warn of XZ Utils-Like Takeover Attempts The Open Source Security (OpenSSF) and OpenJS Foundations have called on open source maintainers to look out for takeover attempts, after spotting multiple social engineering attacks reminiscent of the recent xz Utils campaign. This set alarm bells ringing at the foundation as it drew strong parallels with a similar social engineering tactic employed by ‘Jia Tan’ – the malicious maintainer believed to be responsible for the recently disclosed xz Utils/liblzma backdoor. “Most open source projects are incredibly underfunded and run by a single or small group of maintainers, so utilizing social engineering attacks on them isn’t surprising and given how vulnerable the ecosystem is and the pressures maintainers are under, they will likely welcome the help in many cases,” Further information
2024-04-11 US Federal Data Privacy Law Introduced by Legislators A bipartisan US federal data protection law has been drafted by two US lawmakers, aiming to codify and enforce privacy rights for all US citizens. The national law aims give US citizens greater control over their personal data, limiting the ability of big tech firms to process, transfer and sell such information. It also mandates stronger cybersecurity standards for organizations to protect personal data they hold from being hacked or stolen, giving enforcement powers to the Federal Trade Commission (FTC), States and individuals for any violations. Further information
2024-04-11 Global taxi software vendor exposes details of nearly 300K across UK and Ireland Taxi software iCabbi recently fixed an issue that exposed the personal information of nearly 300,000 individuals via an unprotected database. The names, email addresses, phone numbers, and user IDs of the 287,961 affected individuals in the UK and Ireland were all exposed online. A number of former UK Members of Parliament (MPs), as well as one senior policy advisor and one EU ambassador, were caught up in the data exposure. Further information
2024-04-11 China Using AI-Generated Content to Sow Division in US, Microsoft Finds China-affiliated threat actors are ramping up the use of AI to influence and sow division in the US and other countries, according to a new report by the Microsoft Threat Analysis Center (MTAC). The researchers highlighted how Chinese Communist Party (CCP)-affiliated actors are publishing AI-generated content on social media to amplify controversial domestic issues and criticize the current administration in the US. In one example, the group Storm-1376, which specializes in influence operations, spread conspiratorial narratives about the Hawaii wildfires in August 2023 across multiple social media platforms. Further information
2024-04-04 Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed.
The malicious backdoor code is said to have been deliberately introduced by one of the project maintainers named Jia Tan in what appears to be a meticulous attack spanning multiple years.
"This is clearly a very complex state-sponsored operation with impressive sophistication and multi-year planning," firmware security company Binarly said.
Further information
2024-04-04 Deepfake Expert Henry Ajder to Keynote Infosecurity Europe 2024 on AI Challenges AIs role is no longer theoretical or a small segment, but a critical part of the threat and defence innovation landscape.
Infosecurity Group have also recently published its 2024 Cybersecurity Trends report which explored the current use of AI within organisations, expectations for future use and the risks that it presents.
Despite the pressing threat of cyber-attacks, a the survey revealed that 54% of organizations plan to integrate AI into their cybersecurity strategies within the next year, demonstrating optimism about its potential benefits.
Further information
2024-04-04 New Chrome feature aims to stop hackers from using stolen cookies Google announced a new Chrome security feature called 'Device Bound Session Credentials' that ties cookies to a specific device, blocking hackers from stealing and using them to hijack users' accounts.
After enabling DBSC, the authentication process is linked to a specific new public/private key pair generated using your device's Trusted Platform Module (TPM) chip that can't be exfiltrated and is securely stored on your device, so even if an attacker steals your cookies, they won't be able to access your accounts.
While still in the prototype phase, according to this estimated timeline shared by Google, you can test DBSC by going to chrome://flags/ and enabling the "enable-bound-session-credentials" dedicated flag on Windows, Linux, and macOS Chromium-based web browsers.
Further information
2024-03-27 Security Leaders Acknowledge API Security Gaps Despite Looming Threat Jay Coley, Senior Security Architect at Fastly, commented: decision-makers know that increased reliance on APIs creates a risk of serious cyberattacks. But so far they are not doing enough about it.
58% anticipate that generative AI will have a large or very large impact on API security over a window of approximately 2-3 years.
Only 14% of companies surveyed regarded the use of AI technologies in API security as a priority.
Further information
2024-03-27 Over 800 npm Packages Found with Discrepancies, 18 Exploit 'Manifest Confusion' New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion.
The findings come from cybersecurity firm JFrog, which said the issue could be exploited by threat actors to trick developers into running malicious code.
"It's an actual threat since developers may be tricked into downloading packages that look innocent, but whose hidden dependencies are actually malicious," security researcher Andrey Polkovnichenko told The Hacker News.
Further information
2024-03-27 Microsoft to shut down 50 cloud services for Russian businesses Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December.
It has been clarified that the invalidation of licenses impacts Russian companies and organizations engaging in architecture, design, construction, manufacturing, media, education and entertainment, building information modeling (BIM), computer-aided design (CAD), and computer-aided manufacturing (CAM).
However, no plans to restrict access to individuals were announced, so the products are assumed to remain available to regular users.
Further information
2024-03-20 Is TikTok really a danger to the West? China has attacked a bill going through US Congress that could ultimately see TikTok banned in the States, calling it unjust.
The overall picture is one of theoretical fears - and theoretical risk. But a US ban on TikTok could have a huge impact on the platform, since typically US allies often fall in step with such decisions.
It is worth noting, of course, that these risks are a one-way street. China does not have to worry about US apps because access for Chinese citizens has been blocked for many years.
Further information
2024-03-20 Google Introduces Enhanced Real-Time URL Protection for Chrome Users Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites.
"The Standard protection mode for Chrome on desktop and iOS will check sites against Google's server-side list of known bad sites in real-time," Google's Jonathan Li and Jasika Bawa said.
"If we suspect a site poses a risk to you or your device, you'll see a warning with more information. By checking sites in real time, we expect to block 25% more phishing attempts."
Further information
2024-03-20 APIs Drive the Majority of Internet Traffic and Cybercriminals are Taking Advantage Imperva, a Thales company, found that the majority of internet traffic (71%) in 2023 was API calls.
Despite best efforts to adopt shift-left frameworks and SDLC processes, APIs are often still pushed into production before they're cataloged, authenticated, or audited.
In their report, Imperva concludes that APIs are now a common attack vector for cybercriminals because they're a direct pathway to access sensitive data.
Further information
2024-03-13 Former Google Engineer Charged With Stealing AI Secrets A Chinese national who used to work at Google has been charged with stealing intellectual property from the tech giant connected to its work on artificial intelligence (AI).
The indictment claimed that between May 2022 and May 2023, he began secretly uploading IP to a personal Google Cloud account amassing over 500 files containing confidential information.
Todays charges are the latest illustration of the lengths affiliates of companies based in the Peoples Republic of China are willing to go to steal American innovation, said FBI director Christopher Wray.
Further information
2024-03-13 Microsoft says Windows 10 21H2 support is ending in June Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service.
The Windows 10 2022 Update (aka Windows 10 22H2) reached broad deployment in November 2022 and is now rolling out to all users through Windows Update.
"To help keep you protected and productive, Windows Update will automatically initiate a feature update for Windows 10 consumer devices and non-managed business devices that are at, or within several months of reaching end of servicing," Microsoft said.
Further information
2024-03-13 MiTM phishing attack can let attackers unlock and steal a Tesla Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them.
The researchers reported their findings to Tesla saying that linking a car to a new phone lacks proper authentication security. However, the car maker determined the report to be out of scope.
The researchers argue that requiring a physical Tesla Card Key when adding a new Phone Key would improve security by adding an authentication layer for the new phone.
Further information
2024-03-06 EU Agrees 'Cyber Solidarity Act' to Bolster Incident Response and Recovery The European Union (EU) has agreed new rules to strengthen cyber incident response and recovery across member states, which has been dubbed the cyber solidarity act.
This includes the establishment of an EU-wide cybersecurity alert system, designed to rapidly share information on cyber-threats throughout the region.
Alongside the cyber solidarity act, the EU Council and Parliament have also agreed on a targeted amendment to the 2019 Cybersecurity Act. This amendment plans to establish European certification schemes for managed security services.
Further information
2024-03-06 US Sanctions Predator Spyware Maker Intellexa The US government has announced further action against commercial spyware makers by sanctioning two people and five entities associated with the Intellexa Consortium.
Intellexa is the umbrella organization for multiple companies based in Greece, Ireland, Hungary and beyond. Its North Macedonian Cytrox business is responsible for developing prolific spyware known as Predator, which is still being widely used by repressive regimes to eavesdrop on journalists, dissidents, politicians and others.
Like other variants such as the NSO Groups Pegasus, Predator uses zero-click exploits that require no user interaction for it to infect a device.
Further information
2024-03-06 Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems.
"The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," JetBrains said in an advisory released Monday.
The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.
Further information
2024-02-28 Microsoft expands free logging capabilities after May breach Microsoft has expanded free logging capabilities for all Purview Audit standard customers, including U.S. federal agencies, six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023.
"Beginning this month, expanded logging will be available to all agencies using Microsoft Purview Audit regardless of license tier," a press release reads.
"Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days. Also, this data will provide new telemetry to help more federal agencies meet logging requirements mandated by OMB Memorandum M-21-31."
Further information
2024-02-28 Most Commercial Code Contains High-Risk Open Source Bugs Three-quarters (74%) of commercial codebases contain open source components featuring high-risk vulnerabilities, according to a new study from Synopsys.
The report revealed that most (80%) of the open source vulnerabilities recorded most frequently are classified as improper neutralisation weaknesses (CWE-707) a vulnerability type which includes various forms of cross-site scripting.
91% of codebases contained components that were 10 or more versions out of date, while the mean age of open source vulnerabilities discovered was over 2.5 years old. Nearly a quarter of codebases contained vulnerabilities more than 10 years old.
Further information
2024-02-28 FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking.
In addition, the company has been banned from selling or licensing any web browsing data for advertising purposes. It will also have to notify users whose browsing data was sold to third-parties without their consent.
What's more, data buyers could associate non-personally identifiable information with Avast users' browsing information, allowing other companies to track and associate users and their browsing histories with other information they already had.
Further information
2024-02-21 Google Warns Unfair AI Rules Could Empower Hackers, Harming Defense Google has called for a balanced regulatory approach to AI in order to avoid a future where attackers can innovate but defenders are stifled by law.
The whitepaper details a policy agenda that is designed to reverse the defenders dilemma a concept that describes the inherent advantages of being a cyber-attacker, over defender. It argues that international collaboration can shape AI to benefit defenders, rather than attackers.
The EU is currently progressing AI regulation with the development of the AI Act, which is set to be the first comprehensive AI law globally.
Further information
2024-02-21 New Gold Pickaxe Android, iOS malware steals your face for fraud A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access.
It is essential to clarify that while GoldPickaxe can steal images from iOS and Android phones showing the victim's face and trick the users into disclosing their face on video through social engineering, the malware does not hijack Face ID data or exploit any vulnerability on the two mobile OSes.
Group-IB says its analysts observed attacks primarily targeting the Asia-Pacific region, mainly Thailand and Vietnam. However, the techniques employed could be effective globally, and there's a danger of them getting adopted by other malware strains.
Further information
2024-02-21 Google Open Sources Magika: AI-Powered File Identification Tool Google has announced that it's open-sourcing Magika, an artificial intelligence (AI)-powered tool to identify file types, to help defenders accurately detect binary and textual file types.
"Magika outperforms conventional file identification methods providing an overall 30% accuracy boost and up to 95% higher precision on traditionally hard to identify, but potentially problematic content such as VBA, JavaScript, and Powershell," the company said.
Google said it internally uses Magika at scale to help improve users' safety by routing Gmail, Drive, and Safe Browsing files to the proper security and content policy scanners.
Further information
2024-02-14 US Warns of Destructive Chinese Cyber-Attacks The US and its allies have sounded the alarm over Chinese state hackers, claiming theyre ready to launch destructive attacks on multiple critical infrastructure (CNI) sectors in the event of a military conflict.
The advisory comes from multiple agencies including the FBI, NSA and CISA, and international partners like the UKs National Cyber Security Centre (NCSC). It said that Chinese threat group Volt Typhoon has positioned itself in sectors including communications, energy, transportation, and water and wastewater.
The [Peoples Republic of China (PRC)] cyber threat is not theoretical: leveraging information from our government and industry partners, CISA teams have found and eradicated Volt Typhoon intrusions into critical infrastructure across multiple sectors. And what weve found to date is likely the tip of the iceberg, she argued.
Further information
2024-02-14 China Targets US Hacking Ops in Media Offensive China has escalated its media campaign alleging US hacking operations, following condemnation from the US, UK and EU in July 2021 over Chinese cyber activities.
Until 2023, these allegations lacked substantive technical analysis, primarily relying on recycled US intelligence documents. However, the narrative shifted in mid-2023, with China reportedly dropping the pretense of technical validation and relying solely on state media to disseminate accusations.
China's media campaign underscores a broader geopolitical struggle, shaping global perceptions of US cyber activities while highlighting Chinas stance on cyber sovereignty.
Further information
2024-02-14 Ransomware attack forces 100 Romanian hospitals to go offline 100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare management system.
The Hipocrate Information System (HIS) used by hospitals to manage medical activity and patient data was targeted and is now offline after its database was encrypted.
While 25 hospitals have already been confirmed to have had their data encrypted by the attackers, 75 other healthcare facilities using HIS have also taken their systems offline as a precautionary measure while the incident is investigated.
Further information
2024-02-01 EU Launches First Cybersecurity Certification for Digital Products The European Cybersecurity Scheme on Common Criteria (EUCC) was drafted by the European Union Agency for Cybersecurity (ENISA) in coordination with member states.
The EUCC will allow ICT suppliers to go through an EU commonly understood assessment process to demonstrate cybersecurity assurance for digital products such as technological components, hardware and software.
The announcement from the EU follows a raft of legislative activity in cybersecurity from the supranational body. In December 2023, it reached agreement on the Cyber Resilience Act (CRA), which aims to introduce security requirements for connected device manufacturers within the Union.
Further information
2024-02-01 Ransomware Incidents Hit Record High, But Law Enforcement Takedowns Slow Growth Ransomware incidents surged by 68% in 2023 to reach a record high, according to new data from Corvus Insurance. However, law enforcement takedowns are having an impact on the prolific nature of ransomware gangs.
Corvus believes this trend is linked to the fracturing of well-known ransomware groups that leaked their proprietary encryptors on the dark web, making them available to new actors.
Corvus expect this trend to continue in 2024, with ransomware actors regularly shifting and rebranding in the face of growing operations by law enforcement.
Further information
2024-02-01 UK House of Lords Calls For Legislation on Facial Recognition Tech The UK parliaments upper chamber has said it is deeply concerned about unaccountable police use of live facial recognition (LFR) tech and called on the government to legislate.
In 2020, the Court of Appeal ruled that South Wales Police had acted unlawfully in its use of LFR, breaching the privacy rights of defendant Ed Bridges. However, Hamwee argued that too many police forces are still using the technology and incorrectly referencing the ruling as a legal basis for their pilots.
We believe that, as well as a clear, and clearly understood, legal foundation, there should be a legislative framework, authorised by parliament for the regulation of the deployment of LFR technology.
Further information
2024-01-24 Data Privacy Week: Lack of Understanding, Underfunding Threaten Data Privacy and Compliance A lack of understanding combined with budgetary squeezes are significant obstacles for organization's navigating data privacy and compliance with data protection laws, according to industry body ISACA.
In The State of Data Privacy in 2024 report, ISACA found that over half (57%) of cyber professionals are not confident in their organization's privacy teams ability to ensure data privacy and achieve compliance with new privacy laws and regulations.
The poor training or complete lack of was also cited as a common reason for privacy failures, followed by a lack of privacy by design implementation and data breaches.
Further information
2024-01-24 New Cybersecurity Governance Code Puts Cyber Risks on Boardroom Agenda The UK government has published a new Code of Practice on cybersecurity governance, targeting directors and other senior business leaders.
The code highlights a number of areas business leaders should focus on to enhance their cybersecurity governance practices.
In the US, new rules from the Securities and Exchange Commission (SEC) requires publicly-listed companies to describe the board of directors oversight of risks from cyber threats.
Further information
2024-01-24 Russian hackers stole Microsoft corporate emails in month-long breach Microsoft has warned that some of its corporate email accounts were breached and data stolen by a Russian state-sponsored hacking group known as Midnight Blizzard.
Microsoft says the threat actors breached their systems in November 2023 when they conducted a password spray attack to access a legacy non-production test tenant account.
Unless the threat actors used this test account to breach systems and pivot to accounts with higher permissions, it is unclear why a non-production test account would have the permissions to access other accounts in Microsoft's corporate email system.
Further information
2024-01-17 Only 4% of US States Fully Prepared for Cyber-Attacks Targeting Elections Under 4% of US states are fully prepared to detect and recover from election-targeted cybersecurity incidents, according to research by Arctic Wolf.
The survey of state and local government leaders across the US found that 14.3% of states were not at all prepared to deal with such incidents, with 42.9% only somewhat prepared ahead of the 2024 US election cycle, which includes Presidential and other state and local elections.
The top two election cybersecurity threats identified were disinformation campaigns (50.7%) and phishing attacks targeting election officials or staff (47.1%). By deploying AI-driven bots or deepfake technologies, malicious actors can flood online spaces with misleading narratives, fabricated stories, and manipulated media, they added.
Further information
2024-01-17 CISA: Critical SharePoint bug actively exploited A critical Microsoft SharePoint server bug that can form part of a remote code execution (RCE) exploit chain has been added to the Cybersecurity and Infrastructure Security Agencys (CISAs) Known Exploited Vulnerabilities (KEV) Catalog.
It was patched by Microsoft in June last year. The flaw allows attackers to use spoofed JSON web tokens (JWTs) to gain Administrator privileges on the SharePoint host.
While CISAs decision to add the bug to the KEV Catalog is based on evidence of active exploitation, the agency did not elaborate on what that evidence was.
Further information
2024-01-17 UK NCSC Publishes Practical Security Guidance For SMBs The UK NCSC said its Using online services safely guide is specifically aimed at organizations that may not have access to dedicated IT and support staff.
The guide contains 10 pages of simple, practical advice, ranging from choosing the right service and backing up data to domain name security, creating and securing user/admin accounts and defending them from malware. Theres also guidance on how to use the built-in security features of popular cloud services and recover a hacked account or service following an attack.
Smaller organizations are increasingly dependent on cloud or online services, especially as many staff now work from home part or all of the time following the pandemic.
Further information
2024-01-10 Over 100 European Banks Face Cyber Resilience Test The EUs central bank will conduct its first ever cyber resilience stress test on 109 directly supervised banks in 2024. This test will focus on the banks ability to respond to a successful cyber-attack, rather than their ability to prevent it.
The announcement follows an ECB evaluation of banks management of IT risk published in November 2023, which found there was little progress in IT risk management in the sector.
It found serious supervisory concerns that confirm the need to continue on-site inspections in conjunction with tailored discussions between banks and supervisors.
Further information
2024-01-10 Hackers hijack government and business accounts on X for crypto scams Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers.
A recent high-profile case is the X account of cyber threat intelligence company Mandiant, a Google subsidiary, which was hijacked yesterday to distribute a fake airdrop that emptied cryptocurrency wallets.
Other recently affected accounts include Canadian senator Amina Gerba and Brazilian politician Ubiratan Sanderson.
Further information
2024-01-10 Russia Spies on Kyiv Defenses via Hacked Cameras Before Missile Strikes Russian intelligence hacked online surveillance cameras to spy on air defence activities and critical infrastructure in Kyiv ahead of recent missile strikes, the Security Service of Ukraine (SSU) has revealed.
This likely includes the large-scale missile attack that took place on Tuesday January 2, 2024, in which Russia fired around 100 drones and missiles against Kyiv and Kharkiv.
One of the webcams was located on a balcony of a residential building, which locals used to monitor the surrounding area. The second online camera was located at a separate residential building in Kyiv, which was used by residents to monitor the adjacent car park.
Further information
2023-12-12 Irish water plant was hit with a cyber attack Cybercriminals caused upheaval for 180 homeowners on a private group water scheme in the Erris area last week as their equipment was targeted in a politically motivated cyber-attack.
Residents on the Binghamstown/Drum scheme were without their water supply on Thursday and Friday after the extraordinary incident as crews worked to repair the Eurotronics Israeli-made water pumping system.
The hackers stated the equipment was targeted due to the fact it originated in Israel.
The group has been attacking similar infrastructure around the globe.
Further information
2023-12-12 PSNI data breach Almost 200 officers are seeking ill-health retirement from the Police Service of Northern Ireland (PSNI), as it deals with the fall-out of a major data breach, a Westminster committee has heard.
The Police Federation, which represents most ranks, said a further 50 officers have applied to work in Australia.
The report made 37 recommendations for improving data security, after details on all 9,500 employees were released in error in response to a Freedom of Information request in August.
"I have spoken to 29 officers who have gone and bought doorbell cameras," said Supt Gerry Murray, chair of the Catholic Police Guild of Northern Ireland.
Officers are to be given £500 to install security systems at their homes.
Further information
2023-12-12 Warning As 1Password, DashLane, LastPass And 3 Others Leak Passwords Android autofill function leaves users vulnerable to what's referred to as "AutoSpill". The AutoSpill vulnerability enables hackers to bypass the security mechanisms protecting the autofill functionality on Android devices, exposing credentials to the host app calling for them. This vulnerability is present in six of the most popular password managers.
The very aptly named AutoSpill vulnerability exists when an Android app calls for a login page using WebView. This pre-installed, default, Google component enables Android apps to display web content.
App developers have their apps show web content in this way, within WebView, so executing a separate web browser isnt required. Instead, the autofill function kicks in and requests the login credentials in question.
What should happen is the credentials are automatically inserted into the login field for the page that is being loaded. Where it becomes very concerning for most Android phone users, those credentials can also be shared with the host app itself.
This common scenario, the researchers said, includes examples such as in-app opening of hyperlinks in Skype or Gmail mobile apps., as well as the Login with Apple/Facebook/Google button for user authentication within a third-party mobile app.
Further information
2023-11-22 Use of AI in scams have been increasing It's been pointed out that there is an increasing need for users to do their due diligence before believing what they see or hear online as AI has been used to doctor videos to imitate celebrity faces and voices in a bit to make scams more believable.
One such story comes from techxplore.com where they write about the likeness of CNN's Wolf Blitzer endorsing a diabetes drug. Another of "CBS Mornings" host Gayle King seems to endorse weight loss products.
"I've never heard of this product or used it! Please don't be fooled by these AI videos," King said on Instagram in October.
Further information
2023-11-22 Morgan Stanley Fined $6.5 Million for Exposing Customer Information Through negligent internal data security practices, the multinational investment bank and financial services company potentially exposed the personal information of millions of customers, the Florida Attorney Generals Office says.
As part of the agreement, in addition to paying $6.5 million to the states of Florida, Connecticut, Indiana, New Jersey, New York, and Vermont, Morgan Stanley was ordered to improve the security of personal information.
The agreement can be viewed at https://www.myfloridalegal.com/sites/default/files/2023-11/executed-morgan-stanley-avc-florida.pdf
Further information
2023-11-22 Commercial aircraft navigation systems compromised by spoofing attacks Hacking commercial aircraft to cause complete navigation failures sounds like something you'd only see in movies, but an unknown group has been carrying out spoofing attacks on flights over the Middle East for weeks now. In one incident, a business jet almost strayed into Iranian airspace without clearance.
In September, OPSGROUP, an 8,000-strong international group of pilots, dispatchers, schedulers, controllers, and flight technicians, began highlighting incidents in which commercial aircraft in the Middle Eastern region received spoofed GPS navigation signals. These attacks also impacted the fallback navigation systems, resulting in total failure.
There have been more than 50 incidents in the last five weeks, centred around Baghdad, Cairo, and Tel Aviv.
Further information
2023-11-08 Microsoft is killing off three Windows services because of security concerns. Microsoft is dropping three of their services over security risks, the services being dropped are "Computer Browser", "Webclient (WebDAV)" "Remote Mailslots". These services are dated with other modern options existing if there being used by anyone considerations should be made to determine a replacement before it's to late. Further information
2023-11-08 Okta hit by third-party data breach exposing employee information. Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached.
Okta a San Fransisco-based cloud identity and access management solutions provider whose Single Sign-On (SSO), multi-factor authentication (MFA), and API access management services are used by thousands of organizations worldwide.
Information exposed Full names, Social Security Numbers (SSNs), Health or Medical Insurance plan number.
Further information
2023-11-08 Security researchers observed deliberate takedown of notorious Mozi botnet. Security researchers say they have observed what they believe is a takedown of the notorious Mozi botnet that infiltrated more than a million Internet of Things devices worldwide.
Mozi is a peer-to-peer Internet of Things botnet that exploits weak telnet passwords and known exploits to hijack home routers and digital video recorders. The botnet, first discovered in 2019 by 360 Netlab, uses masses of these hijacked devices to launch DDoS attacks, payload execution, and data exfiltration.
Ivan Beina, a senior malware researcher at ESET, tells TechCrunch that the company was monitoring approximately 1,200 unique devices daily worldwide before this.
ESET says its analysis of the kill switch, which showed a strong connection between the botnets original source code and recently used binaries, indicates a deliberate and calculated takedown. The researchers say that this suggests the takedown was likely carried out by the original Mozi botnet creator or Chinese law enforcement, perhaps enlisting or forcing the cooperation of the botnet operators.
Further information
2023-10-24 EU Elections at Risk with Rise of AI-Enabled Information Manipulation The 11th edition of the Threat Landscape of the European Union Agency for Cybersecurity (ENISA) highlights the disruptive impacts of AI chatbots and AI-enabled manipulation of information. Further information
2023-10-24 Simple passwords are still an issue for Irish citizens according to Cork-based organisation Cyber Skills. Irish people are being urged to stop using easily guessed passwords such as 123456, password and Liverpool. According to research from Cork-based organisation Cyber Skills and the security website HaveIBeenPwned.com, 123456 remains the most guessable passwords in the world, appearing in more than 37 million breached accounts, according to security records searched by HaveIBeenPwned.com.
The password password appears in 9.7 million breached documents, while Liverpool turns up 448,000 times.
Other commonly used, easily guessable passwords include 111111 (4.8 million times), f***you (808,000 times) and letmein (340,000 times).
It comes after garda´┐¢ again said that they should not be held responsible for a major data breach that left thousands of drivers personal information, as well as a number of confidential documents related to car accidents, towing incidents and seizures, exposed online.
You can use the site https://haveibeenpwned.com/to check if any of your accounts have been leaked in any public breaches.
Further information
2023-10-24 Google Chrome's new "IP Protection" will hide users' IP addresses. Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers.
Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to strike a balance between ensuring users' privacy and the essential functionalities of the web.
IP addresses allow websites and online services to track activities across websites, thereby facilitating the creation of persistent user profiles. This poses significant privacy concerns as, unlike third-party cookies, users currently lack a direct way to evade such covert tracking.
Further information
2023-10-18 How hackers piled onto the Israeli-Hamas conflict Low-level cyberattacks are becoming a major feature of the war between Israel and Hamas, and the attacks could ramp up in intensity.
Hackers sympathetic to Hamas are working to make the Israel-Gaza conflict the next front of cyberwarfare.
Hacking groups with links to countries including Iran and Russia have launched a series of cyberattacks and online campaigns against Israel over the past week, some that may have even occurred in the runup to the Oct. 7 strikes by Hamas.
On Telegram, hacking teams claimed they compromised websites, the Israeli electric grid, a rocket alert app and the Iron Dome missile defence system. At least one Israeli newspaper, The Jerusalem Post, acknowledged hackers took down its site temporarily.
Further information
2023-10-18 Equifax Fined $13.5 Million Over 2017 Data Breach Roughly 147 million people were impacted by the incident, including 13.8 million UK consumers, after hackers gained access to Equifax servers in the US. In 2020, the US government indicted four members of Chinas Peoples Liberation Army (PLA) with hacking the credit reporting agency.
The cyberattack began on May 13, 2017, and remained undetected until July 29, 2017. Equifax made an announcement on the incident roughly a month and a half later, on September 7. The FCA launched a formal investigation into the incident in October 2017.
According to the regulator, Equifax Ltd failed to manage and monitor the security of UK consumer data it had outsourced to its parent company based in the US, leading to the exposure of names, addresses, phone numbers, dates of birth, Equifax membership login details, and partial credit card details.
Further information
2023-10-18 Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security.
"The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos."
IAKerb enables clients to authenticate with Kerberos across a diverse range of network topologies. The second feature, a local Key Distribution Center (KDC) for Kerberos, extends Kerberos support to local accounts.
Further information
2023-10-10 NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations 1. Default configurations of software and applications
2. Improper separation of user/administrator privilege
3. Insufficient internal network monitoring
4. Lack of network segmentation
5. Poor patch management
6. Bypass of system access controls
7. Weak or misconfigured multifactor authentication (MFA) methods
8. Insufficient access control lists (ACLs) on network shares and services
9. Poor credential hygiene
10. Unrestricted code execution
Further information
2023-10-10 QR code phishing attacks on the rise. Police in Northern Ireland have warned organizations in the province to be on their guard after issuing a new Crime Prevention Notice on quishing, or phishing via QR code.
The advantage of these attacks is that it's more likely that someone won't have antivirus or antispam software running on their smart device's i.e. smart phones or tablets.
https://www.infosecurity-magazine.com/news/police-issue-quishing-email-warning/
Quishing on the rise: How to prevent QR code phishing | TechTarget
Threat researchers have found evidence of large-scale quishing activity. Here's what users and organizations should know about email-based QR code phishing.
www.techtarget.com
Further information
2023-10-10 HTTP/2 Rapid Reset Zero-Day Exploited to Launch Largest DDoS Attacks in History One of the attacks seen by Cloudflare was three times larger than the record-breaking 71 million requests per second (RPS) attack reported by company in February. Specifically, the HTTP/2 Rapid Reset DDoS campaign peaked at 201 million RPS.
In Googles case, the company observed a DDoS attack that peaked at 398 million RPS, more than seven times the largest attack the internet giant had previously seen.
Amazon saw over a dozen HTTP/2 Rapid Reset attacks over the course of two days in late August, with the largest peaking at 155 million RPS.
The new attack method abuses an HTTP/2 feature called stream cancellation, by repeatedly sending a request and immediately cancelling it.
Further information
2023-10-04 Android security update Be sure to update any Android devices you own as Google have identified and patched 54 unique vulnerabilities. Some of these vulnerabilities have been reported to have been used by attackers.
Of the 54 fixes concerning Android 11 through 13, five are rated critical, and two concern remote code execution problems.
Further information
2023-10-04 WebP exploit Update you applications as there has been a severe vulnerability with applications using WebP CVE-2023-4863 it was original given a rating of 10 and later reduced to 8.8.
WebP is a modern image format used by a multitude of software, originally taught to just affect web browsers the vulnerability is within the libwebp library and any application using the libwebp library could be affected.
There is no list of applications that are affected, currently its recommended to keep applications updated and to turn off image preview within applications.
Further information
2023-10-04 Currently there are two vulnerabilities affecting Apple devices. Apple has released security updates that address two new vulnerabilities CVE-2023-41064 and CVE2023-41061 that affect ImageIO and Wallet respectively. Exploitation of these vulnerabilities could result in arbitrary code execution. At time of reporting Apple is aware of a report that these vulnerabilities may have been actively exploited in the wild.
Products Affected
macOS Monterey 12.6.8 and below
macOS Big Sur 11.7.9 and below
macOS Ventura 13.5.1 and below iOS 16.6.0 and below
iPadOS 16.6.0 and below
watchOS 9.6.1 and below
Ensure that your devices have their updates applied.
Further information
2023-01-04 End of support for Windows 8.1 is close Organisations and users are reminded that support for the Microsoft operating system Windows 8.1 will end on 10 January 2023. When support ends, a vendor no longer releases updates. Running out-of-support operating systems presents a real security threat. Microsoft also recently confirmed that, for this reason, its browser Edge version 109 and WebView2 Runtime version 109 to be released on 12 January 2023 will be the last versions to support Windows 8.1, as well as Windows 7 and 8. Google had already announced it would end support for its Chrome browser on Windows 7, Windows 8/8.1 in February 2023. Further information
2023-01-04 Researchers offer supply chain lessons to remember Researchers at Jscrambler, an application security company, have described how attackers took advantage of an old domain and code to launch supply chain attacks over many years. In 2010 a company called Cockpit offered a free service for analytics and marketing. E-commerce sites using the service incorporated the third-party JavaScript code into their sites. But when Cockpit ended the service four years later, many companies using it never removed the code from their sites. Cyber criminals took control of the now unused domain and where the code was still in place, input their own code to monitor data inputs, and even added additional data fields onto webpages to ask for personal data. Once on victim networks, the attackers were then able to steal customer data and tailor their malware to facilitate further attacks. You can read Jscramblers cautionary tale on their website, but its an important reminder to check your logs and any web-based supply-chain links you may be using. Further information
2023-01-04 Irish Regulators Fine Facebook 390 Million for Forcing Users to Accept Targeted Ads The Irish Data Protection Commission (DPC) has fined Meta Platforms 390 million (roughly $414 million) over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. Further information
2022-12-19 Meta Takes Down Over 200 Covert Influence Operations Since 2017 The deceptive networks originated from 68 countries and operated in at least 42 languages. Only a third solely targeted audiences outside of their own countries, with the majority focusing on people in their own borders. Tactics ranged from writing spammy comments to running fictitious cross-platform media entities that hired real journalists to write for them. In September 2022, Meta revealed it closed down two significant but unconnected disinformation operations originating in China and Russia, which attempted to influence public opinion in Western countries. Further information
2022-12-19 Ex-Twitter employee Gets 3.5 Years Jail for Spying on Behalf of Saudi Arabia A former Twitter employee who was found guilty of spying on behalf of Saudi Arabia by sharing data pertaining to specific individuals has been sentenced to three-and-a-half years in prison. Ahmad Abouammo, 45, was convicted earlier this August on various criminal counts, including money laundering, fraud, falsifying records, and being an illegal agent of a foreign government. The development comes as Peiter "Mudge" Zatko, Twitter's former head of security, blew the whistle on serious security failings at the company, in addition to alleging that Chinese and Indian governments had forced the firm to hire one of their agents, and likely had access to sensitive user data. Further information
2022-12-12 Last Pass share information about a recent security incident Last Pass have shared details about a recent security incident with a cloud storage company in their supply chain that has enabled an unauthorised party to access customer information. Customers passwords have not been accessed and remain encrypted. This incident followed a security incident in August. Last Pass released details of that incident and have since provided an update following their investigation. Further information
2022-12-12 Software Supply Chain Attacks Leveraging Open-Sources Repos Growing After an exponential increase in supply chain attacks between 2020 and early 2022, businesses saw a slower but steady rise throughout 2022, according to a report from ReversingLabs. ReversingLabs based their research on the number of malicious packages uploaded on open-source repositories such as npm, PyPi and Ruby Gems. Further information
2022-12-12 Indirect Dependencies Account for 95% of Bugs Nearly all (95%) open source vulnerabilities are found in transitive or indirect dependencies, according to a new report from Endor Labs that highlights the challenges of remediation in these environments. Open source is increasingly favored by developers as a way to accelerate time to market. However, only a small (5%) number of these so-called software dependencies are actually chosen by DevOps teams. Most are automatically pulled into the codebase known as transitive/indirect dependencies. Further information
2022-12-12 Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor's offices and courts. "Although it disguises itself as a ransomware and extorts money from the victim for 'decrypting' data, [it] does not actually encrypt, but purposefully destroys data in the affected system," Kaspersky researchers Fedor Sinitsyn and Janis Zinchenko said Further information
2022-12-12 Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. That's according to the BlackBerry Research and Intelligence Team, which analyzed a RAR archive file titled "Political Guidance for the new EU approach towards Russia.rar."
https://blogs.blackberry.com/en/2022/12/mustang-panda-uses-the-russian-ukrainian-war-to-attack-europe-and-asia-pacific-targets
2022-12-12 Microsoft warns of Russian cyberattacks throughout the winter Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter. Further information
2022-11-28 Microsoft report on attackers increasing use of token theft to bypass MFA The Microsoft Detection and Response Team (DART) has published a report which describes the increased use of token compromise and replay, to an identity that has already carried out multi-factor authentication (MFA). This effectively bypasses the MFA step, making it easier to carry out an attack. With it also comes an increase in adversary-in-the-middle techniques to steal tokens rather than passwords. The report describes in detail how the attacks work, and crucially how to mitigate and detect them. Here it recommends that organisations understand how their users are authenticating, and provides specific steps to manage staff using unmanaged devices on their networks. The NCSC also has guidance on enterprise authentication: Enterprise authentication and Authenticate and authorise everywhere. But Microsoft also emphasises the continued importance of MFA, which can still prevent the majority of attacks. The NCSC has guidance on MFA best practice for organisations: Multi-factor authentication for online services. Further information
2022-11-28 Irelands DPC Fines Meta 265m Following Large-Scale Data Leak Irelands Data Protection Commission (DPC) has issued Meta with a 265m ($275m) fine and a range of corrective measures under GDPR relating to a large-scale data breach that was uncovered in 2021. However, Chris McLellan, director of Operations at the non-profit body the Data Collaboration Alliance, argued that punishments of this nature will not solve data protection issues. Bottom line: If we want to get serious about data protection and data privacy, we need to think seriously about changing the way that we build apps. Further information
2022-11-21 Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware A threat actor has been found using Google Ads in one of its campaigns to distribute malware, including the recently discovered Royal ransomware. Further information
2022-11-21 Review of Electric Vehicle Charger Cybersecurity Vulnerabilities, Potential Impacts, and Defences This paper surveys publicly disclosed EVSE vulnerabilities, the impact of EV charger cyberattacks, and proposed security protections for EV charging technologies. Further information
2022-11-21 Electricity/Energy Cybersecurity: Trends & Survey Response TrendMicro digs deeper into each industry's challenges and present Trend Micro's recommendations. Further information
2022-11-14 Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. "Mobile surveillance tools like BadBazaar and MOONSHINE can be used to track many of the 'pre-criminal' activities, actions considered indicative of religious extremism or separatism by the authorities in Xinjiang," Lookout said in a detailed write-up of the operations. The findings come a little over a month after Check Point disclosed details of another long-standing surveillanceware operation aimed at the Turkic Muslim community that deployed a trojan named MobileOrder since at least 2015. Further information
2022-11-14 Dropbox blog: a phishing email that led to an attack The file-hosting service Dropbox has written publicly about a successful phish against them, which allowed an attacker to access a Dropbox GitHub account and copy some of Dropboxs code repositories. In the attack, legitimate-looking phishing emails sent to employees encouraged them to visit a fake login page, enter their credentials, and then use their hardware authentication key to pass a One Time Password (OTP) to the malicious site. When Dropbox became aware of the attack, they quickly took comprehensive remedial action to deal with it. Further information
2022-11-14 Microsoft Digital Defense Report 2022 Illuminating the threat landscape and empowering a digital defense.
https://www.microsoft.com/en-us/security/business/microsoft-digital-defense-report-2022
2022-11-07 OpenSSL Releases Patch for 2 High-Severity Vulnerabilities The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution.
https://thehackernews.com/2022/11/just-in-openssl-releases-patch-for-2.html
https://www.ncsc.gov.ie/pdfs/OpenSSL_021122.pdf
2022-11-07 Citrix urges admins to patch critical ADC, Gateway auth bypass Citrix is urging customers to install security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Under specific configurations, the three vulnerabilities can enable attackers to gain unauthorized access to the device, perform remote desktop takeover, or bypass the login brute force protection.
https://www.bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-critical-adc-gateway-auth-bypass/
2022-11-07 British govt is scanning all Internet devices hosted in UK The goal is to assess UK's vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture.
https://www.bleepingcomputer.com/news/security/british-govt-is-scanning-all-internet-devices-hosted-in-uk/
2022-11-07 Experts Find Urlscan Security Scanner Inadvertently Leaks Sensitive URLs and Data "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable,". Urlscan.io, which has been described as a sandbox for the web, is integrated into several security solutions via its API. Most major commercial and Open Source SOAR platforms come with integrations for urlscan.io built in. For example via a security tool that scans every incoming email and performs a urlscan on all links. Misconfigured security tools are submitting any link received via mail as a public scan to urlscan.io. Urlscan.io has urged users to "understand the different scan visibilities, review your own scans for non-public information, review your automated submission workflows, [and] enforce a maximum scan visibility for your account."
https://thehackernews.com/2022/11/experts-find-urlscan-security-scanner.html
2022-11-02 Google support for Chrome browser on Windows 7 and 8/8.1 to end in early 2023 Google has announced that from February 2023 it will no longer support Chrome running on Windows 7, Windows 8/8.1 and so no updates will be released. This is also a timely reminder that Microsoft support for Windows 7 and 8.1 ends in January 2023. Running out-of-support operating systems presents a real security threat.
2022-11-02 NCSC Alert Critical Vulnerabilities in VMware Cloud Foundation Platform VMware has released a software update that addresses CVE-2021-39144, a critical vulnerability in the VMware Cloud Foundation platform. The vulnerability is in the XStream open-source library that is used by VMware Cloud Foundation.
https://www.ncsc.gov.ie/pdfs/VMWare_CVE-2021-39144.pdf
2022-11-02 Threat Landscape Report - The 10 Years Edition In 2011 two things happened: CERT-EU was born and RSA, a renowned cybersecurity vendor, was hacked. CERT-EU has created a visual which summarises the major hacks each year since 2011. Further information
2022-11-02 UK Security Agency to Scan the Country for Bugs It will do this by probing any internet-accessible systems hosted in the country for known vulnerabilities, allowing the NCSC to understand how exposed these assets are and track remediation over time.
https://www.infosecurity-magazine.com/news/uk-security-agency-internet/
2022-11-02 Mobile Phishing Attacks on Government Staff Soar Phishing exposure means threat actors could steal credentials to hijack accounts to sensitive government data and systems, or install malware to eavesdrop on conversations and steal logins that way. Government employees use iOS, Android, and ChromeOS devices every day to stay productive and increase efficiency. This makes them targets for cyber-attackers because their devices are a treasure trove of data and a gateway to government infrastructure,.
https://www.infosecurity-magazine.com/news/mobile-phishing-attacks-government/
2022-11-02 CISA Publishes Multi-Factor Authentication Guidelines to Tackle Phishing The Cybersecurity and Infrastructure Security Agency (CISA) has published two fact sheets designed to highlight threats against accounts and systems using certain forms of multi-factor authentication (MFA).
https://www.infosecurity-magazine.com/news/cisa-mfa-guidelines-to-tackle/
https://www.cisa.gov/uscert/ncas/current-activity/2022/10/31/cisa-releases-guidance-phishing-resistant-and-numbers-matching
2022-11-02 GitHub Bug Exposed Repositories to Hijacking Security researchers have discovered a new flaw in GitHub which they say could have enabled attackers to take control of repositories and spread malware to related apps and code. Although GitHub has now fixed the bug in its popular repository namespace retirement feature, the same tool could be targeted by threat actors in the future, Checkmarx warned. In fact, a separate vulnerability in the same tool was exploited earlier this year, enabling hackers to hijack and poison popular PHP packages with millions of downloads.
https://www.infosecurity-magazine.com/news/github-bug-hackers-hijack/
2022-11-02 OpenSSL Security Advisory Downgraded to High Severity Two new vulnerabilities in popular open source library OpenSSL could theoretically cause remote code execution (RCE) and denial of service, although theyre less severe than anticipated. The developers downgraded the status of the much-anticipated software flaws from critical to high severity after additional analysis. However, organizations should still prioritize patching affected OpenSSL versions.
https://www.infosecurity-magazine.com/news/openssl-security-advisory/
2022-10-24 INTERPOL-led Operation Takes Down 'Black Axe' Cyber Crime Organization The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cybercrime syndicate called Black Axe. Further information
2022-10-24 Defenders beware: A case for post-ransomware investigations In this blog, we detail a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code. We will also discuss the various techniques used as well as the recommended detections and defence techniques that customers can use to increase protection against these types of attacks.
https://www.microsoft.com/en-us/security/blog/2022/10/18/defenders-beware-a-case-for-post-ransomware-investigations/
2022-10-24 Critical vulnerabilities in FortiOS, FortiSwitchManager and FortiProxy patched Fortinet has released a critical software update for FortiOS, FortiSwitchManager and FortiProxy, that addresses CVE-2022-40684, an authentication bypass on the administration interface. The security flaw could allow remote threat actors to perform operations on unpatched devices via specially crafted HTTP or HTTPS requests.
https://www.ncsc.gov.ie/pdfs/FortiOS_CVE-2022-40684.pdf
2022-10-24 UK NCSC CEO delivers international speech on securing the Internet of Things and smart cities Lindy Cameron outlined how the secure by design approach is vital for managing IoT risks at Singapore International Cyber Week.
https://www.ncsc.gov.uk/news/ncsc-ceo-delivers-international-speech-on-securing-the-internet-of-things-and-smart-cities
Lesson Learned: How SolarWinds Strengthened its Security Post-Incident
https://www.infosecurity-magazine.com/news/how-solarwinds-strengthened/
2022-10-17 UK spy chief to Warn of 'Huge' China Tech Threat Britain's GCHQ spy agency chief will warn Western countries Tuesday of the "huge threat" from China seeking to exploit its tech dominance to control its own citizens and gain influence abroad.
https://www.securityweek.com/uk-spy-chief-warn-huge-china-tech-threat
2022-10-17 Legal notices issued in the UK following Huawei consultation By the end of 2027, Huawei technology must be removed from the UKs 5G public networks. Following a consultation, legal documents have been issued to 35 UK telecoms network operators and has been based on guidance from the National Cyber Security Centre. In 2020, the NCSC published guidance relating to Huawei as well as a collection of content around 5G and the future of UK telecoms:
https://www.gov.uk/government/news/huawei-legal-notices-issued
https://www.ncsc.gov.uk/report/summary-of-ncsc-analysis-of-us-may-2020-sanction
https://www.ncsc.gov.uk/blog-post/a-different-future-for-telecoms-in-the-uk
https://www.ncsc.gov.uk/information/huawei-advice-what-you-need-to-know
https://www.ncsc.gov.uk/information/5g-explainer
2022-10-17 New NCSC guidance to support organisations to assess the supply chain risk The NCSC has published new guidance 'How to assess and gain confidence in your supply chain cyber security aimed at medium to large organisations. Supply chain attacks can result in devastating, expensive and long-term ramifications for affected organisations and their customers, and the guidance aims to help mitigate this. Further information
2022-10-17 Albania weighed invoking NATOs Article 5 over Iranian cyberattack Albanian Prime Minister Edi Rama talks about the recent massive cyberattacks on his nation and when an attack warrants a NATO response. The discussion inside the Albanian government over triggering Article Five underscores the ongoing debate as to whether a cyberattack will ever be serious enough to truly trigger a full-blown NATO collective defence response
https://www.politico.com/news/2022/10/05/why-albania-chose-not-to-pull-the-nato-trigger-after-cyberattack-00060347
2022-10-10 European Cyber Security Month 2022 October is European Cyber Security Month. The aim of Cyber Security Month is to raise awareness of cybersecurity threats, promote cyber security among citizens and organisations; and provide resources to protect themselves online, through education and sharing of good practices.
https://www.ncsc.gov.ie/ecsm22/
2022-10-10 ESET Threat Report T2 2022 A view of the T2 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.
https://www.welivesecurity.com/2022/10/05/eset-threat-report-t2-2022/
2022-10-10 Android leaks some traffic even when 'Always-on VPN' is enabled Mullvad VPN has discovered that Android leaks traffic every time the device connects to a WiFi network, even if the "Block connections without VPN," or "Always-on VPN," features is enabled. The data being leaked outside VPN tunnels includes source IP addresses, DNS lookups, HTTPS traffic, and likely also NTP traffic. This behavior is built into the Android operating system and is a design choice.
https://www.bleepingcomputer.com/news/google/android-leaks-some-traffic-even-when-always-on-vpn-is-enabled/
2022-10-04 EU Cyber Resilience Act proposed The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products. This proposal aims to protect consumers and businesses from products with inadequate security features. In addition to increasing the responsibility of manufacturers by obliging them to provide security support and software updates to address identified vulnerabilities, it will enable consumers to have sufficient information about the cybersecurity of the products they buy and use.
https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
2022-10-04 New hacking group Metador lurking in ISP networks for months A previously unknown threat actor that researchers have named 'Metador' has been breaching telecommunications, internet services providers (ISPs), and universities for about two years.
https://www.bleepingcomputer.com/news/security/new-hacking-group-metador-lurking-in-isp-networks-for-months/
2022-10-04 Meta busts first Chinese campaign targeting US midterms Russian cybercriminals were also caught targeting Europe with anti-Ukraine messages. Meta says it has disrupted a misinformation network targeting US political discourse ahead of the 2022 midterm elections and one that sought to influence public opinion in Europe about the conflict in Ukraine. Further information
2022-10-04 Microsoft confirms 2 new Exchange zero-day flaws being used in the wild Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation.
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
2022-09-12 Cyber Security in Healthcare: The Cost and Impact on Patient Safety and Care. The purpose of this research is to understand the cybersecurity threats targeting healthcare organisation and the cost of responding to attacks that can endanger patient safety and care delivery
https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-cyber-insecurity-healthcare-ponemon-report.pdf
2022-09-12 Meta Fined $400m in Ireland For Children's Privacy Breach Ireland's Data Protection Commission (DPC) has issued a fine of 405m ($402.2m) against social media site Instagram following an investigation into its handling of children's data. The fine was partially based on the fact Instagram had allowed children to run business accounts, which showed the account holder's phone number and email address, thus exposing the minors' data.
https://www.infosecurity-magazine.com/news/instagram-fine-dollar400m/
2022-09-12 Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.
https://thehackernews.com/2022/09/apple-releases-ios-and-macos-updates-to.html
2022-09-12 GIFShell attack creates reverse shell using Microsoft Teams GIFs A new attack technique called GIFShell allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using GIFs.
https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/
2022-09-12 Ransomware Campaigns Linked to Iranian Govt's Hackers Security researchers have linked multiple ransomware campaigns to DEV0270 (also known as Nemesis Kitten). The threat actor, widely considered a subgroup of Iranian actor PHOSPHORUS, conducts various malicious network operations on behalf of the Iranian government, according to a new writeup by Microsoft.
https://www.infosecurity-magazine.com/news/ransomware-iran-dev-0270-hackers/
2022-09-12 Chinese Hackers Target Government Officials in Europe, South America and Middle East A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. Further information
2022-09-12 China Accuses NSA's TAO Unit of Hacking its Military Research University China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi'an in June 2022.
https://thehackernews.com/2022/09/china-accuses-nsas-tao-unit-of-hacking.html
2022-09-12 North Korean Lazarus Hackers Targeting Energy Providers Around the World "The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary's nation-state," Cisco Talos said in a report.
https://thehackernews.com/2022/09/north-korean-lazarus-hackers-targeting.html
2022-09-05 Cybercriminals Apparently Involved in Russia-Linked Attack on NATO Memberstate Montenegro Montenegro has been targeted in a disruptive cyberattack blamed on Russian hackers, and a known ransomware group may have been involved. The countrys Agency for National Security announced last week that government servers had been targeted in an ongoing attack that was described as massive and coordinated.
https://www.securityweek.com/cybercriminals-apparently-involved-russia-linked-attack-montenegro-government
2022-09-05 US Police Deployed Obscure Smartphone Tracking Tool With No Warrants The tool, Fog Reveal, gave police offers the ability to search billions of records from 250 million mobile devices, which included homes and workplaces locations. From a technical standpoint, Fog Reveal relied upon advertising identification numbers gathered from popular smartphone apps that target ads based on a persons movements and interests. This data was gathered by these companies and then sold to Fog Reveal.
https://www.infosecurity-magazine.com/news/us-police-smartphone-tracking-tool/
2022-08-29 Greek natural gas operator suffers ransomware-related data breach Greece's largest natural gas distributor DESFA confirmed on Saturday that they suffered a limited scope data breach and IT system outage following a cyberattack
https://heimdalsecurity.com/blog/desfa-suffers-cyberattack-ragnar-locker-ransomware-claims-responsibility/
2022-08-29 Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network.
https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/
2022-08-29 Over 80,000 exploitable Hikvision cameras exposed online Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server. Further information
2022-08-29 Remote Command Execution via Github import Gitlab have released details of a critical remote command execution vulnerability which affects GitLab Community Edition (CE) and Enterprise Edition (EE).
https://www.ncsc.gov.ie/pdfs/GitlabVulnerability-26082022.pdf
2022-08-29 LastPass Hackers Stole Source Code Password management giant LastPass has revealed details of a security incident earlier this month in which proprietary information was stolen by threat actors. The firm, which claims to have over 33 million global users including more than 100,000 business accounts, said the intrusion took place two weeks ago. LastPass was at pains to point out that it has no evidence that customer data or encrypted password vaults were accessed in the breach, which was confined to the developer environment.
https://thehackernews.com/2022/08/hackers-breach-lastpass-developer.html
2022-08-22 A stepbystep guide to enjoy LinkedIn safely LinkedIn is one of the most common avenues of attack for scammers. Here you can find a guide on how to tweak your LinkedIn settings to enjoy the platform with enhanced privacy.
https://www.welivesecurity.com/2022/08/18/guide-enjoy-linkedin-safely/
2022-08-22 Patches released for Apple and Google Chrome vulnerabilities Users should be aware that Google and Apple have released security updates to fix vulnerabilities affecting their respective products. Apples two vulnerabilities include a remote code execution vulnerability in its WebKit software, as well as a kernel vulnerability. Meanwhile, Google has released a standard update for its Chrome browser with eleven updates, but includes a fix for a vulnerability. Further information is available from both Apple and Google security pages.
https://support.apple.com/en-us/HT201222
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
2022-08-22 Global Threat Landscape Report This report looks back on the cyber threat landscape of the first half of 2022 using sensors monitored by FortiGuard Labs.
https://www.fortinet.com/content/dam/maindam/PUBLIC/02_MARKETING/08_Report/report-2022-H1-threat-landscape.pdf
2022-08-15 Garda´┐¢ and NCSC warn of increased ransomware attacks on SMEs The National Cyber Security Centre and the Garda National Cyber Crime Bureau are warning small and medium business owners of an increased threat of ransomware attacks.
https://www.rte.ie/news/2022/0811/1315293-cybersecurity/
2022-08-15 Cisco Confirms Network Breach Via Hacked Employee Google Account Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employees Google account. A Cisco employees credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victims browser were being synchronized. With credentials in their possession, attackers then used a multitude of techniques to bypass the multifactor authentication tied to the VPN client. Efforts included voice phishing and a type of attack called MFA fatigue. Cisco Talos describes the MFA fatigue attack technique as the process of sending a high volume of push requests to the targets mobile device until the user accepts, either accidentally or simply to attempt to silence the repeated push notifications they are receiving.
https://threatpost.com/cisco-network-breach-google/180385/
2022-08-08 Google urges Android partners to apply latest security patches Google has detailed their latest patches for Android systems in their monthly security bulletin. Among the 37 flagged vulnerabilities in the August bulletin is a critical security flaw that could lead to remote code execution via Bluetooth with no additional execution privileges required. The flaw has been patched on Android 10, 11, 12, and 12L and Google advises users running earlier versions to check and update their Android version as soon as they can.
The bulletin lists other high severity issues, many of which could lead to disclosure of sensitive information and/or privilege escalation. Google has encouraged all Android partners to fix the issues listed and bundle them together in a single update for users. Installing the latest software and app updates as soon as they are available helps keep devices safe from online threats.
https://source.android.com/security/bulletin/2022-08-01
2022-08-08 Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws Seventeen of the 121 vulnerabilities fixed in Tuesday's update are classified as 'Critical' as they allow remote code execution or elevation of privileges. Further information
2022-08-08 VirusTotal Reveals Most Impersonated Software in Malware Attacks Skype, Adobe Acrobat, and VLC were the top three legitimate applications that were mimicked. WhatsApp, Instagram and Amazon were the top three most mimicked websites by using a similar website icon.
https://thehackernews.com/2022/08/virustotal-reveals-most-impersonated.html
https://blog.virustotal.com/2022/08/deception-at-scale.html
2022-08-03 EU warns of Russian cyberattack spillover, escalation risks The Council of the European Union (EU) said today that Russian hackers and hacker groups increasingly attacking "essential" organizations worldwide could lead to spillover risks and potential escalation.
https://www.consilium.europa.eu/en/press/press-releases/2022/07/19/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-malicious-cyber-activities-conducted-by-hackers-and-hacker-groups-in-the-context-of-russia-s-aggression-against-ukraine/
2022-08-03 Belgium Says Chinese APTs Targeted Interior, Defense Ministries Belgium on Monday accused Chinese state-sponsored hackers of launching cyberattacks against its interior and defense ministries.
https://diplomatie.belgium.be/en/news/declaration-minister-foreign-affairs-malicious-cyber-activities
2022-08-03 Microsoft resumes default blocking of Office macros after updating docs Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback.
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-default-blocking-of-office-macros-after-updating-docs/
2022-08-03 Changing Tactics in Response to Microsofts Blocking of Internet Macros https://www.ncsc.gov.ie/pdfs/20220620-TTP-Advisory.pdf
2022-07-25 Google removes malware-infected apps from Play Store Google has been busy removing apps infected with malware from its Play Store. It is important to be careful what apps you install even when installing from the official app store. It is crucial to keep your devices and apps secure with the latest updates. Further information
2022-07-25 LinkedIn remains the most impersonated brand in phishing attacks LinkedIn is holding the top spot for the most impersonated brand in phishing campaigns observed during the second quarter of 2022. As Check Point explains in its report, phishing campaigns using fake LinkedIn emails try to mimic common messages from the platform to its users, such as You appeared in 8 searches this week, or You have one new message. They all lead to a phishing web page where the victims are asked to enter their LinkedIn credentials, enabling the threat actors to take over the accounts.
https://www.bleepingcomputer.com/news/security/linkedin-remains-the-most-impersonated-brand-in-phishing-attacks/
Chrome use subject to restrictions in Dutch schools over data security concerns:
The Dutch Ministry of Education has decided to impose some restrictions on the use of the Chrome OS and Chrome web browser until August 2023 over concerns about data privacy. In January 2022, Austria's data protection authority decided that using Google Analytics violates GDPR, because collecting website visitors' data was done with the the users' specific consent and transferred outside Europe. The French data protection office (CNIL) followed suit with a similar decision in February 2022, and later warned Google that minor changes won't reverse the decision. This month, the Danish DPA imposed a ban on the use of Google Workspace and Chromebooks in one of the country's municipalities, Elsinore, criticizing the uncontrolled data transfers to third countries.
https://www.bleepingcomputer.com/news/security/chrome-use-subject-to-restrictions-in-dutch-schools-over-data-security-concerns/
2022-07-18 NCSC Alert: Compromised WordPress Websites Distributing SolarMarker Malware The NCSC has observed a number of WordPress websites which appear to be compromised. These compromises match the Tactics, Techniques and Procedures used in order to distribute SolarMarker malware
https://www.ncsc.gov.ie/pdfs/SolarMarker-WordPress-Compromise.pdf
2022-07-18 Legal Experts Concerned Over New UK Digital Reform Bill Legal experts have expressed serious misgivings about the UK governments proposed changes to data protection legislation, claiming it may risk ending streamlined data flows with EU countries as it diverges from GDPR.
https://www.infosecurity-magazine.com/news/legal-concerned-new-uk-digital/
2022-07-11 Europe passes sweeping antitrust laws targeting America's big tech Google, Facebook, Amazon and the rest stand to lose if rules are actually enforced. After nearly two years of legal wrangling, the European Parliament on Tuesday passed the Digital Markets Act and the Digital Services Act, teeing up a showdown between the continent and US tech giants.
https://www.theregister.com/2022/07/06/eu_dsa_dma_laws_big_tech/
2022-07-11 Alleged Chinese police database hack leaks data of 1 billion Chinese citizens Hackers claim to have obtained a trove of data on 1 billion Chinese from a Shanghai police database in a leak that, if confirmed, could be one of the largest data breaches in history.
https://www.securityweek.com/alleged-chinese-police-database-hack-leaks-data-1-billion
2022-07-04 Microsoft: Exchange Server 2013 reaches end of support in 9 months Microsoft has reminded customers that the Exchange Server 2013 mail and calendaring platform will reach its extended end-of-support date roughly nine months from now, on April 11, 2023.
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-server-2013-reaches-end-of-support-in-9-months/
2022-07-04 Microsoft Exchange bug abused to hack building automation systems A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks. Further information
2022-07-04 MITRE shares this year's list of most dangerous software bugs MITRE shared this year's top 25 most common and dangerous weaknesses impacting software throughout the previous two calendar years.
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html
2022-06-27 Chinese hackers use ransomware as decoy for cyber espionage Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities.
https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
2022-06-27 Changing Criminal Tactics in Response to Microsofts Blocking of Internet Macros Changes in how office documents handle macros are causing changes in how criminals spread their malware.
https://www.ncsc.gov.ie/pdfs/20220620-TTP-Advisory.pdf
2022-06-27 Researchers raise alarm on critical flaws in industrial equipment, infrastructure Fifty-six vulnerabilities some deemed critical have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to the US government's CISA and private security researchers.
https://www.forescout.com/resources/ot-icefall-report/
2022-06-27 US, UK, New Zealand Issue PowerShell Security Guidance The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Cyber Security Centres in New Zealand (NZ NCSC) and the United Kingdom (NCSC-UK) have issued joint guidance on the proper configuration and monitoring of PowerShell to eliminate the risk of abuse.
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
2022-06-20 Microsoft patch their severe vulnerability (Follina) Microsoft have released a patch for the Follina vulnerability. The NCSC expects to see continued exploitation of this vulnerability by threat actors against unpatched systems.
https://www.ncsc.gov.ie/pdfs/ms-msdt_Vulnerability.pdf
2022-06-20 Vulnerabilities in Splunk Enterprise deployment servers Splunk have published details related to vulnerabilities in Splunk Enterprise deployment servers.
https://www.ncsc.gov.ie/pdfs/splunk_enterprise_June22.pdf
2022-05-30 Russian hackers perform reconnaissance against Austria, Estonia In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defence College. Further information
2022-05-30 Chinese "Twisted Panda" Hackers Caught Spying on Russian Defence Institutes At least two research institutes located in Russia and a third likely target in Belarus have been at the receiving end of an espionage attack by a Chinese nation-state advanced persistent threat (APT).
https://thehackernews.com/2022/05/chinese-twisted-panda-hackers-caught.html
2022-05-30 New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message Users of the application are recommended to update to the latest version (5.10.0) to mitigate any potential threats arising out of active exploitation of the flaws.
https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html
2022-05-23 VMware Vulnerabilities The NCSC is aware of multiple vulnerabilitiesaffecting certain VMware products. In this case, the most important aspect is to install the latest update as soon as practicable.More information, including the list of affected products,can be found on the VMware website. CISA has published information detailing the exploitation of these and other VMware vulnerabilities.
https://www.vmware.com/security/advisories/VMSA-2022-0014.html
https://www.cisa.gov/uscert/ncas/alerts/aa22-138b
https://www.ncsc.gov.ie/pdfs/VMWare_Products.pdf
2022-05-23 Joint advisory on common attack vectors The UK NCSC has jointly published with CISA in the US and other international partners an advisory that summarises common ways attackers gain access to organisations networks. They include exploiting public-facing applications and external remote services, phishing and fraudulent use of valid accounts. It also provides more detail about the poorly implemented security controls and practices attackers try and use to their advantage. The advisory is on the CISA website. It provides a useful reminder to organisations about effectively mitigating many types of attack.
https://www.cisa.gov/uscert/sites/default/files/publications/AA22-137A-Weak_Security_Controls_and_Practices_Routinely_Exploited_for_Initial_Access.pdf
2022-05-23 U.S. DOJ will no longer prosecute ethical hackers under CFAA The U.S. Department of Justice (DOJ) has announced a revision of its policy on how federal prosecutors should charge violations of the Computer Fraud and Abuse Act (CFAA), carving out "good-faith" security research from being prosecuted. With this policy update, the DOJ is separating cases of good-faith security research from ill-intended hacking, which were previously distinguished by a blurred line that frequently placed ethical security research in a problematic, gray legal area. Under these new policies, software testing, investigation, security flaw analysis, and network breaches intended to promote the security and safety of the target devices or services are not to be prosecuted by federal prosecutors.
https://www.bleepingcomputer.com/news/security/us-doj-will-no-longer-prosecute-ethical-hackers-under-cfaa/
2022-05-23 Researchers Expose Inner Workings of Billion-Dollar 'Wizard Spider' Cybercrime Gang The cybercrime gang responsible for the HSE attack, known as 'Wizard Spider', have been profiled in this report from Swiss cybersecurity company PRODAFT.
https://thehackernews.com/2022/05/researchers-expose-inner-working-of.html
2022-05-17 New Chinese espionage campaign targets Europe This week This week, Cisco Talos Intelligence Group reported that they had discovered a new attack campaign perpetrated by the Chinese threat actor Mustang Panda, also known as Bronze President, RedDelta, and TA416. The group focuses primarily on Europe when conducting its espionage attacks.
http://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html
2022-05-17 UK Gov releases free tool to check for email cybersecurity risks The United Kingdom's National Cyber Security Centre (NCSC) today released a new email security check service to help organizations easily identify vulnerabilities that could allow attackers to spoof emails or can lead to email privacy breaches.
https://www.bleepingcomputer.com/news/security/uk-govt-releases-free-tool-to-check-for-email-cybersecurity-risks/
2022-05-17 Remote Code Execution Vulnerability in iControl REST Component F5 BIG-IP A critical vulnerability allowing remote code execution has been identified in the iControl REST component of F5 BIG-IP products. The NCSC has been made aware of mass scanning for vulnerable systems and the exploitation of systems in the wild. Further information
2022-05-17 Government Agencies Warn of Increase in Cyberattacks Targeting MSPs Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory warning of threats targeting managed service providers (MSPs) and their customers.
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/11/cisa-joins-partners-release-advisory-protecting-msps-and-their
2022-05-17 European Commission has opened public consultation on new legislation on the cybersecurity of digital products and services The European Commission seeks to establish common cybersecurity rules for digital products and associated services that are placed on the market across the European Union. The Commission invites stakeholders such as operators and users of both enterprise facing and consumer facing products and services to express views on the policy interventions proposed.
https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13410-Cyber-resilience-act-new-cybersecurity-rules-for-digital-products-and-ancillary-services/public-consultation_en
2022-05-17 State of the Cyber Security Sector in Ireland Report has been formally launched Cyber Ireland are delighted to announce that the inaugural State of the Cyber Security Sector in Ireland Report has been formally launched by Mr Ossian Smyth, Minister of State at the Department of Public Expenditure and Reform. For the first time, the Irish cyber security community have an in-depth analysis of the sector, its contribution to Irelands economy and the potential opportunities for its future. The report is an economic baseline for the sector and will form the basis of subsequent recommendations and policies within Cyber Ireland.
https://cyberireland.ie/state-of-the-cyber-security-sector-in-ireland-2022/
2022-05-09 Application stores and the associated risks The UK NCSC has published a report highlighting the risks associated to app stores. The Threat Report on Application Stores has been produced with the aim of protecting both consumers and enterprises.
The use of smartphones and smart devices has seen a huge rise in the past decade, and this has led to a greater use of app stores which allow users to download applications and content for their devices. With a multitude of devices and app stores available, there are a number of security issues to consider and actions to take to avoid incidents. The report provides links to detailed guidance which can mitigate the main threats.
https://www.ncsc.gov.uk/files/Threat-report-on-application-stores-web-v2.pdf
2022-05-09 NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks The National Institute of Standards and Technology (NIST) on Thursday released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf
2022-05-09 State-Backed Chinese Hackers Target Russia According to Googles Threat Analysis Group (TAG), financially motivated actors across the globe are still using the war in Ukraine as a phishing lure for campaigns.
https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe/
2022-05-03 Microsoft says Russia hit Ukraine with hundreds of cyberattacks Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian-backed hacking groups targeting infrastructure and Ukrainian citizens.
https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
2022-05-03 Investigators probe suspected sabotage of French fiber optic network The Paris prosecutors office opened a preliminary investigation Wednesday into the suspected sabotage of fiber optic cables, which disrupted the internet in several regions around France, and said the country's domestic intelligence agency would help with the probe.
https://www.rfi.fr/en/science-and-technology/20220428-france-investigates-suspected-sabotage-of-fiber-optic-cables-that-disrupted-internet
2022-05-03 Top exploited vulnerabilities in 2021 revealed The UK and its international allies from the US, Canada, Australia, and New Zealand this week published an advisory detailing the 15 most commonly exploited vulnerabilities of 2021. It revealed that malicious actors aggressively targeted newly disclosed critical software vulnerabilities across the public and private sector worldwide. Actors often targeted internet-facing systems, such as email and virtual private network (VPN) servers. It also indicated that, to a lesser extent, actors continued to exploit publicly known and often dated vulnerabilities, some of which were routinely exploited in 2020 or earlier. The advisory is available to read in full on the Cybersecurity and Infrastructure Security Agencys (CISA) website. Further information
2022-04-25 Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. "The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites,"
https://thehackernews.com/2022/04/over-16500-sites-hacked-to-distribute.html
2022-04-25 Contis Ransomware Toll on the Healthcare Industry Conti, one of the most ruthless and successful Russian ransomware groups, has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under the name "Ryuk."
https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/
2022-04-25 Vulnerability in Cisco Wireless LAN Controller Cisco has disclosed a critical vulnerability in Cisco Wireless LAN controllers that exists in devices with a non-default configuration, that allows an unauthenticated, remote attacker to bypass authentication controls and log into the management interface.
https://www.ncsc.gov.ie/pdfs/Cisco_Wireless_LAN_Controller-CVE2022-20695.pdf
2022-04-25 Microsoft April 2022 security update The NCSC is highlighting some critical vulnerabilities which have been included in Microsoft's monthly patch Tuesday release. The CVEs highlighted in this alert include Remote Code Execution vulnerabilities where exploitation has been assessed as being more likely by Microsoft. The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest updates as soon as practicable. Further information
2022-04-19 Ukrainian power grid 'lucky' to withstand Russian cyber-attack https://www.bbc.com/news/technology-61085480
2022-04-19 LinkedIn brand takes lead as most impersonated in phishing attacks https://www.bleepingcomputer.com/news/security/linkedin-brand-takes-lead-as-most-impersonated-in-phishing-attacks/
2022-04-19 T-Mobile customers warned of unblockable SMS phishing attacks https://www.bleepingcomputer.com/news/security/t-mobile-customers-warned-of-unblockable-sms-phishing-attacks/
2022-04-19 EU Officials Targeted with Pegasus Spyware https://www.infosecurity-magazine.com/news/eu-officials-pegasus-spyware/
2022-04-19 Singapore begins licensing cybersecurity vendors Vendors providing penetration testing as well as managed SOC monitoring services have up to six months until October to apply for a licence from Singapore's Cyber Security Authority, or cease the provision of such services.
https://www.zdnet.com/article/singapore-begins-licensing-cybersecurity-vendors/
2022-04-11 Fake WhatsApp voice message emails are spreading malware A phishing campaign which impersonates WhatsApps voice message feature has been spreading information-stealing malware. The attack starts with an email claiming to be a notification from WhatsApp of a new private voice message. The email contains a creation date and clip duration for the supposed message, and a Play button. The Play button will take the email recipient to a website which then asks them to click Allow in an allow/block prompt to confirm you are not a robot. Once allow is clicked, the browser will prompt to install software that turns out to be information-stealing malware.
2022-04-11 Newly found Android malware records audio, tracks your location A previously unknown Android malware uses the same shared-hosting infrastructure previously seen used by the Russian APT group known as Turla, though attribution to the hacking group is weak at best.
https://www.bleepingcomputer.com/news/security/newly-found-android-malware-records-audio-tracks-your-location/
2022-04-11 Assessing threats to European industrial infrastructure Europes industrial infrastructure cyber landscape faces distinctive threats. Dragos assesses with high confidence that the biggest cybersecurity weaknesses European asset owners currently face are a lack of asset visibility into their network and weak network authentication policies. Further information
2022-04-04 Critical Vulnerability in Java Spring Framework - Spring4Shell RCE On March 31, 2022, a serious zero-day vulnerability was discovered in the Spring framework core, which is an open-source framework for building enterprise Java applications. Spring has published details of a critical vulnerability that currently exists which impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The current exploit requires the application to run on Tomcat as a WAR deployment. In this case, the most important aspect is to install the latest versions as soon as practicable.
https://www.acunetix.com/blog/web-security-zone/critical-alert-spring4shell-rce-cve-2022-22965-in-spring/
https://www.ncsc.gov.ie/pdfs/Spring_010422.pdf
More detailed information on the spring vulnerability can be found at:
https://tanzu.vmware.com/security/cve-2022-22965
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://spring.io/projects/spring-framework
2022-04-04 Google: Phishing attacks using the war in Ukraine The Google Threat Analysis Group (TAG) says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks.
https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe/
2022-04-04 Remote Code Execution Vulnerability in Sophos Firewall An authentication bypass vulnerability allowing remote code execution has been identified in the User Portal and Webadmin of Sophos Firewalls. The vulnerability has been patched and no action is required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. This is enabled as default.
https://www.ncsc.gov.ie/pdfs/Sophos_RCE_290322.pdf
2022-03-29 Greece's public postal service offline due to ransomware attack ELTA, the state-owned provider of postal services in Greece, has disclosed a ransomware incident detected on Sunday that is still keeping most of the organizations services offline.
https://www.bleepingcomputer.com/news/security/greeces-public-postal-service-offline-due-to-ransomware-attack/
2022-03-29 What Concerns Cyber Pros Most About the Invasion of Ukraine More than 260 (ISC)´┐¢-certified cybersecurity professionals from 41 countries participated, including Ukraine and the Russian Federation. They represent 33 different industries, with the most in financial services, followed by IT services and healthcare.
https://blog.isc2.org/isc2_blog/2022/03/what-concerns-cyber-pros-most-about-the-invasion-of-ukraine.html
2022-03-29 White House warns of possible Russian cyberstrike on US critical infrastructure https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
2022-03-29 US DoJ reveals Russian supply chain attack targeting energy sector The United States Department of Justice has unsealed a pair of indictments that detail alleged Russian government hackers' efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure around the world. Further information
2022-03-29 Tactics, techniques, and procedures of state-sponsored Russian cyber actors targeting the energy sector This cybersecurity advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 which targeted energy sector infrastructure all around the world.
https://www.cisa.gov/uscert/ncas/alerts/aa22-083a
2022-03-07 CERT-EU security guidance: Securing Signal Signal is a secure, encrypted messaging service. The following document provides recommendations for securing the configuration of Signal.
https://media.cert.europa.eu/static/WhitePapers/TLP-WHITE-CERT-EU_Security_Guidance-22-002_v1_0.pdf
2022-03-07 Zero trust cyber security posture is becoming more common, but it needs to be done correctly Zero trust is an architectural approach where inherent trust in the network is removed, the network is assumed hostile and each request is verified based on an access policy. It has become more common recently however it can be implemented incorrectly, leaving the organisation vulnerable to attack. The UK NCSC has published guidance for zero trust architecture for organisations.
https://www.ncsc.gov.uk/collection/zero-trust-architecture
2022-03-07 Conti ransomware group diaries, Part I: Evasion A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The gang had recently stated their support of the invasion of Ukraine. The chat logs offer a glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees.
https://www.bleepingcomputer.com/news/security/conti-ransomwares-internal-chats-leaked-after-siding-with-russia/
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/
2022-03-07 US and Australian agencies issue alerts on destructive malware targeting organisations in Ukraine US and Australian agencies have issued alerts encouraging organisations to take action to mitigate the threat from destructive malware used to target organisations in Ukraine. The alerts set out actions to take to boost resilience to this malware threat. The US advisory warns there could be further disruptive attacks against organisations in Ukraine which may unintentionally spill over to organisations in other countries. The UK NCSC is not aware of any specific threats to UK organisations, however it has highlighted a historical pattern of cyber attacks on Ukraine having international consequences. The Irish NCSC currently assesses the risk to Irish entities from a targeted nation-state attack relating to current events in Ukraine as low, however there remains a potential for entities to be affected by events downstream of any primary targets in the region.
https://www.ncsc.gov.ie/pdfs/TLP_WHITE_Heightened_Threats_Feb22.pdf
https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened
https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
https://www.cyber.gov.au/acsc/view-all-content/advisories/2022-02-australian-organisations-should-urgently-adopt-enhanced-cyber-security-posture
2022-02-28 Russia, Ukraine and the danger of a global cyberwar A conversation with Marcus Willett, former director of cyber at GCHQ. Further information
2022-02-28 Cybercriminals seek to profit from Russia-Ukraine conflict Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
https://acn-marketing-blog.accenture.com/wp-content/uploads/2022/02/ACTI_TacticalIntelReport_DarknetActorsAffectRussiaUkraineCrisis.pdf
2022-02-28 Proofpoint: phishing attacks dominated threat landscape in 2021 Cyber security company Proofpoint released its annual phishing report earlier this week, revealing the impact of phishing attacks in 2021. According to its findings, 91% of UK companies surveyed experienced at least one successful email-based phishing attack last year with 84% reporting email-based ransomware attacks. Ransomware is the biggest cyber threat facing organisations, and phishing is a common vector for cyber criminals to infect networks.
https://www.proofpoint.com/uk/newsroom/press-releases/proofpoints-2022-state-phish-report-reveals-email-based-attacks-dominated
2022-02-21 Ukraine says its being targeted by a massive wave of hybrid warfare The Security Service of Ukraine (SSU) today said the country is the target of an ongoing "wave of hybrid warfare," aiming to instil anxiety and undermine Ukrainian society's confidence in the state's ability to defend its citizens.
https://www.bleepingcomputer.com/news/security/ukraine-says-it-s-targeted-by-massive-wave-of-hybrid-warfare-/
2022-02-21 Cyber Risk Assessment and Advice Regarding Ongoing Ukraine Situation Due to ongoing tension in the Ukraine region, the Irish National Cyber Security Center (NCSC-IE) is releasing an advisory to highlight any potential impact on Ireland or Irish-based entities should the current situation continue to escalate.
https://www.ncsc.gov.ie/pdfs/TLP_WHITE_Heightened_Threats_Feb22.pdf
2022-02-21 Ransomware 2022: 'Every good vendor' was hit Public and private sector are both under attack as malware evolution accelerates. SonicWall's annual cyber threat report shows ransomware gangs are making large amounts of money and getting quicker at doing so.
https://www.sonicwall.com/news/sonicwall-threat-intelligence-confirms-alarming-surge-in-ransomware-malicious-cyberattacks-as-threats-double-in-2021/
2022-02-21 EU data protection watchdog calls for ban on advanced commercial spyware The European Union's data protection authority called for a ban on the development and use of Pegasus-like commercial spyware, calling out the technology's "unprecedented level of intrusiveness" that could endanger users' right to privacy. Pegasus spyware has been used by governments around the world to spy on the phones of journalists and political opponents.
https://edps.europa.eu/data-protection/our-work/publications/papers/edps-preliminary-remarks-modern-spyware_en
2022-02-21 Red Cross: State hackers breached our network using Zoho bug The International Committee of the Red Cross (ICRC) said today that the hack disclosed last month against its servers was a targeted attack likely coordinated by a state-backed hacking group.
https://www.bleepingcomputer.com/news/security/red-cross-state-hackers-breached-our-network-using-zoho-bug/
2022-02-14 String of cyberattacks on European oil and chemical sectors likely not coordinated European prosecutors and cybersecurity officials investigating a ransomware attacks affecting oil infrastructure said they do not have reason to believe that the attacks are linked to one another.
https://therecord.media/string-of-cyberattacks-on-european-oil-and-chemical-sectors-likely-not-coordinated-officials-say/
2022-02-14 CISA Urges Organizations to Patch Exploited Windows Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its list of vulnerabilities known to be exploited in malicious attacks with a recently addressed Windows zero-day flaw.
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/04/cisa-adds-one-known-exploited-vulnerability-catalog
2022-02-14 SAP Customers Warned About Critical 'ICMAD' Vulnerabilities As part of its February 2022 Security Patch Day, German software maker SAP has announced the release of 13 new security notes and updates for five other security notes. Further information
2022-02-14 Criminals still exploiting old flaws in cyber attacks While the Log4j vulnerability has commanded headlines recently cyber criminals continue to use old vulnerabilities to successfully target organisations.
Vulnerabilities still being exploited include Proxyshell bugs, QNAP NAS devices, as well as Log4j. There is evidence of a decade old vulnerability in MS Office (CVE-2012-0158) still being used, notes a recent report.
https://www.zdnet.com/article/youve-still-not-patched-it-hackers-are-using-these-old-software-flaws-to-deliver-ransomware/
2022-02-07 German Court Rules Websites Embedding Google Fonts Violates GDPR A regional court in the German city of Munich has ordered a website operator to pay 100 in damages for transferring a user's personal data i.e., IP address to Google via the search giant's Fonts library without the individual's consent. The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights
https://thehackernews.com/2022/01/german-court-rules-websites-embedding.html
2022-02-07 Critical Vulnerability in Samba A critical vulnerability exists in Samba that allows remote attackers to execute arbitrary code with root privileges on affected installations of Samba.
https://www.ncsc.gov.ie/pdfs/Samba-cve2021-44142.pdf
https://www.bleepingcomputer.com/news/security/samba-bug-can-let-remote-attackers-execute-code-as-root/
2022-02-07 Launch of Harnessing Digital - The Digital Ireland Framework The government today launched a new national digital strategy, which includes additional funding and focus on cybersecurity.
https://www.gov.ie/en/press-release/3a922-online-launch-of-harnessing-digital-the-digital-ireland-framework/
2022-01-31 New 'Scanning Made Easy' trial service from the UK NCSC and i100 The UK NCSC has introduced a new trial service that will release vulnerability scanning scripts to help organisations identify vulnerabilities on their networks.
https://www.ncsc.gov.uk/blog-post/introducing-scanning-made-easy
2022-01-31 Russian Authorities Arrest Head of International Cybercrime Group Four individuals believed to be members of the international cyber theft ring known as the Infraud Organization were arrested in Russia, news agency TASS reports. The move against the Infraud Organization is the second
that Russian law enforcement has made against organized cybercrime since the beginning of this year.
Further information
2022-01-31 New Director of the National Cyber Security Centre (NCSC) The appointment of Mr Richard Browne as the Director of the National Cyber Security Centre (NCSC) has been announced.
https://www.gov.ie/en/press-release/7a9a9-ministers-ryan-and-smyth-announce-appointment-of-new-director-of-the-national-cyber-security-centre-ncsc/
2022-01-25 At least 8 REvil ransomware hackers pressed with criminal charges FBI issues QR code scam warning:
The FBIs Internet Crime Complaint Center (IC3) has issued an alert, warning of the malicious use of QR codes. According to the public service announcement, cyber criminals have been tampering with QR codes to redirect users from legitimate websites to fraudulent ones where their data and money is at risk of being stolen. Businesses worldwide have turned increasingly towards using QR codes to continue offering their services, but this mechanism can be exploited and even used to embed malware onto a users device. There are examples of criminals putting QR code stickers on parking meters and tricking
https://www.ic3.gov/Media/Y2022/PSA220118
Russian officials arrested 14 alleged members of the REvil ransomware group on Friday.
https://tass.com/society/1388613
2022-01-25 Dark Web chatter: What other Russian hackers are saying about the REvil arrests. Before the recent takedown of the REvil ransomware gang by the FSB, hackers felt safe in Russia provided they did not attack Russia.
https://www.securityweek.com/dark-web-chatter-what-other-russian-hackers-are-saying-about-revil-arrests
2022-01-25 Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target Ukraine is now being targeted by malware that looks like ransomware but with one crucial difference: there's no recovery method. Officials have pointed the finger at Belarus.
https://www.reuters.com/world/europe/exclusive-ukraine-suspects-group-linked-belarus-intelligence-over-cyberattack-2022-01-15/
2022-01-25 Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks A previously undocumented malware that remains even if the operating system is removed and reinstalled, that has been deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group. Security company Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date."
https://thehackernews.com/2022/01/chinese-hackers-spotted-using-new-uefi.html
2022-01-17 MANAGED SERVICES REPORT: No Rest for the Wary. Organizations are increasingly relying on external support from managed services. In order to gain a better understanding of the state of affairs in managed services security, MITRE Engenuity, MITREs tech foundation for the public good, commissioned Cybersecurity Insiders to run an extensive industry survey to answer essential questions:
https://info.mitre-engenuity.org/hubfs/ATTACK%20Evals/2021%20Managed%20Services%20Report.pdf
2022-01-17 Patch Tuesday: Microsoft Calls Attention to 'Wormable' Windows Flaw Microsoft's first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks. Further information
2022-01-17 FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors.
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/cisa-fbi-and-nsa-release-cybersecurity-advisory-russian-cyber
2021-12-20 Barracuda: What weve learned from 2021: five cybersecurity takeaways Reviewing the previous 12 months of big-picture cybersecurity trends can help IT and security leaders better formulate a strategy for the coming year. Its even more important at a time when the threat landscape is moving at a record pace following the once-in-a-generation events of 2020. So here are five of the key trends weve seen over 2021 which are likely to bleed into the coming year.
https://blog.barracuda.com/2021/12/16/what-weve-learned-from-2021-five-cybersecurity-takeaways/
2021-12-20 Volatile and Adaptable: Tracking the Movements of Modern Ransomware Trend Micro's tracking of modern ransomware, as well as of older families, shows which attacks are gaining momentum and which families are particularly dangerous for enterprises and private users.
https://www.trendmicro.com/en_us/research/21/l/volatile-and-adaptable-tracking-the-movements-of-modern-ransomware.html
2021-12-20 Apache Log4j vulnerability updates A new patch, version 2.17, has been released to mitigate the widespread Apache log4j vulnerability.
https://www.bleepingcomputer.com/news/security/upgraded-to-log4j-216-surprise-theres-a-217-fixing-dos/
2021-12-13 Critical 0-day vulnerability in Apache Log4j library A serious vulnerability has been identified in Apache Log4j, an open source Java logging library used by many web applications and services. This is a serious case due to how widespread the vulnerability is, how easy it is for attackers to take advantage of it and how severe the impact is. In this case, the most important aspect is to install the latest update as soon as practicable. IE NCSC Log4J Further information
2021-12-13 14 new XS-Leaks (Cross-Site Leaks) attacks affect all modern web browsers Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and Opera, among others. Collectively known as "XS-Leaks," the browser bugs enable a malicious website to harvest personal data from its visitors as they interact with other websites Further information
2021-12-06 935% increase in double-extortion ransomware attacks since 2020 A trend report from Group IB analysing cyber criminal activity has revealed a 935% increase in the number of double-extortion ransomware attacks compared to the same period in 2020. In this kind of attack, the malicious actor exfiltrates the stolen data before they encrypt it. They then threaten the victim with public release of the data as another way to try and force payment. Further information
2021-12-06 Cyber Security Baseline Standard for Irish Government ICT services The National Cyber Security Centre (NCSC), in conjunction with the Office of the Government Chief Information Officer (OGCIO), have now developed standards which are intended to create an acceptable security position and form a broad framework for a set of measures which can be revised over time. Further information
2021-12-06 Convincing Microsoft phishing uses fake Office 365 spam alerts A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. Further information
2021-11-29 Which? uncover insecure smart products A Which? investigation has revealed nearly 2,000 smart products on online marketplaces that pose a risk to buyers security and privacy. Most of the products examined were unbranded, from little-known brands, or suspected clones of legitimate items, and used just four apps Aiwit, CamHi, CloudEdge and Smart Life. Alongside security firms 6point6 and NCC Group, Which? found potential issues that could put users at risk poor password security, unencrypted data transfer, unclear vulnerability reporting processes, and out of date devices.
https://www.which.co.uk/news/2021/11/hack-friday-online-marketplaces-flooded-with-insecure-smart-products/
Further information
2021-11-29 Foreign influence operations become more advanced Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks. Further information
2021-11-29 Exploit released for Microsoft Exchange RCE bug, patch now Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers. Further information
2021-11-29 UK Gov warns thousands of SMBs their online stores were hacked The UK's National Cyber Security Centre (NCSC) says it warned the owners of more than 4,000 online stores that their sites were compromised in Magecart attacks to steal the payment info of customers. The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform.
https://www.ncsc.gov.uk/news/guidance-for-retailers-to-prevent-websites-becoming-black-friday-cyber-traps<
Further information
2021-11-29 Seasonal Cyber Awareness As we approach the Christmas period the NCSC would like to take this opportunity to remind people that this is a particularly active period for cyber criminals to take advantage of unsuspecting online shoppers. Further information
2021-11-22 Joint advisory highlights Microsoft Exchange and Fortinet vulnerabilities An Iranian threat actor, assessed to be government sponsored, is exploiting known vulnerabilities against multiple sectors. The advisory, issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC) and the UK NCSC, gives the observed tactics and techniques and indicators of compromise. Further information
2021-11-22 Exploited Exchange servers leading to ransomware Multiple threat researchers have recently highlighted ongoing criminal campaigns involving Microsoft Exchange servers. Attackers have been observed making use of compromised Exchange servers to perform email conversation thread hijacking in order to distribute malware. This involves inserting malicious documents or links into responses in an email thread. Further information
2021-11-15 Majority of IoT device manufacturers fail to provide route to report security flaws Research by the Internet of Things Security Foundation (IoTSF) shows that 80% of manufacturers of internet-connected devices have not provided a way for security flaws in their products to be reported. This gap could make users vulnerable to cyber attack. The importance of basic cyber security in IoT products is being looked at by countries around the world with proposed legislation.
https://www.iotsecurityfoundation.org/consumer-iot-sector-basic-hygiene-practice-still-not-happening/
Further information
2021-11-15 NCSC site update The Irish NCSC has a new guidance page which contains their documents providing general advice to mitigate risk and on best practices. Documents will be updated and new material added as risks emerge. Their advice for people working from home may be of particular interest. Further information
2021-11-15 Microsoft November 2021 security updates Microsoft has released 55 security patches for software. System administrators should refer to Microsoft documentation on these vulnerabilities and apply patches as appropriate.
https://www.ncsc.gov.ie/pdfs/cve-2021-42321.pdf
2021-11-08 Microsoft warns of rise in password spray attacks targeting cloud accounts The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. Further information
2021-11-08 Cyber defence: The current state of national and international co-operation The Irish Defence Forces held a panel discussion focusing on cyber defence and the current state of co-operation in a national and international level. Further information
2021-11-08 US offers up to $10 million for information on DarkSide and REvil ransomware operators The US has offered the largest bounty for specific cyber criminals to date, targeting the DarkSide ransomware behind the Colonial Pipeline attack and the REvil ransomware behind the Kaseya VSA attack which affected about 1500 businesses worldwide. This is a similar amount to bounties offered for leaders of ISIS and Al Qaida.
https://www.bleepingcomputer.com/news/security/us-offers-10-million-reward-for-leaders-of-revil-ransomware/
Further information
2021-10-26 Microsoft now defends nonprofits against nation-state attacks Microsoft announced today a new security program for non-profits to provide them with protection against nation-state attacks that have increasingly targeting them in recent years. Further information
2021-10-26 Scam calls affecting millions Telecoms regulator Ofcom have released results from a survey conducted this summer, stating that nearly 45 million people in the UK have been the target of a scam text message or phone call in the past 3 months.
The survey shows that people aged 16 to 34 are targeted more by text message, while 60% of over 75s have received a suspicious phone call to their landline number.
Further information
2021-10-26 New US survey highlights impact of ransomware attacks Nearly two-thirds of organisations said they had been victims of ransomware attacks in the past 12 months according to a survey carried out by cybersecurity company ThycoticCentrify. It found that half of respondents said they had experienced loss of revenue and reputational damage following a ransomware attack, with 42% indicating they had lost customers. Further information
2021-10-26 Millions of Android users targeted in subscription fraud campaign A massive fraud campaign involving 151 Android apps with 10.5 million downloads was used to subscribe users to premium subscription services without their knowledge. The service charged victims $40 per month.
Uninstalling the app would not prevent the existing subscription from being charged again. To avoid future charges, victims need to contact their carrier and ask for a cancellation of all SMS subscriptions.
Further information
2021-10-18 Supply chain breaches on the rise More than 90% of firms across the globe have experienced breaches as a result of supply chain weaknesses, according to a report by BlueVoyant. There was an acknowledgement that budgets had been increasing but the reported increase of breaches is a timely reminder of the importance of establishing effective control and oversight of your supply chain. Further information
2021-10-18 Cyber criminals are still exploiting old vulnerabilities Years-old security vulnerabilities remain a common attack method for ransomware attacks because organisations aren't applying the patches to fix them. One of the vulnerabilities listed in this report was discovered in 2012. Further information
2021-10-18 Russia dominates state-sponsored attacks, says Microsoft According to Microsoft data, Russia accounted for the majority of state-sponsored attacks over the past year. Further information
2021-10-11 Google to turn on 2-factor authentication by default for 150 million users Google has announced that it is automatically enrolling 150 million Google user accounts and 2 million YouTube accounts onto 2 factor authentication (2FA), which it calls 2 step verification (2SV), by the end of 2021. Further information
2021-10-11 Apache HTTP server 2.4.49/50 vulnerabilities There is a vulnerability affecting Apache HTTP Server versions 2.4.49 and 2.4.50. The latest version, 2.4.51, should be installed as soon as practicable. Further information
2021-10-11 Tanglebot Android malware allows attackers to monitor all user activity on infected devices The malware named Tanglebot allows attackers to gain access to all user activity via the camera and microphone, monitor the user's location and steal any data on the device, including messages and stored files. The malware is spread by links in a text message. Once the link is clicked Tanglebot victims are informed that Adobe Flash Player needs to be updated and are led through a series of dialogue boxes which will allow the attackers to install and configure the malware. Attackers then have full access to the device. Further information
2021-10-11 A new APT hacking group targeting fuel, energy, and aviation industries A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. Further information
2021-10-04 The rising threat of software supply chain attacks An unnamed software-as-a-service (SaaS) provider invited Palo Alto Networks to identify vulnerabilities in the supply chain. The exercise uncovered critical software development flaws leaving customers potentially vulnerable to attacks similar to those on SolarWinds and Kaseya VSA. The SolarWinds and Kaseya VSA attacks distributed ransomware to thousands of organisations using their services. The researchers were able to escalate their privileges from the limited access a contractor might be given, all the way to administrator access. From this position a real attacker would be able to compromise the system, with the company realising too late to take effective action. Nathaniel Quist, principle researcher at Unit 42, said Role-based access controls within the developer roles would have prevented the researchers from accessing all of the developer repositories. Further information
2021-10-04 Ransomware attacks against hospitals have lasting effects on health Research has revealed direct patient consequences of ransomware attacks against hospitals. Hospitals affected by ransomware reported patients having to stay longer in hospital, delays to tests and procedures, and increases in patient deaths. Just over a third of hospitals affected by a ransomware attack reported an increase in patient complications following medical procedures. Seven in 10 saw delays in procedures and tests, and a similar number reported patients staying longer in hospital. Further information
2021-10-04 Ongoing Conti ransomware threat The US Cybersecurity and Infrastructure Security Agency (CISA) released an alert in relation to the increasing number of Conti ransomware cases that they have observed. The Conti ransomware was used in the HSE attack. The CISA and the FBI have observed more than 400 attacks on U.S. and international organisations. Further information
2021-10-04 NSA, CISA share VPN security tips to defend against hackers The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions. Further information
2021-10-04 ImmuniWeb Launches Free Tool for Identifying Unprotected Cloud Storage Web and application security company ImmuniWeb on Tuesday announced the launch of a free online tool designed to help organizations identify unprotected cloud storage. Further information
2021-10-04 Russian state sponsored hacking group deploying new backdoor on targeted systems State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected. Further information
2021-09-27 Researchers compile list of vulnerabilities abused by ransomware gangs Security researchers are working on an easy-to-follow list of initial access methods being used to breach networks. Further information
2021-09-27 Attacks on Russian government exploit recent Microsoft Office zero-day Threat actors have targeted Russian government organizations with malicious documents designed to exploit the recently patched MSHTML zero-day flaw in Microsoft Office, security researchers with Malwarebytes reveal. Further information
2021-09-27 VMware warns of critical bug in default vCenter Server installs VMware warns customers to immediately patch a critical vulnerability in the analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments. There are also several less severe vulnerabilities that will be secured by the patch. The vulnerabilities include a file upload vulnerability that could lead to remote code execution.
https://core.vmware.com/vmsa-2021-0020-questions-answers-faq/
Further information
2021-09-27 Credentials leaked due to Microsoft Exchange protocol flaw Cybersecurity researchers have been able to capture hundreds of thousands of Windows domain and application credentials due to the design and implementation of the Autodiscover protocol used by Microsoft Exchange. The Autodiscover protocol was intended to simplify configuration of Outlook and other Microsoft Exchange clients. There are several mitigations that can be attempted such as blocking Autodiscover domains in your firewall and disabling basic http authentication in Exchange. Further information
2021-09-27 Newly discovered hacking group used ProxyLogon exploits to breach hotels worldwide A newly discovered cyberespionage group, FamousSparrow, has been mainly targeting hotels around the world since at least 2019, however they also target governments, international organizations, law firms, and engineering companies. They began exploiting ProxyLogon vulnerabilities in March 2021. Further information
2021-09-27 Critical File Deletion Vulnerability in SonicWall SMA 100 series appliances A critical vulnerability in SMA 100 series appliances could allow a remote unauthenticated attacker to delete files from a SMA 100 series appliance and gain administrator access to the device. SonicWall is a provider of network security services and appliances such as firewalls. SonicWall Secure Mobile Access (SMA) is a unified secure access gateway that enables organizations to ensure any remote access to their resources is secure. Patches are available for affected devices and it is strongly recommended to apply them immediately. Further information
2021-09-27 Data of 106 million visitors to Thailand breached Comparitech has discovered an unsecure database containing the personal information of millions of visitors to Thailand. Anyone who has travelled to Thailand in the last decade may have been exposed to the incident.
The data breach has been reported to Thai authorities, who secured the database within 24 hours and stated the exposed data was not accessed by any unauthorised parties. Information exposed in the publicly accessible database consisted of full names, arrival dates, gender, residency status, passport numbers, visa information, and Thai arrival card numbers.
Further information
2021-09-27 The European Cybersecurity Month 2021 is October https://cybersecuritymonth.eu/ Further information
2021-09-20 REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out Antivirus company Bitdefender collaborated with law enforcement to create a key that would release data encrypted in ransomware attacks by the REvil ransomware gang before July 13. The universal decryption key will be free for victims of REvil ransomware attacks. REvil, the cybercriminal ransomware gang who shut down Swedish supermarket Coop over the summer and targeted MSP Kaseya, has resurfaced recently after appearing to have had its ransomware servers shutdown in July 2020.
https://www.bitdefender.com/blog/labs/bitdefender-offers-free-universal-decryptor-for-revil-sodinokibi-ransomware/
2021-09-20 Apple has released patches for two critical vulnerabilities for their products Apple has released a series of security updates to patch two critical vulnerabilities that the company says were actively exploited in the wild. One of the vulnerabilities allows a remote attacker to gain access to a device without any user interaction.s/ Further information
2021-09-20 Financial services firms wounded by ransomware but show resilience compared to other sectors New research by antivirus company Sophos has revealed that 34% of financial services firms were hit by ransomware in the last year with attacks costing an average of $2.1 million. 51% of firms who fell victim said criminals successfully encrypted their data; 62% of these managed to restore this data by using backups. Despite the large number of firms hit, financial services experienced a below average number of ransomware attacks. The survey shows 44% of retail firms and education firms were affected in the last year, business and professional services closely followed with 42% falling victim. The survey also revealed that financial services have a below average tendency to pay ransoms. Only 25% of firms hit by ransomware paid out a ransom in the last year. The cross-sector average was 32%.
https://www.sophos.com/en-us/medialibrary/PDFs/Whitepaper/sophos-state-of-ransomware-financial-services-2021-wp.pdf
Further information
2021-09-20 Microsoft has moved towards replacing passwords as login method Users can now delete all passwords from their accounts and login using an authenticator app or other method. Microsoft believe that this is both more convenient and more secure, due to the issues people have managing passwords. The goal is to eventually shift to using a variety of factors such as location, authenticator app, fingerprints and the device being used to replace passwords as a method of authentication. Further information
2021-09-13 French visa data breach The details of more than 8,000 people who applied for French visas have been compromised following a cyber attack. The French Ministry of Foreign Affairs and Ministry of Interior announced in a statement that the attack had been quickly neutralized but personal details such as names, dates of birth, nationalities and passport numbers had been leaked. They also stressed that no sensitive data had been compromised in line with GDPRs definitions. Phishing is a major concern for the victims of this breach.
2021-09-13 REvil ransomware group returns The group have resurfaced as several associated sites have come back online. The group appeared to go offline in July following a ransomware attack upon Kaseya products which impacted organisations worldwide. Ransomware is a common type of malware which can make data or systems unusable until the victim makes a payment. Paying a ransom does not guarantee the criminals will halt the attack.
2021-09-13 Largest DDoS attack in history The Russian tech company Yandex has reported that they repelled the largest known Denial of Service (DDoS) attack in the history of the internet. The DDoS attack was said to have reached a record level on September 5 after initially starting in August. Yandex reported that they repelled nearly 22 million requests per second at the height of the campaign.
2021-09-13 Microsoft MSHTML Remote Code Execution Vulnerability The exploit uses malicious Word documents to install malware which moves through the network and steals files. Microsoft has released a security patch for this vulnerability. Multiple techniques have been discovered for exploiting this vulnerability so it is unclear whether this patch has fixed all issues.
2021-09-13 Microsoft Exchange ProxyShell Vulnerability There is on-going exploitation of the vulnerabilities known as ProxyShell which affect Microsoft Exchange, despite available patches. to determine if Microsoft Exchange servers were compromised prior to patching the vulnerabilities below. The NCSC estimate that 40% of internet facing Microsoft Exchange servers in Ireland are potentially still vulnerable to this particular threat.
2021-09-13 Confluence Server Webwork OGNL injection The NCSC are aware of active exploitation in Atlassian Confluence Server and Data Center systems. Deployment of cryptominers has been seen. Administrators should commence incident response procedures on their Confluence servers if still vulnerable, in order to assess if any compromise has occurred.
2021-09-13 Malicious Actor Discloses FortiGate SSL-VPN Credentials A malicious actor has disclosed SSL-VPN access information to 87,000 FortiGate SSL-VPN devices. These credentials were obtained from unpatched systems. While they may have since been patched, if the passwords were not reset, they remain vulnerable.
2021-09-06 Organisations continue to face cyber security challenges with hybrid working patterns Coronavirus caused many organisations to move to home working at a greater speed and scale than many had foreseen or prepared for.
2021-09-06 Widespread phishing campaign targets passwords Microsoft has warned Office365 customers of a widespread credential phishing campaign using open redirector links. Attackers use these links alongside social engineering techniques in emails. The links redirect victims to a legitimate Google reCAPTCHA page leading to a fake login page where credentials are then stolen.
2021-09-06 Ransomware: SystemBC pre ransomware The malware SystemBC is used by attackers to provide a persistent connection to devices and hide malicious traffic of other malware that it is packaged with. Generally a malicious program is delivered to a device via phishing emails, which downloads a disguised SystemBC, which establishes a persistent connection and allows ransomware to be deployed F-Secure’s analysis of SystemBC sample identified that this was a new variant of the malware, with several notable differences from previous versions. The sample was executed by a previously undocumented “wrapper”, which F-Secure’s research suggests has been used in combination with multiple malware families common in crimeware intrusions.
2021-09-06 Vulnerabilities Conti ransomware now hacking Exchange servers with ProxyShell exploits. The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. The threat posed by ProxyShell and other attacks on known Microsoft Exchange vulnerabilities is extremely high. Organizations with on-premises Exchange Server should update and patch servers as soon as is possible. Additionally, attacks like these demonstrate the need to enable malware protection on servers as well as endpoints.
2021-09-06 Hospitals Are Facing a Major Ransomware Threat As the U.S. healthcare system struggles to cope with the COVID-19 pandemic, it has been fighting another major battle – ransomware. Nearly half (48%) of hospitals, according to a new study, have had to disconnect their networks in the past six months because of ransomware. Midsize hospitals are especially at risk, according to the study, Perspectives in Healthcare Security, conducted by Ipsos for CyberMDX and Philips

 Copyright © 2024 red flare | All rights reserved Privacy statement Terms of use Cookies