Latest News Articles

--- TLP:WHITE ---

News

− Ryuk ransomware operation updates hacking techniques

Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/

− Campus Still Closed as Portsmouth University Reels from Suspected Ransomware

Planned start to the new term is delayed after cyber-attack.

https://www.infosecurity-magazine.com/news/campus-closed-portsmouth/

− US Takes New Aim at Ransomware After Most Costly Year

The Justice Department is taking new aim at ransomware after a year that officials say was the most costly on record for the crippling cyberattacks.

https://www.wsj.com/articles/ransomware-targeted-by-new-justice-department-task-force-11619014158

− Chinese threat actors extract big data and sell it on the dark web

Through Intel 471’s observation and analysis of open source information and behavior on multiple closed forums, we found actors adopting the use of legitimate big data technology for cybercrime and monetizing the data they obtain on the Chinese-language underground.

https://intel471.com/blog/china-cybercrime-big-data-privacy-laws/

Vulnerabilities

− Pulse Secure VPN zero-day used to hack defense firms, govt orgs

Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against worldwide organizations and focused on US Defense Industrial base (DIB) networks.

https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

− Pulse Connect Secure RCE Vulnerability (CVE-2021-22893)

Ivanti has released details of a critical vulnerability that was discovered in Pulse Connect Secure (PCS). This authentication by-pass vulnerability can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway.

https://www.ncsc.gov.ie/pdfs/PulseVPN_200421.pdf

− NSA: 5 Security Bugs Under Active Nation-State Cyberattack

The National Security Agency (NSA) has released an alert warning that five vulnerabilities are being actively targeted by nation-state actors. The bugs affect VPN solutions, collaboration-suite software, and virtualization technologies in widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor, and VMware.

https://threatpost.com/nsa-security-bugs-active-nation-state-cyberattack/165446/

Community News

− LinkedIn was vector for 10,000 hostile state recruiting efforts against Brits, warns MI5

Campaign launched to alert public sector staff that not everyone on the internet is nice Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awarenss campaign launched by UK agency MI5.

https://www.thetimes.co.uk/article/0f316bd2-a143-11eb-b457-728758ee7665?

− Why Ireland for Cyber Security

IDA Ireland have produced an infographic about Ireland's cyber security industry.

https://www.idaireland.com/newsroom/publications/why-ireland-for-cyber-security

--- TLP:WHITE ---