Latest News Articles



--- TLP:WHITE ---

News

− HSE Cyber Security Incident Update

The HSE published an update on the response to the ransomware incident, showing the progress being made to restore systems and services to patients.

https://www.hse.ie/eng/services/news/media/pressrel/hse-cyber-security-incident-update.html

− The logic behind three random words

Whilst not a password panacea, using 'three random words' is still better than enforcing arbitrary complexity requirements. In this blog, we're going to: explain why the NCSC continue to promote 'three random word' strategy (both at home and at work) and respond to some concerns raised by NCSC customers who may be considering this strategy.

https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words

− Guide to Cyber Security Measures

Our colleagues in the Netherlands, NCSC-NL, published their guide to cyber security measures. They identify eight measures that every organisation should take to prevent cyber-attacks.

https://english.ncsc.nl/publications/publications/2021/august/4/guide-to-cyber-security-measures

− Windows admins now can block external devices via layered Group Policy

Microsoft has added support for layered Group Policies, which allow IT admins to control what internal or external devices users can be installed on corporate endpoints across their organization's network. Devices that can be blocked or allowed to install on endpoints include printers, USB storage drives, and other USB peripherals added to a given organization's prohibited or approved list of devices.

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-the-ability-to-apply-layered-group-policy/ba-p/2608462

Vulnerabilities

− Cisco fixes critical, high severity pre-auth flaws in VPN routers

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to execute arbitrary code, cause a denial of service (DoS) condition and execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy

− APT trends report Q2 2021

The Global Research and Analysis Team (GReAT) at Kaspersky has published quarterly summaries of advanced persistent threat (APT) activity for four years. The summaries are based on their threat intelligence research and provide a representative snapshot of what they have published and discussed in greater detail in their private APT reports. This is the latest installment, focusing on activities observed during Q2 2021.

https://securelist.com/apt-trends-report-q2-2021/103517/

− Critical Infrastructure Organizations in South East Asia Targeted in Espionage Campaign

Four critical infrastructure organizations in a South East Asian country were targeted in an intelligence-gathering campaign that continued for several months. Among the organizations targeted were a water company, a power company, a communications company, and a defense organization, with evidence the attackers were interested in information about SCADA systems.

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-south-east-asia-espionage

Community News

− Disgruntled ransomware affiliate leaks the Conti gang’s technical manuals

A disgruntled member of the Conti ransomware program has leaked today the manuals and technical guides used by the Conti gang to train affiliate members on how to access, move laterally, and escalate access inside a hacked company and then exfiltrate its data before encrypting files.

https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/amp/

--- TLP:WHITE ---