Latest News Articles



--- TLP:WHITE ---

News

− Phishing attacks: One in three suspect emails reported by employees really are malicious

Up to a third of emails that were flagged as suspicious by employees were actually a threat, according to a new report by F-Secure.

https://www.zdnet.com/article/phishing-attacks-one-in-three-suspect-emails-reported-by-employees-really-are-malicious/

− Germany Protests to Russia Over Pre-Election Cyberattacks

Germany has protested to Russia over attempts to steal data from lawmakers in what it suspects may have been preparation to spread disinformation before the upcoming German election, the Foreign Ministry in Berlin said Monday.

https://www.securityweek.com/germany-protests-russia-over-pre-election-cyberattacks

− Ransomware gangs target companies using these criteria title

Ransomware gangs increasingly purchase access to a victim's network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks.

https://ke-la.com/the-ideal-ransomware-victim-what-attackers-are-looking-for/

Vulnerabilities

− Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Microsoft Corp. warned Tuesday that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

− Microsoft MSHTML Remote Code Execution Vulnerability - CVE-2021-40444

A vulnerability exists in MSHTML which is a part of all versions of Microsoft Windows. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. At present there are no patches available for this vulnerability. The NCSC has been advised that this technique is being exploited by malicious actors.

https://www.ncsc.gov.ie/pdfs/MSHTML_080921.pdf

− Microsoft Exchange ProxyShell Vulnerability - UPDATE 08-09-2021

The NCSC has observed on-going exploitation of the vulnerabilities known as ProxyShell, targeting vulnerable instances of Microsoft Exchange. This updated Alert is being published to remind organisations to apply patches in a timely manner. If you have applied the patches as recommended in August 2021, we would like to highlight the importance of carrying out investigative analysis to determine if Microsoft Exchange servers were compromised prior to patching the vulnerabilities below. The NCSC estimate that circa 40% of internet facing Microsoft Exchange servers in Ireland are potentially still vulnerable to this particular threat.

https://www.ncsc.gov.ie/pdfs/MS_Proxyshell_060921.pdf

− Confluence Server Webwork OGNL injection - CVE-2021-26084 2021-09-07 .

The NCSC are aware of active exploitation of CVE-2021-26084 in Atlassian Confluence Server and Data Center systems. The NCSC has observed mass exploitation of this vulnerability, such as deployment of crypto currency miners. Administrators should commence incident response procedures on their Confluence servers if still vulnerable, in order to assess if any compromise has occurred.

https://www.ncsc.gov.ie/pdfs/Confluence_Vuln.pdf

− Malicious Actor Discloses FortiGate SSL-VPN Credentials

Fortinet has become aware that a malicious actor has recently disclosed SSL-VPN access information to 87,000 FortiGate SSL-VPN devices. These credentials were obtained from systems that remained unpatched against FG-IR-18-384 / CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable.

https://www.fortinet.com/blog/psirt-blogs/malicious-actor-discloses-fortigate-ssl-vpn-credentials

Community News

A parent’s guide to smartphone security

Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks,ESET have prepared some handy tips on how to keep their devices secure.

https://www.welivesecurity.com/2021/09/03/parents-guide-smartphone-security/

CyberSafeKids: Research Report 2021

Despite the challenges of 2021 and the global pandemic, CybersafeKids have produced a detailed overview of the data we collected from children in academic year 2020-21 in their annual report. The report highlights our observations on trends, risks and opportunities, as well as recommendations for a safer and smarter online world for children and young people.

https://www.cybersafekids.ie/research

--- TLP:WHITE ---