Latest News Articles



--- TLP:WHITE ---

News

− Google to turn on 2-factor authentication by default for 150 million users

Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security. In addition, the internet giant said it also intends to require 2 million YouTube creators to switch on the setting, which it calls two-step verification (2SV),

https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/

− A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries

A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks.

https://www.ptsecurity.com/ww-en/about/news/positive-technologies-uncovers-new-apt-group-attacking-russia-s-fuel-and-energy-complex-and-aviation-production-industry/

Vulnerabilities

− Apache fixes zero-day vulnerability exploited in the wild

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw.

https://httpd.apache.org/security/vulnerabilities_24.html

− Apache HTTP Server 2.4.49/50 Vulnerabilities

The NCSC would like to advise constituents of a vulnerability associated with Apache HTTP Server versions 2.4.49 and 2.4.50 (CVE-2021-41773,CVE-2021-42013) that is being actively scanned for by threat actors with an expectation that this will lead to exploitation.

https://www.ncsc.gov.ie/pdfs/Apache_Vuln.pdf

− Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service (DoS) conditions.

https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-278-04

Community News

− Online Safety in the Classroom – Webinar 3 for Post-Primary Teachers

Webwise, the Irish internet safety awareness centre, are delighted to present a series of FREE evening webinars for primary and post-primary teachers exploring a range of topics including cyberbullying, image-sharing and false information.

https://www.medialiteracyireland.ie/events/online-safety-in-the-classroom-webinars-for-primary-and-post-primary-teachers-3-1-1

− Join Cyber Ireland for CyberSecMonth!

October is Cyber Security Month, with the aim of raising awareness of cybersecurity threats, promote cybersecurity among organisations and the general public; and provide resources to protect themselves online, through education and sharing of good practices.

https://cyberireland.ie/cs-month-2020/

− Garda Cyber Crime Bureau and NCSC promote Be Cyber Smart this ECSM

As part of European Cyber Security Month the Garda National Cyber Crime Bureau (GNCCB) in partnership with the National Cyber Security Centre (NCSC) and Europol are working to ensure that the public and businesses are cyber secure and cyber safe.

https://www.garda.ie/en/crime/cyber-crime/cyber-security-month-be-cyber-smart.html

− Cyber security awareness campaign to focus on ransomware risks

Minister Ossian Smyth TD has launched a public awareness campaign for Cyber Security Month during October. The campaign will provide information and tips to raise awareness of the security issues facing citizens surrounding the digitalisation of everyday life.

https://www.gov.ie/en/press-release/946b2-cyber-security-awareness-campaign-to-focus-on-ransomware-risks/#

--- TLP:WHITE ---