Latest News Articles



--- TLP:WHITE ---

News

− Ransomware: Cyber criminals are still exploiting these old vulnerabilities, so patch now

Years-old security vulnerabilities remain a common attack method for ransomware attacks because organisations aren't applying the patches to fix them.

https://www.zdnet.com/article/ransomware-cyber-criminals-are-still-exploiting-years-old-vulnerabilities-to-launch-attacks/

− Microsoft adds tamper protection to Windows 11 security baseline

Microsoft has released the final version of its security configuration baseline settings for Windows 11, downloadable today using the Microsoft Security Compliance Toolkit.

https://www.bleepingcomputer.com/news/security/microsoft-adds-tamper-protection-to-windows-11-security-baseline/

− Ukrainian police arrest DDoS operator controlling 100,000 bots

Ukrainian police have arrested a hacker who controlled a 100,000 device botnet used to perform DDoS attacks on behalf of paid customers. The criminal registered an account on Webmoney with his real address, allowing the Ukrainian police to find where he lives.

https://www.bleepingcomputer.com/news/security/ukrainian-police-arrest-ddos-operator-controlling-100-000-bots/

− NSA warns of wildcard certificate risks, provides mitigations

The U.S. National Security Agency (NSA) is warning of the dangers stemming from the use of broadly-scoped certificates to authenticate multiple servers in an organization. These include a recently disclosed ALPACA technique that could be used for various traffic redirect attacks.

https://media.defense.gov/2021/Oct/07/2002869955/-1/-1/0/CSI_AVOID%20DANGERS%20OF%20WILDCARD%20TLS%20CERTIFICATES%20AND%20THE%20ALPACA%20TECHNIQUE_211007.PDF

− Russia Dominates State-Sponsored Attacks, says Microsoft

According to Microsoft data, Russia accounted for the majority of state-sponsored attacks over the past year, with the SolarWinds attackers dominating threat activity. The Digital Defense Report 2021 is the first of its kind released by Microsoft and covers a year-long period between June 2020 and June 2021.

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi

Vulnerabilities

− New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks

The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773.

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013

− CISA Releases Remote Access Guidance for Government Agencies

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case.

https://www.cisa.gov/sites/default/files/publications/CISA%20TIC%203.0%20Remote%20User%20Use%20Case_1.pdf

− Ongoing Cyber Threats to U.S. Water and Wastewater Systems

FBI, EPA, NSA, and CISA issued a joint advisory to highlight ongoing malicious cyber activity targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities. This activity—which includes attempts to compromise system integrity via unauthorized access—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities.

https://us-cert.cisa.gov/ncas/alerts/aa21-287a

Community News

− Cyber Careers Promotion Events

For Cyber Security Month this October, we have an exciting panel to discuss how the cyber security industry can promote careers in cyber security to secondary school students in Ireland.

https://us02web.zoom.us/webinar/register/1716327374270/WN_EHZKQf6jQl-7jr9LW0js9Q

− €858 million in Budget 2022 to support the transition to a climate-neutral, circular and connected economy and society

In line with the government’s commitment to the National Cyber Security Strategy, €2.5 million of additional funding will be invested in the National Cyber Security Centre (NCSC) – to increase staff numbers to 45 by the end of 2022

https://www.gov.ie/en/press-release/58f78-858-million-in-budget-2022-to-support-the-transition-to-a-climate-neutral-circular-and-connected-economy-and-society/

--- TLP:WHITE ---