Latest News Articles



--- TLP:WHITE ---

News

− MI6 Spy Chief Says China, Russia, Iran Top UK Threat List title

UK spies seek help from tech firms against cyber threats

https://www.securityweek.com/mi6-spy-chief-says-china-russia-iran-top-uk-threat-list

− Twitter to ban sharing of photos and videos without people's consent

Twitter has expanded its private information policy to include private media, such as photos and videos.

https://blog.twitter.com/en_us/topics/company/2021/private-information-policy-update

− Europol: 18k money mules caught laundering money from online fraud

Europol has announced the arrest of 1,803 money mules out of 18,351 identified following an international money-laundering crackdown operation

https://www.bleepingcomputer.com/news/legal/europol-18k-money-mules-caught-laundering-money-from-online-fraud/

Vulnerabilities

− 17 Malware Frameworks Target Air-Gapped Systems for Espionage

An analysis of 17 espionage frameworks designed to target air-gapped networks shows that all of them leverage USB drives and all target Windows exclusively.

https://www.securityweek.com/17-malware-frameworks-target-air-gapped-systems-espionage

− CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability

The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities.

https://us-cert.cisa.gov/ncas/current-activity/2021/12/02/cisa-and-fbi-release-alert-active-exploitation-cve-2021-44077-zoho

− DomainTools Report: Fall 2021 Edition

The DomainTools Report seeks to explore our stores of domain registration, hosting, and content-related data to surface patterns and trends that might be of interest to security practitioners, researchers, and anyone else interested in the suspicious or malicious use of online infrastructure.

https://www.domaintools.com/resources/domaintools-reports/domaintools-report-fall-2021-edition

Community News

− Cyber Security Baseline Standard for Government ICT services

The National Cyber Security Strategy 2019-2024 contained a commitment for the publication of a Cyber Security Baseline Standard for Government ICT services. he National Cyber Security Centre (NCSC), in conjunction with the Office of the Government Chief Information Officer (OGCIO), have now developed the Standards which are intended to create an acceptable security standard and form a broad framework for a set of measures which can be revised over time.

https://www.gov.ie/en/publication/d1fd5-cyber-security-baseline-standards/

− Recovering from ransomware: One organisation’s inside story

In February 2021, French office equipment supplier Manutan fell victim to a DoppelPaymer ransomware hit. IT ops director Jérôme Marchandiau tells the inside story of the incident

https://www.computerweekly.com/news/252510116/Recovering-from-ransomware-One-organisations-inside-story

--- TLP:WHITE ---