Latest News Articles



--- TLP:WHITE ---

− The dark equation of harm versus good means blockchain’s had its day

At this point in time, based on a dozen years of practical experience, no experiment in cybercurrency – or anything blockchain – is fixing real problems.

https://www.theregister.com/2021/12/06/the_dark_equation_of_harm/

− No surprise: NSW iVote fails during local council elections

The NSW Electoral Commission had planned and tested for 500,000 online votes, but on election day it just wasn't enough.

https://www.zdnet.com/article/no-surprise-nsw-ivote-fails-during-local-council-elections/

− Microsoft Seizes Domains Used by China-Linked APT 'Nickel'

Microsoft says it has seized control of domains that China-linked threat actor Nickel has been employing in malicious attacks targeting organizations in the United States and worldwide.

https://blogs.microsoft.com/on-the-issues/2021/12/06/cyberattacks-nickel-dcu-china/

− SolarWinds Hackers Use New Malware in Attacks That Serve Russian Interests

The threat group believed to be responsible for the attack on IT management company SolarWinds has developed new malware as it continues to target organizations that possess data relevant to Russian interests.

https://www.mandiant.com/resources/russian-targeting-gov-business

− ANSSI warns of phishing campaign associated with NOBELLIUM

ANSSI warns of phishing campaign associated with NOBELLIUM The French cyber security agency warned that it had been aware of phishing campaigns aimed at French entities since February 2021. ANSSI has made available indicators of compromise (IoCs) and other information associated with the attacks.

https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-011.pdf

Vulnerabilities

− Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks

Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors. The issue, assigned the identifier CVE-2021-44515, is an authentication bypass vulnerability

https://www.manageengine.com/desktop-management-msp/cve-2021-44515-security-advisory.html

− 14 New XS-Leaks (Cross-Site Leaks) Attacks Affect All Modern Web Browsers

Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and Opera, among others. Collectively known as "XS-Leaks," the browser bugs enable a malicious website to harvest personal data from its visitors as they interact with other websites

https://news.rub.de/english/press-releases/2021-12-02-it-security-14-new-attacks-web-browsers-detected

− Emotet now drops Cobalt Strike, fast forwards ransomware attacks

In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent.

https://www.bleepingcomputer.com/news/security/emotet-now-drops-cobalt-strike-fast-forwards-ransomware-attacks/

− Multiple Vulnerabilities Patched in SonicWall SMA100 Series

SonicWall has released patches to address critical and medium severity vulnerabilities (CVSS 5.3-9.8) in the SMA 100 series application.

https://www.ncsc.gov.ie/pdfs/Sonicwall_091221.pdf

− Critical 0-day vulnerability in Apache Log4j library- CVE-2021-44228

A serious vulnerability has been identified and fixed in Apache Log4j, an open source java logging library used by many web applications and services.

https://www.ncsc.gov.ie/pdfs/apache-log4j-101221.pdf

Community News

− Cybersecurity guide for SMEs - 12 steps to securing your business

ENISA “Cybersecurity guide for SMEs - 12 steps to securing your business” is available on the ENISA website in all EU languages via the following link:

https://www.enisa.europa.eu/publications/cybersecurity-guide-for-smes

--- TLP:WHITE ---