Latest News Articles



--- TLP:WHITE ---

News

− NSA and CISA Release Final Part IV of Guidance on Securing 5G Cloud Infrastructures

CISA has announced the joint National Security Agency (NSA) and CISA publication of the final of a four-part series, Security Guidance for 5G Cloud Infrastructures.

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/16/nsa-and-cisa-release-final-part-iv-guidance-securing-5g-cloud

− Large-scale phishing study shows who bites the bait more often

A large-scale phishing study involving 14,733 participants over a 15-month experiment has produced some surprising findings that contradict previous research results that formed the basis for popular industry practices. The study was conducted by researchers at ETH Zurich in collaboration with an unnamed company that did not inform the participants about the simulated phishing program.

https://www.bleepingcomputer.com/news/security/large-scale-phishing-study-shows-who-bites-the-bait-more-often/

− Log4j: Getting ready for the long haul (CVE-2021-44228)

Log4Shell will continue to haunt us for years to come. Dealing with log4shell will be a marathon. We don't think this was the last we heard of log4j or JNDI. History taught us that vulnerabilities like this could focus attention on respective features and libraries. I suspect there will be more to come.

https://isc.sans.edu/diary/rss/28130

− Barracuda: What we’ve learned from 2021: five cybersecurity takeaways

Reviewing the previous 12 months of big-picture cybersecurity trends can help IT and security leaders better formulate a strategy for the coming year. It’s even more important at a time when the threat landscape is moving at a record pace following the once-in-a-generation events of 2020. So here are five of the key trends we’ve seen over 2021 which are likely to bleed into the coming year.

https://blog.barracuda.com/2021/12/16/what-weve-learned-from-2021-five-cybersecurity-takeaways/

− Volatile and Adaptable: Tracking the Movements of Modern Ransomware

Trend Micro's tracking of modern ransomware, as well as of older families, shows which attacks are gaining momentum and which families are particularly dangerous for enterprises and private users.

https://www.trendmicro.com/en_us/research/21/l/volatile-and-adaptable-tracking-the-movements-of-modern-ransomware.html

Vulnerabilities

− NCSC Alert-Critical vulnerability in Apache Log4j library - CVE-2021-44228 UPDATE 2

A critical vulnerability (CVE-2021-44228) has been identified in Apache Log4j. Please review advisory and links below.

https://www.ncsc.gov.ie/pdfs/apache-log4j-101221.pdf

− CSIRTs Network - Log4Shell Cooperation

Collection of EU CERT Advisories:

https://github.com/enisaeu/CNW/tree/main/log4shell

NCSC-NL maintains this list of vulnerable applications, and it is currently one of the most up-to-date ones with continuous input from across the globe.

https://github.com/NCSC-NL/log4shell

Community News

REPORT: The state of cyber security in the UK charity sector

Earlier in 2021, Charity Digital conducted a survey with National Cyber Security Centre-UK. They're released their results on this link

https://charitydigital.org.uk/topics/report-the-state-of-cyber-security-in-the-uk-charity-sector-9572

--- TLP:WHITE ---