Latest News Articles



--- TLP:WHITE ---

Best wishes to all for a peaceful 2022

News

− AP Exclusive: Polish Opposition Duo Hacked With NSO Spyware

The aggressive cellphone break-ins of a high-profile lawyer representing top Polish opposition figures came in the final weeks of pivotal 2019 parliamentary elections. Two years later, a prosecutor challenging attempts by the populist right-wing government to purge the judiciary had her smartphone hacked.

https://www.securityweek.com/ap-exclusive-polish-opposition-duo-hacked-nso-spyware
https://www.ncsc.gov.ie/pdfs/NCSC_Quick_Guide_Electoral_Candidate.pdf

− Multiple Log4j scanners released by CISA, CrowdStrike

Many Log4J scanners are available, but researchers say a number of them have blindspots.

https://www.zdnet.com/article/multiple-log4j-scanners-released-by-cisa-crowdstrike-more/

− Chinese Spies Accused of Using Huawei in Secret Australia Telecom Hack

Software update loaded with malicious code is key evidence in years-long push to block Huawei, officials say

https://www.bloomberg.com/news/articles/2021-12-16/chinese-spies-accused-of-using-huawei-in-secret-australian-telecom-hack

Vulnerabilities

− Joint Guidance on Log4j Vulnerabilitie issued by CA, UK, AU NZ and US

Government agencies in the United States, Canada, the United Kingdom, Australia and New Zealand on Wednesday announced the release of a joint cybersecurity advisory to provide guidance on addressing the recently disclosed vulnerabilities affecting the widely used Log4j logging utility.

https://www.cisa.gov/uscert/ncas/alerts/aa21-356a

Critical vulnerabilities in Apache Log4j library (CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105)- UPDATE 4

A number of vulnerabilities has been identified in Apache Log4j, an open source Java logging library used by many web applications and services. Please review the updated NCSC advisory below.

https://www.ncsc.gov.ie/pdfs/apache-log4j-101221.pdf

− Conti Ransomware Gang Has Full Log4Shell Attack Chain

According to new reports, the sophisticated Russia-based Conti ransomware group has become the first group to weaponize Log4j2 with a full attack chain. Last week, the group became the first professional cybercrime group to adopt the Log4Shell vulnerability and has since built up a holistic attack chain, according to researchers.

https://threatpost.com/conti-ransomware-gang-has-full-log4shell-attack-chain/177173/

Community News

− EU Commission released internal rules balancing data rights and need to provide IT security

Commission Decision (EU) 2021/2243 of 15 December 2021 laying down internal rules concerning the provision of information to data subjects and the restriction of certain of their rights in the context of the processing of personal data for the purposes of the security of information and communication systems of the Commission.

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D2243&from=EN

--- TLP:WHITE ---