Latest News Articles



--- TLP:WHITE ---

News

− US charges four Russian hackers over cyber-attacks on global energy sector

The US has unveiled criminal charges against four Russian government officials, saying they engaged in two major hacking campaigns between 2012 and 2018 that targeted the global energy sector and affected thousands of computers across 135 countries.

https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical

− German Authorities Seize Spyware Firm FinFisher's Accounts

German authorities have seized accounts belonging to the spyware company FinFisher amid an investigation into whether it broke export laws by selling its products to authoritarian governments.

https://www.securityweek.com/german-authorities-seize-spyware-firm-finfishers-accounts

− Risks of Using Russian Tech Analyzed by UK Cybersecurity Agency

NCSC-UK advice on government organisations in the UK using Russian origin technology

https://www.ncsc.gov.uk/blog-post/use-of-russian-technology-products-services-following-invasion-ukraine

− UK Spy Chief Warns Russia Looking for Cyber Targets

A U.K. intelligence chief warned that the Kremlin is hunting for cyber targets and bringing in mercenaries to shore up its stalled military campaign in Ukraine.

https://www.ncsc.gov.uk/news/director-gchq-speaks-asd-75th-anniversary

Vulnerabilities

− CISA adds 66 vulnerabilities to list of bugs exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of 'Known Exploited vulnerabilities.

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/25/cisa-adds-66-known-exploited-vulnerabilities-catalog

− Google: Russian phishing attacks target NATO, European military

The Google Threat Analysis Group (TAG) says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks. [...]

https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe/

−− FBI says Russian hackers scanning U.S. energy systems and pose ‘current’ threat

Russian hackers have been scanning the systems of energy companies and other critical infrastructure in the United States, and state-sponsored hacking by Russia presents a “current” threat to American national security, a FBI official told US lawmakers on Tuesday.

https://www.rferl.org/a/russia-state-sponsored-hacking-threat/31777282.html

− Critical alert – Spring4Shell RCE (CVE-2022-22965 in Spring)

On March 31, 2022, a serious zero-day vulnerability was discovered in the Spring framework core, which is an open-source framework for building enterprise Java applications.

https://www.acunetix.com/blog/web-security-zone/critical-alert-spring4shell-rce-cve-2022-22965-in-spring/

− Critical Vulnerability in Java Spring Framework (CVE-2022-22965, Spring4Shell)

Spring has published details of a critical vulnerability that currently exists - CVE-2022-22965 which impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The current exploit requires the application to run on Tomcat as a WAR deployment.

https://www.ncsc.gov.ie/pdfs/Spring_010422.pdf

− Targeting of Uninterruptible Power Supply Devices (UPS)

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an alert regarding the targeting of Uninterruptible Power Supply (UPS) devices by malicious actors. UPS devices offer emergency backup power in many organisations.

https://www.ncsc.gov.ie/pdfs/UPS_290322.pdf

− Remote Code Execution Vulnerability in Sophos Firewall CVE-2022-1040

An authentication bypass vulnerability, CVE-2022-1040, allowing remote code execution has been identified in the User Portal and Webadmin of Sophos Firewalls. The vulnerability has been patched and no action is required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. This is enabled as default.

https://www.ncsc.gov.ie/pdfs/Sophos_RCE_290322.pdf

--- TLP:WHITE ---