Latest News Articles



--- TLP:WHITE ---

News

− Newly found Android malware records audio, tracks your location

A previously unknown Android malware uses the same shared-hosting infrastructure previously seen used by the Russian APT group known as Turla, though attribution to the hacking group is weak at best.

https://www.bleepingcomputer.com/news/security/newly-found-android-malware-records-audio-tracks-your-location/

− Wind Turbine Giant Nordex Shuts Down IT Systems in Response to Cyberattack

Nordex Group, one of the world’s largest manufacturers of wind turbines, fell victim to a cyberattack that forced it to take down multiple systems. The Hamburg, Germany-based company announced over the weekend that it detected the intrusion on Thursday, March 31, and that it immediately deployed measures “in line with crisis management protocols.” r

https://www.securityweek.com/wind-turbine-giant-nordex-shuts-down-it-systems-response-cyberattack

− Assessing Threats to European Industrial Infrastructure

Europe’s Industrial Infrastructure cyber landscape faces distinctive threats. Dragos assesses with high confidence that the biggest cybersecurity weaknesses European asset owners currently face are a lack of asset visibility into their network and weak network authentication policies. Additionally, increasing regional tensions are likely to result in industrial operations impact from criminal and other adversaries.

https://www.dragos.com/blog/industry-news/assessing-threats-to-european-industrial-infrastructure/

Vulnerabilities

− CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation."

https://thehackernews.com/2022/04/cisa-warns-of-active-exploitation-of.html

− NCSC Advisory on Critical Vulnerability in Java Spring Framework (CVE-2022-22965, Spring4Shell)

Spring has published details of a critical vulnerability which impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The current exploit requires the application to run on Tomcat as a WAR deployment.

https://www.ncsc.gov.ie/pdfs/Spring_010422.pdf

− Modem-wiping malware was behind Viasat cyberattack

SentinalLabs researchers Juan Andres Guerrero-Saade and Max van Amerongen have detailed their discovery of a new destructive malware variant they call "AcidRain" — a Linux file format (ELF) binary designed to wipe modems and routers — that they contend knocked out thousands of Vista's KA-SAT routers on February 24.

https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/

Community News

− Public Jobs: Cyber Security Responder in the National Cyber Security Centre

The NCSC wishes to recruit a number of Cyber Security Responders to fill critical roles within the National Cyber Security Centre. Reporting to Cyber Security Specialists, Cyber Security Responders will play a key role in a cross-Departmental, cross agency team of network and information security experts.

https://www.publicjobs.ie/en/index.php?option=com_jobsearch&view=jobdetails&Itemid=263&cid=154257&campaignId=22140807

− What is Neurodiversity? Understanding Neurodiversity and it's Prominence in Cybersecurity

In 1970, April was designated Autism Awareness Month and in recent years has been expanded to be known as Neurodiversity Awareness Month. (ISC)² is excited to celebrate all the different ways our brains navigate the world in which we live and work. But what does “Neurodiversity” mean? There are three aspects that we must first define: Neurodiversity refers to the fact that people experience and interact with the world differently from each other.

https://blog.isc2.org/isc2_blog/2022/04/what-is-neurodiversity.html

Putin’s Invasion of Ukraine Will Accelerate Climate, Energy, and Deep Technologies — Part 1: Overview

By invading Ukraine, Vladimir Putin is accelerating the deployment of the very technologies that the world needs to wean itself off of fossil fuels and address the challenge of climate change.

https://medium.com/prime-movers-lab/putins-invasion-of-ukraine-will-accelerate-climate-energy-and-deep-technologies-part-1-3567a623bc84

--- TLP:WHITE ---