Latest News Articles



--- TLP:WHITE ---

News

− Cybersecurity: A global problem that requires a global answer

New and exacerbated cyber-risks following Russia’s invasion of Ukraine are fuelling a new urgency towards enhancing resilience.

https://www.welivesecurity.com/2022/05/27/cybersecurity-global-problem-requires-global-answer/

− Hackers steal WhatsApp accounts using call forwarding trick

Researchers reveal attack that allows attackers to hijack a victim's WhatsApp account and gain access to personal messages and contact list.

https://www.bleepingcomputer.com/news/security/hackers-steal-whatsapp-accounts-using-call-forwarding-trick/

− Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability

An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems.

https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

− Europol Announces Takedown of FluBot Mobile Spyware

Europol today announced the takedown of FluBot, a piece of mobile malware targeting both Android and iOS devices that has been fast-spreading via SMS messages.

https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones

Vulnerabilities

− ESET Threat Report T 1 2022

A view of the T 1 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

https://www.welivesecurity.com/2022/06/02/eset-threat-report-t12022/

− Attackers Exploiting MSProtocol URI scheme CVE-2022-30190

Japanese cyber security research team Nao_Sec observed on Virus Total a recently discovered exploitation of Microsofts’ Support Diagnostics Tool - "ms-msdt" to execute PowerShell code in Microsoft Office documents.

https://www.ncsc.gov.ie/pdfs/ms-msdt_Vulnerability.pdf

− Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.

https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

− Atlassian Confluence Servers Hacked via Zero-Day Vulnerability

Atlassian preparing patch for Confluence Server zero-day exploited by multiple threat groups.

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

− Confluence Server and Data Center - CVE-2022-26134

Volexity have published details related to a critical vulnerability in Atlassian’s Confluence Server and Data Center that is actively exploited by threat actors. The NCSC recommends that Atlassian’s advice and mitigation be assessed, and organisations should prepare to run their update process

https://www.ncsc.gov.ie/pdfs/Confluence-CVE-2022-26134.pdf

--- TLP:WHITE ---