Latest News Articles



--- TLP:WHITE ---

News

− Russian hackers start targeting Ukraine with Follina exploits

Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190.

https://www.bleepingcomputer.com/news/security/russian-hackers-start-targeting-ukraine-with-follina-exploits/

− Telegram rolls out group monitoring in Brazil ahead of elections

The new feature is meant to tackle disinformation and could be extended to countries facing threats to democracy.

https://www.zdnet.com/article/telegram-introduces-group-monitoring-in-brazil-ahead-of-elections/

Vulnerabilities

− Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks

Chinese advanced persistent threat (APT) known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull, the "difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol (ICMP) for command-and-control (C2) communications.

https://thehackernews.com/2022/06/chinese-gallium-hackers-using-new.html

− ICS Patch Tuesday: Siemens, Schneider Electric Address Over 80 Vulnerabilities

Siemens and Schneider Electric have released their Patch Tuesday advisories for June 2022. The industrial giants have addressed a total of more than 80 vulnerabilities affecting their products.

https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-over-80-vulnerabilities

− Vulnerabilities in Splunk Enterprise deployment servers (CVE-2022-32157) (CVE-2022-32158)

Splunk have published details related to vulnerabilities in Splunk Enterprise deployment servers.

https://www.ncsc.gov.ie/pdfs/splunk_enterprise_June22.pdf

− Attackers Exploiting MSProtocol URI scheme (Follina) UPDATE 2

Microsoft release patch for Follina vulnerability. Attackers have been observed using this method in the wild and the NCSC expects to see continued exploitation of this vulnerability by threat actors against unpatched systems

https://www.ncsc.gov.ie/pdfs/ms-msdt_Vulnerability.pdf

--- TLP:WHITE ---