Latest News Articles



--- TLP:WHITE ---

News

− Germany's Green Party Says Email System Hit by Cyberattack

The German Green party, which is part of the country’s governing coalition, says its IT system was hit by a cyberattack last month that affected email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck.

https://www.securityweek.com/germanys-green-party-says-email-system-hit-cyberattack

− Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies

Today Microsoft published a new intelligence report, Defending Ukraine: Early Lessons from the Cyber War. This report represents research conducted by Microsoft’s threat intelligence and data science teams with the goal of sharpening our understanding of the threat landscape in the ongoing war in Ukraine. The report also offers a series of lessons and conclusions resulting from the data gathered and analyzed.

https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/

− Chinese hackers use ransomware as decoy for cyber espionage

Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities.

https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader

− Changing Criminal Tactics in Response to Microsoft’s Blocking of Internet Macros

Changes in how office documents handle macros are causing changes in how criminals spread their malware.

https://www.ncsc.gov.ie/pdfs/20220620-TTP-Advisory.pdf

Vulnerabilities

− Researchers raise alarm on critical flaws in industrial equipment, infrastructure

Nearly 60 holes found affecting 'more than 30,000' machines worldwide Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to the US government's CISA and private security researchers.

https://www.forescout.com/resources/ot-icefall-report/

− US Agencies Warn Organizations of Log4Shell Attacks Against VMware Products

The United States Cybersecurity and Infrastructure Security Agency (CISA) and the Coast Guard Cyber Command (CGCYBER) have issued a joint advisory to warn organizations that threat actors continue to exploit the Log4Shell vulnerability in VMware Horizon and Unified Access Gateway (UAG) servers.

https://www.cisa.gov/uscert/ncas/alerts/aa22-174a

− US, UK, New Zealand Issue PowerShell Security Guidance

The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Cyber Security Centres in New Zealand (NZ NCSC) and the United Kingdom (NCSC-UK) have issued joint guidance on the proper configuration and monitoring of PowerShell to eliminate the risk of abuse.

https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF

Community News

Cyber Women Ireland host the Diver{Se}curity Toolkit:

The Diver{Se}curity Toolkit was born from many recurring discussions around the talent pool of Cyber Security professionals in Ireland and the ongoing discussions and debate in relation to our industries ability to attract, promote and retain people.

https://www.cyberwomenireland.com/what-is-the-diversecurity-toolkit-1

--- TLP:WHITE ---