Latest News Articles



--- TLP:WHITE ---

News

− Ransomware gang now lets you search their stolen data

Two ransomware gangs and a data extortion group have adopted a new strategy to force victim companies to pay threat actors to not leak stolen data.

https://www.bleepingcomputer.com/news/security/ransomware-gang-now-lets-you-search-their-stolen-data/

− UK Warns Lawyers Not to Advise Ransomware Payments

The NCSC and the ICO have warned UK lawyers not to advise clients to pay a ransom to cybercriminals In a letter addressed to UK lawyers dated July 7, 2022, the UK’s National Cyber Security Center (NCSC) and the Information Commissioner’s Office (ICO), have reiterated – with teeth – the official stance on not paying a ransom.

https://www.ncsc.gov.uk/files/Joint-ICO-and-NCSC-letter-to-The-Law-Society-and-The-Bar-Council.pdf

− State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns

Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021.

ttps://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists

− From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA).

https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/

− NCSC-IE guidance document: Securing Operational Technology

Protecting OT systems from malicious cyber activity is crucial to ensuring the safe and reliable delivery of these services.

https://www.ncsc.gov.ie/pdfs/Securing_Operational_Technology.pdf

Vulnerabilities

− CISA orders agencies to patch new Windows zero-day used in attacks

CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild.

https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-new-windows-zero-day-used-in-attacks/

− NCSC Alert: Compromised WordPress Websites Distributing SolarMarker Malware

The NCSC has observed a number of WordPress websites which appear to be compromised. These compromises match the Tactics, Techniques and Procedures used in order to distribute SolarMarker malware

https://www.ncsc.gov.ie/pdfs/SolarMarker-WordPress-Compromise.pdf

Community News

− What to do in case of a ransomware incident - instructions for management

The goal of these instructions is to offer guidance for the top management of organisations on what to do in case of a ransomware incident.

https://www.kyberturvallisuuskeskus.fi/en/publications/what-do-case-ransomware-incident-instructions-management

− IRISSCERT Annual Cybercrime Conference 2022

IRISSCERT holds an annual conference themed on cyber crime in November. This is an all day conference which focuses on providing attendees with an overview of the current cyber threats facing businesses in Ireland and what they can do to help deal with those threats.

https://www.eventbrite.ie/e/irisscert-annual-cybercrime-conference-2022-tickets-383323269217

--- TLP:WHITE ---