Latest News Articles



--- TLP:WHITE ---

News

− INTERPOL-led Operation Takes Down 'Black Axe' Cyber Crime Organization

The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cybercrime syndicate called Black Axe.

https://thehackernews.com/2022/10/interpol-led-operation-takes-down-black.html

− Defenders beware: A case for post-ransomware investigations

In this blog, we detail a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code. We will also discuss the various techniques used as well as the recommended detections and defence techniques that customers can use to increase protection against these types of attacks.

https://www.microsoft.com/en-us/security/blog/2022/10/18/defenders-beware-a-case-for-post-ransomware-investigations/

− Ransomware In Q3 2022

Ransomware activity decreased in the third quarter of 2022 (Q3 2022), as actors regrouped and refocused after a busy start to the year. Despite this, attacks on high-profile targets—as well as potentially politically motivated attacks—kept our eyes on ransomware this quarter. New tools and techniques emerged, while older tools resurfaced or were repurposed by ransomware groups.

https://www.digitalshadows.com/blog-and-research/ransomware-in-q3-2022/

Vulnerabilities

− Fortinet urges admins to patch bug with public exploit immediately

Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks.

https://www.bleepingcomputer.com/news/security/fortinet-urges-admins-to-patch-bug-with-public-exploit-immediately/

− Critical Vulnerabilities in FortiOS, FortiSwitchManager and FortiProxy

Fortinet has released a critical software update1 for FortiOS, FortiSwitchManager and FortiProxy, that addresses CVE-2022-40684, an authentication bypass on the administration interface. The security flaw could allow remote threat actors to perform operations on unpatched devices via specially crafted HTTP or HTTPS requests.

https://www.ncsc.gov.ie/pdfs/FortiOS_CVE-2022-40684.pdf

Community News

− White paper on the mental impact of ransomware on victims.

From its Computer ​​Emergency Response practice, Northwave has found that ransomware crises still have emotional impact long after the crisis has been resolved and the affected organisation has returned to normal. Employees at various levels of the organisation, from the boardroom to the workplace, can develop stress related symptoms because of everything they have gone through during the crisis. To gain more insight, Northwave has conducted research into the occurrence of psychological damage after a ransomware crisis and how organisations deal with it.

https://northwave-security.com/after-the-crisis-comes-the-blow/

--- TLP:WHITE ---