Latest News Articles
--- TLP:WHITE ---
News
− A year of Russian hybrid warfare in Ukraine
We share this information to prepare our customers and the global community for the spillover risk posed by recent targeting and make recommendations for hardening digital defenses. Microsoft is proud to have supported Ukraine’s digital defense since the start of the Russian invasion and the company’s entire threat intelligence community remains committed to detecting, assessing and protecting against Russian cyberattacks and online provocations as the conflict enters its second year.
https://blogs.microsoft.com/on-the-issues/2023/03/15/russia-ukraine-cyberwarfare-threat-intelligence-center/− Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks
An advanced persistent threat group with links to Russia known as APT29 has been observed leveraging legitimate information systems used by European countries to conduct cyber espionage abuse.
https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine− BBC to staff: Uninstall TikTok from our corporate kit unless you can 'justify' having it
Those with sensitive BBC information told to contact BBC's security team. The BBC has told staff they shouldn't keep the TikTok app on a BBC corporate device unless there is a "justified business reason."
https://www.theregister.com/2023/03/20/british_broadcasting_corporation_softbans_tiktok/Vulnerabilities
− Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips
Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html− Fortinet zero-day attacks linked to suspected Chinese hackers
A suspected Chinese hacking group has been linked to a series of attacks on government organizations exploiting a Fortinet zero-day vulnerability (CVE-2022-41328) to deploy malware.
https://www.mandiant.com/resources/blog/fortinet-malware-ecosystemCommunity News
− ENISA Tool library.
ENISA, The European Union Agency for Cybersecurity provide tooling for Cyber security and cyber security policy
https://www.enisa.europa.eu/tools--- TLP:WHITE ---