Latest News Articles

--- TLP:WHITE ---


− Chinese APT Hacks 48 Government Organizations

An advanced persistent threat (APT) actor likely operating on behalf of the Chinese government has compromised dozens of foreign government entities worldwide, Trend Micro reports. Referred to as Earth Krahang, the hacking group appears linked to Earth Lusca, which is believed to be a penetration team within the Chinese company iSoon.

− CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

− UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

− Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary post-compromise actions,"


− Multiple Vulnerabilities Discovered Within Ivanti Products

Ivanti, in partnership with third-party researchers, have discovered two critical vulnerabilities - CVE-2023- 46808 which affects Ivanti Neurons for ITSM and has a CVSS score of 9.9 and CVE-2023-41724 which affects Ivanti Standalone Sentry and has a CVSS score of 9.6

− Critical Vulnerabilities in Fortinet FortiOS (CVE-2024-21762, CVE-2024-23113)

Fortinet has disclosed two critical vulnerabilities affecting its FortiOS operating system

− Vulnerability in the PostgreSQL JDBC Driver - pgJDBC

PostgreSQL JDBC have released a fix to address a security issue in custom configurations.

− APT29 Uses WINELOADER to Target German Political Parties

In late February 2024, Mandiant identified APT29 — a Russian Federation backed threat group linked by multiple governments to Russia’s Foreign Intelligence Service (SVR) — conducting a phishing campaign targeting German political parties.

Community News

− NCSC-UK advice page: Defending democracy

This collection brings together expanded guidance to raise awareness of the cyber threats to democratic processes, institutions, and the people involved in them. The aim is to prevent or reduce related attacks against both organisations and individuals.

--- TLP:WHITE ---