Latest News Articles
--- TLP:WHITE ---
News
− Chinese APT Hacks 48 Government Organizations
An advanced persistent threat (APT) actor likely operating on behalf of the Chinese government has compromised dozens of foreign government entities worldwide, Trend Micro reports. Referred to as Earth Krahang, the hacking group appears linked to Earth Lusca, which is believed to be a penetration team within the Chinese company iSoon.
https://www.securityweek.com/chinese-apt-hacks-48-government-organizations/− CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
https://thehackernews.com/2024/03/cisa-alerts-on-active-exploitation-of.html− UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity
UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.
https://www.gov.uk/government/news/uk-holds-china-state-affiliated-organisations-and-individuals-responsible-for-malicious-cyber-activity− Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems
The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary post-compromise actions,"
https://blog.talosintelligence.com/tinyturla-full-kill-chain/Vulnerabilities
− Multiple Vulnerabilities Discovered Within Ivanti Products
Ivanti, in partnership with third-party researchers, have discovered two critical vulnerabilities - CVE-2023- 46808 which affects Ivanti Neurons for ITSM and has a CVSS score of 9.9 and CVE-2023-41724 which affects Ivanti Standalone Sentry and has a CVSS score of 9.6
https://www.ncsc.gov.ie/pdfs/2403200176_Ivanti_Multiple_CVEs.pdf− Critical Vulnerabilities in Fortinet FortiOS (CVE-2024-21762, CVE-2024-23113)
Fortinet has disclosed two critical vulnerabilities affecting its FortiOS operating system
https://www.ncsc.gov.ie/pdfs/240209_FortiOS_Critical_Vulnerabilities.pdf− Vulnerability in the PostgreSQL JDBC Driver - pgJDBC
PostgreSQL JDBC have released a fix to address a security issue in custom configurations.
https://www.ncsc.gov.ie/pdfs/2403220153_Vulnerability_in_PostgreSQL_JDBC_Driver.pdf− APT29 Uses WINELOADER to Target German Political Parties
In late February 2024, Mandiant identified APT29 — a Russian Federation backed threat group linked by multiple governments to Russia’s Foreign Intelligence Service (SVR) — conducting a phishing campaign targeting German political parties.
https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-partiesCommunity News
− NCSC-UK advice page: Defending democracy
This collection brings together expanded guidance to raise awareness of the cyber threats to democratic processes, institutions, and the people involved in them. The aim is to prevent or reduce related attacks against both organisations and individuals.
https://www.ncsc.gov.uk/collection/defending-democracy--- TLP:WHITE ---