Latest News Articles
--- TLP:WHITE ---
News
− Spain arrests three for using DDoSia hacktivist platform
The Spanish authorities have arrested three individuals for using DDoSia, a distributed denial of service platform operated by pro-Russian hacktivists, to conduct DDoS attacks against governments and organizations in NATO countries.
https://www.bleepingcomputer.com/news/security/spain-arrests-three-for-using-ddosia-hacktivist-platform/Russia’s Cyber Campaign Shifts to Ukraine’s Frontlines
With the main thrust of Russia's anticipated summer offensive underway, it is an opportune moment to take stock of the significant and underappreciated changes that have taken hold in Moscow’s approach to cyber operations in Ukraine.
https://www.rusi.org/explore-our-research/publications/commentary/russias-cyber-campaign-shifts-ukraines-frontlines− Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware
The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information
https://thehackernews.com/2024/07/ukrainian-institutions-targeted-using.html− New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure
Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January.
https://hub.dragos.com/hubfs/Reports/Dragos-FrostyGoop-ICS-Malware-Intel-Brief-0724_.pdfVulnerabilities
− Telegram Zero-Day Enabled Malware Delivery
The EvilVideo zero-day vulnerability in Telegram for Android allowed threat actors to send malicious files disguised as videos.
https://www.securityweek.com/telegram-zero-day-enabled-malware-delivery/− Critical Vulnerability exists in SolarWinds Serv-U
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
https://www.ncsc.gov.ie/pdfs/SolarWinds_Serv_U_Vulnerability.pdf− Critical Vulnerability exists in Cisco Smart Software Manager On-Prem
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
https://www.ncsc.gov.ie/pdfs/CiscoSmartSoftwareManager_Vuln.pdf− Critical Vulnerability exists in Cisco Secure Email
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.
https://www.ncsc.gov.ie/pdfs/CiscoSecureEmailGateway_Vuln.pdf− Critical Vulnerability exists in Adobe Commerce
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference (’XXE’) vulnerability that could result in arbitrary code execution.
https://www.ncsc.gov.ie/pdfs/CriticalVuln_Adobe_Commerce.pdf− CrowdStrike BSOD Loop Issue
The NCSC is aware of an issue with falcon agent which may cause issues when booting machines. Symptoms include hosts experiencing a bugcheck or bluescreen error related to Falcon Sensor.
https://www.ncsc.gov.ie/pdfs/CrowdStrike_BSOD_Loop_Issue.pdfCommunity News
− "If you have knowledge, let others light their candles in it."
Why sharing lessons learned from cyber security incidents and ‘near misses’ will help everyone to improve
https://www.ncsc.gov.uk/blog-post/let-others-light-candles--- TLP:WHITE ---