Latest News Articles
--- TLP:WHITE ---
News
− Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland
The fourth day of Pwn2Own Ireland 2024 marked the end of the hacking competition with more than $1 million in prizes for over 70 unique zero-day vulnerabilities in fully patched devices.
https://www.bleepingcomputer.com/news/security/over-70-zero-day-flaws-get-hackers-1-million-at-pwn2own-ireland/− Four REvil Ransomware Group Members Sentenced to Prison in Russia
Four members of the REvil ransomware group, arrested in 2022, were last week sentenced to prison by a Russian court.
https://www.securityweek.com/four-revil-ransomware-group-members-sentenced-to-prison-in-russia/− Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives
In September 2024, Google Threat Intelligence Group (consisting of Google’s Threat Analysis Group (TAG) and Mandiant) discovered UNC5812, a suspected Russian hybrid espionage and influence operation, delivering Windows and Android malware using a Telegram persona named 'Civil Defense'.
https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/Vulnerabilities
− Canada Says Chinese Reconnaissance Scans Targeting Government Organizations
Canada says multiple government and critical infrastructure organizations have been targeted in Chinese reconnaissance scans.
https://www.cyber.gc.ca/en/news-events/statement-peoples-republic-china-reconnaissance-canadian-systems− Mandiant says new Fortinet flaw has been exploited since June
A new Fortinet FortiManager flaw dubbed "FortiJump" and tracked as CVE-2024-47575 has been exploited since June 2024 in zero-day attacks on over 50 servers, according to a new report by Mandiant.
https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575?e=48754805NCSC Advisory- Critical Vulnerability in Fortinet FortiManager
Fortinet is disclosing a critical vulnerability in FortiManager. Reports have shown this vulnerability to be exploited in the wild.
https://www.ncsc.gov.ie/pdfs/2410170128_Critical_Vuln_Fortinet_FortiManager.pdfCommunity News
− U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing
The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies.
https://www.whitehouse.gov/oncd/briefing-room/2024/10/22/doubling-down-on-trusted-partnerships-our-commitment-to-researchers/--- TLP:WHITE ---