Month: October 2022

0 Comments
Representatives from Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) and the European Union Agency for Cybersecurity (ENISA) recently met to discuss strengthening cooperation and networking. The working meeting was held during the visit to ENISA HQ in Athens as a part of the Cybersecurity East Project. Viktor Zhora, SSSCIP deputy head, said after
0 Comments
Lloyd’s of London, the London-based insurance market heavily involved in implementing sanctions against Russia, may have been hit by a cyber-attack. On Wednesday, October 5, 2022, the British insurance market revealed it had detected “unusual activity” on its systems and has turned off all external connectivity “as a precautionary measure.” “We have informed market participants
0 Comments
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from “.*autodiscover.json.*Powershell.*” to “(?=.*autodiscover.json)(?=.*powershell).” The list of updated steps to
0 Comments
Chinese state–sponsored threat actors continue to exploit known vulnerabilities to target US and allied networks and companies, according to a new advisory published on October 06, 2022, by the US National Security Agency (NSA), Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI). Worse, they use “an increasing array of new and
0 Comments
A severe remote code execution vulnerability in Zimbra’s enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected installations.
0 Comments
A number of notable software supply chain cyber incidents have been linked to ‘LofyGang,’ an attack group that has been operating for over a year, according to a new analysis by Checkmarx. The researchers discovered around 200 malicious packages with thousands of installations linked to LofyGang. These included several classes of malicious payloads, general password
0 Comments
A view of the T2 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The past four months were the time of summer vacations for many of us in the northern hemisphere. It appears that some malware operators also took this time as an opportunity
0 Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) to improve asset visibility and vulnerability detection on federal networks. Named BOD 23–01 and becoming effective on April 03, 2023, the new directive requires federal civilian executive branch (FCEB) agencies to perform automated asset discovery every seven days.  “While many
0 Comments
A former US National Security Agency (NSA) employee has been arrested after trying to sell classified information to an undercover Federal Bureau of Investigation (FBI) agent posing as a foreign spy working for a foreign government. Federal prosecutors do not directly identify the government in question. Still, according to the FBI agent’s affidavit, Jareh Sebastian