Latest News Articles
--- TLP:WHITE ---
News
− Blackbaud has to cough up a few million dollars more over 2020 ransomware attack
Months after escaping without a fine from the US Federal Trade Commission (FTC), the luck of cloud software company Blackbaud ran out when it came to reaching a settlement with California's attorney general.
https://oag.ca.gov/news/press-releases/attorney-general-bonta-secures-675-million-settlement-against-blackbaud-over− China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence
This threat actor, which Sygnia tracks as Velvet Ant, had infiltrated the organization’s network at least two years prior to the investigation, and had succeeded in gaining a strong foothold, and intimate knowledge of the network.
https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/Vulnerabilities
− China's FortiGate attacks more extensive than first thought
Dutch intelligence says at least 20,000 firewalls pwned in just a few months The Netherlands' cybersecurity agency (NCSC) says the previously reported attack on the country's Ministry of Defense (MoD) was far more extensive than previously thought.
https://industrialcyber.co/reports/dutch-report-exposes-expanded-coathanger-campaign-as-cyber-espionage-campaign-targets-edge-devices/− New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models
The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine learning (ML) models to corrupt the model itself
https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/− Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT
Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.
https://www.securityweek.com/prevalence-and-impact-of-password-exposure-vulnerabilities-in-ics-ot/Community News
− ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024
The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023
https://www.welivesecurity.com/en/podcasts/eset-research-podcast-apt-activity-report-q4-2023-q1-2024/− NCSC Conference 2024
The National Cyber Security Centre (NCSC) is hosting its first national conference to promote cybersecurity awareness, facilitate stakeholder engagement, and share industry insights. The Conference is the premier cybersecurity event of the Irish public sector. It gathers over 280 cybersecurity leaders and professionals for a day of networking, sharing knowledge, and collaborative efforts on 25th June in Dublin Castle.
https://www.ncsc-conference.ie/conference--- TLP:WHITE ---