Latest News Articles
--- TLP:WHITE ---
News
− Chinese Tag Team APTs Keep Stealing Asian Gov’t Secrets
A cluster of Chinese threat groups known as “Crimson Palace” is carrying out attacks on Asian governments and their secrets. The threat clusters are based out of the People’s Republic of China and have compromised at least a dozen targets. One of these targets was a Southeast Asian government organization.
https://www.sophos.com/en-us/press/press-releases/2024/09/operation-crimson-palace-chinese-state-sponsored-espionage-expands-0− Teen arrest in ongoing London Transport cyberattack, customer data now confirmed accessed
UK Police have arrested a teenager in connection with the Transport for London cyberattack. UK police announced they have made an arrest in connection with the Transport for London cyberattack.
https://cybernews.com/cybercrime/teen-arrest-london-transport-cyberattack-customer-data-accessed/− U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation
The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator.
https://home.treasury.gov/news/press-releases/jy2581− Hundreds of Pagers Exploded in Lebanon and Syria in a Deadly Attack.
Between 3 to 5 grams of a highly explosive material were concealed inside pagers prior to their delivery to Hezbollah, and then remotely triggered simultaneously.
https://www.securityweek.com/hundreds-of-pagers-exploded-in-lebanon-and-syria-in-a-deadly-attack-heres-what-we-know/− Despite Russia warnings, Western critical infrastructure remains unprepared
As Russian special forces push more overtly into online operations, network defenders should be on the hunt for digital intruders looking to carry out cyberattacks that end in physical destruction and harm.
https://www.theregister.com/2024/09/18/russia_west_critical_infrastructure/Vulnerabilities
− D-Link Patches Critical Router Vulnerabilities
The web service of specific models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated, remote attackers to exploit this vulnerability to execute arbitrary code on the device.
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10412− Multiple Critical Vulnerabilities in Ivanti EPM
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
https://www.ncsc.gov.ie/pdfs/2409120152_Multiple_Vulnerabilities_Ivanti.pdf− Critical Vulnerabilities in Red Hat OpenShift Container Platform 4
An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node.
https://www.ncsc.gov.ie/pdfs/2409170130_RedHat_OpenShift_Vuln.pdfdecc
Community News
− Cyber Ireland National Conference
The Cyber Ireland National Conference (CINC), is Cyber Ireland’s annual flagship cyber security event bringing together and building our cyber security community with leaders and professionals across industry, academia and government.
https://cyberireland.ie/ci-event/cyber-ireland-national-conference/--- TLP:WHITE ---