Latest News Articles
--- TLP:CLEAR ---
News
− DJI loosens flight restrictions, decides to trust operators to follow FAA rules
Right after one of its drones crashed into an aircraft fighting California wildfires? Great timing Drone maker DJI has decided to scale back its geofencing restrictions, meaning its software won't automatically stop operators from flying into areas flagged as no-fly zones.
https://viewpoints.dji.com/blog/geo-system-update− CISA shares guidance for Microsoft expanded logging capabilities
CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations.
https://www.cisa.gov/sites/default/files/2025-01/microsoft-expanded-cloud-logs-implementation-playbook-508c.pdf− Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts
In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.
https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/− State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone
The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats
https://www.welivesecurity.com/en/business-security/state-aligned-apt-groups-increasingly-deploying-ransomware/Vulnerabilities
− CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests.
https://thehackernews.com/2025/01/cert-ua-warns-of-cyber-scams-using-fake.html− NCSC Advisory- Critical Vulnerability in Fortinet affecting FortiOS and FortiProxy
An authentication bypass using an alternate path or channel vulnerability affecting FortiOS and FortiProxy allows a remote attacker to gain super-admin privileges. Please note that reports show this is being exploited in the wild.
https://www.ncsc.gov.ie/pdfs/2501140211_Critical_vuln_Fortinet_Products.pdf--- TLP:CLEAR ---