Information from Monday afternoon to Tuesday morning.
News/Intelligence/IOCs Stories
- CISA Adds Four Known Exploited Vulnerabilities to Catalog – LINK
- Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks – LINK
- Cyclops Blink Malware Targeting WatchGuard Firewalls – LINK
- Lapsus$ Threat Actor Demonstrates Access to Backend Okta Tooling – LINK
- Ransomware Will Grind You Down Without Proper Precautions, FBI Tells Local Governments – LINK
- Millions of Installations Potentially Vulnerable to Spring Framework Flaw – LINK
- VMware released updates to fix the Spring4Shell vulnerability in multiple products – LINK
- GitHub can now auto-block commits containing API keys, auth tokens – LINK
- Germany Shuts Down Russian Hydra DarkNet Market; Seize $25 Million in Bitcoin – LINK
- CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog – LINK
- Academics Devise Side-Channel Attack Targeting Multi-GPU Systems – LINK
- Singapore looks to drive maritime innovation, cybersecurity resilience – LINK
- Is API Security on Your Radar? – LINK
- Palestinian Lawyer Sues Pegasus Spyware Maker in France – LINK
- Researchers Trace Widespread Espionage Attacks Back to Chinese ‘Cicada’ Hackers – LINK
- US judge sentences men for $1.5 million Apple Gift Card scam – LINK
- CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability – LINK
- WhatsApp voice message phishing emails push info-stealing malware – LINK
- Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload – LINK
- CISA advises D-Link users to take vulnerable routers offline – LINK
- Spring4Shell – A Deep Understanding (CVE-2022–22965) – LINK
Regulation Related Stories
- State Department Announces Bureau of Cyberspace and Digital Policy – LINK
- (Australia) – More cops to start using national real-time criminal intelligence system – LINK
Russia/Ukraine War Related Stories
- CFC Response to Russia / Ukraine Tensions and Potential Cyber-Attacks in Retaliation to Western Sanctions – LINK
- Russians bypass website blocks to access Western news sources – LINK
- Ukraine spots Russian-linked ‘Armageddon’ phishing attacks – LINK
- New Analysis: The CaddyWiper Malware Attacking Ukraine – LINK
Vulnerability Related
- “Dirty Pipe” Linux Kernel Local Privilege Escalation (LPE) Vulnerability (CVE-2022-0847) – LINK
- Vulnerability Summary for the Week of March 28, 2022 – LINK
- Yokogawa Patches Flaws Allowing Disruption, Manipulation of Physical Processes – LINK
New Breach Related Stories
- Hackers breach MailChimp’s internal tools to target crypto customers – LINK
- Wind Turbine Giant Nordex Shuts Down IT Systems in Response to Cyberattack – LINK