Cybersecurity Help

Fortinet addressed a zero-day vulnerability in FortiSIEM. Vulnerability does not require authentication and is being used in limited attacks.

Vulnerable software versions
FortiSIEM: 5.4.0 - 7.3.1

www.cybersecurity-help.cz

https://www.cybersecurity-help.cz/blog/4190.html

A North Korea-linked threat actor known as Moonstone Sleet has been detected pushing malicious npm packages to the JavaScript package registry

North Korean hackers using npm for initial access Moonstone Sleet's attack chains typically involve distributing bogus ZIP archive files through LinkedIn or freelancing websites.

https://www.cybersecurity-help.cz/blog/4189.html

Singapore authorities have recovered over $40 million defrauded in a business email compromise (BEC) scam

Police recover over $40 million from international email scam The SPF sought assistance from authorities in Timor Leste via Interpol’s I-GRIP stop-payment mechanism.

https://www.cybersecurity-help.cz/blog/4188.html

South Korea's intelligence community has released joint cybersecurity advisory to warn about the increasing cyber threats posed by North Korean hacking groups

North Korean hackers target South Korea's construction and machinery sectors The attackers employed a combination of supply chain attacks and watering hole attacks.

https://www.cybersecurity-help.cz/blog/4187.html

A recent investigation has uncovered that software essential to the operation of Britain's nuclear submarines was developed by engineers based in Russia and Belarus

British nuclear submarine software reportedly developed by Russian and Belarusian engineers The software, intended to be created by British IT staff with appropriate security clearances, was instead partially outsourced to developers in Russia and Belarus.

https://www.cybersecurity-help.cz/blog/4186.html

A new cyber espionage campaign by the the China-linked state-sponsored threat actor tracked as APT41 has been observed targeting a Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

Chinese cyber spies target Taiwanese research institute with ShadowPad and Cobalt Strike APT41 developed a loader to inject a PoC for the CVE-2018-0824 directly into memory to achieve local privilege escalation.

https://www.cybersecurity-help.cz/blog/4185.html

The US and German authorities have seized the domain of online crypto wallet Cryptonator, an unlicensed money service business (MSB) that processed over $235 million in funds obtained through cybercrime

US, Gernamy seize Cryptonator domain, founder indicted Cryptonator was an unlicensed money service business (MSB) that processed over $235 million in illicit funds.

https://www.cybersecurity-help.cz/blog/4184.html

The China-linked threat actor StormBamboo, compromised an internet service provider (ISP) to push malicious software updates to target enterprises

StormBamboo APT compromises ISP to abuse insecure software update mechanisms The attacker was was altering DNS query responses for specific domains associated with automatic software update mechanisms.

https://www.cybersecurity-help.cz/blog/4182.html

In brief: ‘Sitting Ducks’ domain hijacking attack puts at risk over a million domains, the UK shuts down Russian Coms fraud platform, and more

Cyber Security Week in Review: August 2, 2024 In brief: ‘Sitting Ducks’ domain hijacking attack puts at risk over a million domains, the UK shuts down Russian Coms fraud platform, and more.

https://www.cybersecurity-help.cz/blog/4181.html

A Chinese nation-state threat actor has been observed leveraging the LODEINFO and NOOPDOOR malware families to steal sensitive information from Japanese organizations

China-linked Cuckoo Spear threat actor targets Japanese orgs Cuckoo Spear remained undetected within victim networks for an extended period, often between two and three years.