FISA Page

 FISA ACADEMY 

Page

Comments

Post a Comment

Popular posts from this blog

CISA and ENISA enhance their Cooperation

Image
  The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) of the US, in the areas of capacity-building, best practices exchange and boosting situational awareness. Geopolitics have shaped the cyber threat landscape, bringing like-minded partners closer together in the wake of common cyber challenges and advances in digital technologies. Today at the EU-US Cyber Dialogue, ENISA and CISA announced the signing of their Working Arrangement as an important milestone in the overall cooperation between the United States and the European Union in the field of cybersecurity, also following the Joint Statement of European Commissioner Thierry Breton and U.S. Secretary for Homeland Security Alejandro Mayorkas of January 2023. ENISA’s International Strategy directs the Agency to be selective in engaging with international partners and to limit its overall approach in international cooperation to those...
Read more

Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

Image
  Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations. These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the intrusion set to a threat actor known as Winter Vivern, which is also known as TA473 and UAC0114. The cybersecurity firm is  tracking  the hacking outfit under the moniker Threat Activity Group 70 (TAG-70). Winter Vivern's exploitation of security flaws in Roundcube and software was previously highlighted by ESET in October 2023, joining other Russia-linked threat actor groups such as APT28, APT29, and Sandworm that are known to target email software. The adversary, which has been active since at least December 2020, has also been linked to the abuse of a now-patched vulnerability in Zimbr...
Read more

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

Image
  Attackers are once again abusing  Google Ads  to target people with info-stealing malware, this time using an ad-tracking feature to lure corporate users with fake ads for popular collaborative groupware such as Slack and Notion. Researchers from AhnLab Security Intelligence Center (ASEC) discovered  a malicious campaign  that uses a statistical feature to embed URLs that distribute malware, including the Rhadamanthys stealer, they revealed in a blog post published this week. The feature lets advertisers insert external analytic website addresses into ads to collect and use their visitors' access-related data to calculate ad traffic. However, instead of inserting a URL for an external statistics site, attackers are abusing the feature to enter sites for  distributing malicious code , the researchers found. Ads related to the campaign have already been deleted. But when they were still active, "clicking on the banner would take unsuspecting users to the ad...
Read more