In terms of policies and regulationsThis week, two domestic and foreign cybersecurity-related policies and regulations were observed, and four departments issued the "Notice on Conducting a National Data Resource Survey".
Vulnerability postureThis week, 20 vulnerabilities were monitored, and nearly 100,000 servers were affected by high-risk vulnerabilities in Microsoft Exchange.
In terms of security incidentsThis week, 16 major cybersecurity incidents were monitored, with a typical incident being the Cactus ransomware gang claiming to have stolen 15TB Schneider Electric data, a German manufacturer of critical infrastructure software, confirmed to be the victim of a ransomware attack.
M&A financing, Beijing Wangteng Technology Co., Ltd. completed a new round of strategic financing.
1.The four departments issued the "Notice on Carrying out a National Data Resources Survey".
On February 19, in order to implement the work deployment of the "Overall Layout Plan for the Construction of Digital China", find out the base number of data resources, accelerate the development and utilization of data resources, and better play the value of data elements, the National Data Bureau, the Office of the ** Network Security and Information Commission, the Ministry of Industry and Information Technology, and the Ministry of Public Security jointly carried out a national survey on data resources, investigated the production and storage, circulation and trading, development and utilization, and security of data resources in various units, and provided data support for relevant policy formulation and pilot demonstration.
Facts**:2.U.S.** Publishes Guidance for Protecting Water Systems
On February 21, the United States** released new guidance on actions to be taken by entities in the water and wastewater (WWS) sector, titled "Top Cyber Actions to Secure Water Systems," to improve their cyber resilience to cyberattacks. These resources can help WWS organizations assess and improve their security posture.
Facts**:3.Nearly 100,000 servers are affected by a high-risk vulnerability in Microsoft Exchange
On February 19, the nonprofit cybersecurity organization ShadowServer** warned that about 97,000 Microsoft Exchange servers are affected by CVE-2024-21410 (CVSS score of 9.).8) the impact. CVE-2024-21410, a privilege escalation flaw that can lead to a pass-the-hash attack, allows an attacker to relay a user's net-ntlmv2 hash against a vulnerable server and authenticate the user.
Facts**:4.Chrome 122 and Firefox 123 patch high-severity vulnerabilities
On February 20, Chrome 122 was released in the stable channel with 12 security flaws, including 8 reported by external researchers. Mozilla announced the release of Firefox 123, which contains patches for 12 vulnerabilities, including 4 high severity, 6 medium severity, and 2 low severity.
Facts**:5.ConnectWise confirms that the ScreenConnect vulnerability is being actively exploited
On February 21, ConnectWise said in an update announcement that hackers had begun exploiting vulnerabilities to take over corporate accounts less than 24 hours after releasing an emergency patch for a critical security flaw in its ScreenConnect remote desktop access product. Several security companies have released proofs of concept** to highlight the need for enterprises to upgrade their on-premises installations to ConnectWise ScreenConnect 239.8 of urgency.
Facts**:6.DrAOS reports an unprecedented spike in OT vulnerabilities
On February 20, new research data from industrial cybersecurity firm DragOS showed that OT (Operational Technology) vulnerabilities are accumulating at an unprecedented rate, similar to the rapid accumulation of unread emails in inboxes over the past year. In addition, the company independently assessed, corrected, and enhanced the details of 2,010 vulnerabilities affecting industrial systems in 2023.
Facts**:7.Hackers nearly hijacked an Israeli airliner in the air
On February 19, HackRead reported that EL AL confirmed that "hostile elements" were trying to take over the communications network of an EL AL plane flying from Phuket, Thailand, to Ben Gurion Airport. The airline said that due to the professionalism of the pilots, the attack did not affect the normal flight of the flight.
Facts**:8.The Cactus ransomware gang claims to steal 15TB Schneider Electric data
On Feb. 19, the Cactus ransomware gang claimed that they had stolen 15 terabytes of data. And 25MB of stolen data was also leaked on the dark web leak**, including snapshots of several US citizens' passports and non-disclosure agreement document scans.
Facts**:9.German critical infrastructure software manufacturer confirmed to be the victim of a ransomware attack
On February 20, PSI Software SE, a German developer of software for complex production and logistics processes, has confirmed that the cyber incident it disclosed earlier was a ransomware attack that affected its internal infrastructure. Currently, the company has not identified the exact vector of incursion.
Facts**:10.A number of universities in the UK have been hit by DDoS attacks
On February 19, the Cambridge University Clinical School Computing Service posted on its X (formerly Twitter) account that services at several universities in the UK had been affected by DDoS attacks, and said that there would be intermittent internet access. The Anonymous Sudanese hacking group claimed responsibility.
Facts**:11.A new volschemer attack can damage smartphones
On February 20, it was reported that the latest results of academic researchers at the University of Florida and Certik said that a new set of attacks called "volschemer" (volt schema) could manipulate a smartphone's voice assistant through a magnetic field-injected voice command issued by an off-the-shelf wireless charger. Volschemer can also be used to cause physical damage to mobile devices and heat items close to the charger to over 536 degrees Fahrenheit (280 degrees Celsius).
Facts**:12.North Korean hackers linked to defense sector ** chain attacks
On February 19, Germany's Federal Intelligence Agency (BFV) and South Korea's National Intelligence Service (NIS) said in a statement that North Korea** was conducting cyberespionage activities against defense sectors around the world. These attacks are designed to steal advanced military-technical information to help North Korea modernize its conventions and develop new military capabilities. The bulletin highlights two cases initiated by North Korean actors, one of which is the Lazarus group, to provide tactics, techniques, and procedures (TTP) used by the attackers.
Facts**:13.The U.S. healthcare tech giant suffers a cyberattack
On February 21, U.S. healthcare technology giant Change Healthcare suffered a cyberattack that caused widespread network disruptions. The incident was initially disclosed at 2:15 a.m. ET on Feb. 21, when the company announced that some of its applications were unavailable. Subsequently, in an updated announcement at 08:38, the company said that more than 100 applications have been listed as affected.
Facts**:14.A number of Ukrainians** have been attacked by Russian hackers
On February 20, Russian hackers attacked several well-known Ukrainian companies on February 19, publishing fake news related to the war, according to **. Among the targets of the hackers were Ukrainska Pravda, one of Ukraine's largest newspapers, and Liganet as well as news **apostrope and telegraf.
Facts**:15.Threat actors are quick to abuse the 'ssh-snake' worm-type tool
On February 22, cloud security firm Sysdig reported that about 100 organizations' SSH credentials were stolen by a recently released open-source penetration testing tool with worm-like capabilities. Called SSH-Snake and developed by Australian security researcher Joshua Rogers, the tool, released in January, enables automated network traversal using SSH keys obtained from local systems.
Facts**:16., Beijing Wangteng Technology Co., Ltd. completed a new round of strategic financing.
On February 20, Beijing Neteng Technology, an industrial Internet security company, announced that it had successfully completed a new round of strategic financing. This round of financing is jointly invested by Inspur Group and Aocheng**, with Jianxin Capital as the financial advisor.
Facts**: