Amateur Security Archaeologists, trying not to break things.

Category: Threat Updates (Page 4 of 5)

What’s causing Mike’s Indigestion now? I’ll be Pwn for the Christmas! (22 Dec 2023)

Good day folks! I’m prepping for my holiday shutdown here at Cisco, but before I do, I have a threat update including some interesting developments on vulnerability hoarding that would make the Grinch cringe. But first:

Continue reading

What’s causing Mike’s Indigestion now? Cozy Bear Blizzards! (15 Dec 2023)

Good morning folks! I have some updates on the threat side of things that we all should be aware of:

In our first update, Russian SVR-backed pests known as APT29, CozyBear, NOBELIUM or the MS name of “Midnight Blizzard” are following the lead of North Korean adversaries. They’re exploiting a really bad JetBrains TeamCity vuln (CVE-2023-42793/9.8 CVSS) to manipulate source code, sign certs, and push updates. TeamCity is a CI/CD tool that helps run DevOps, sort of like Travis CI, Jenkins, CircleCI, and more. So it has the potential to be like SolarWinds issues a couple of years ago. Now appears they have patiently used it to get into more of the supply chain and gain as-of-yet dormant footholds. They are even using Dropbox to help mask their C2 – Yikes!

Continue reading

What’s causing Mike’s Indigestion now? AI & Elections! (8 Dec 2023)

Good morning folks! I have a lot of updates on the threat side of things, some talk of elections & AI, and more that we all should be aware of:

Cisco’s Talos just released an awesome 2023 Year In Review that helps break down the trends and strains that kept them up late at night changed the threat landscape. Of note?

Continue reading

What’s causing Mike’s Indigestion now? Diabetic Ghosts! (1 Dec 2023)

Good morning folks! I know I slacked off last week, but I finally have some updates on the threat side of things that we all should be aware of:

Continue reading
« Older posts Newer posts »
Verified by MonsterInsights