Good day folks! I’m prepping for my holiday shutdown here at Cisco, but before I do, I have a threat update including some interesting developments on vulnerability hoarding that would make the Grinch cringe. But first:
Continue readingCategory: Threat Updates (Page 4 of 5)
Good morning folks! I have some updates on the threat side of things that we all should be aware of:
In our first update, Russian SVR-backed pests known as APT29, CozyBear, NOBELIUM or the MS name of “Midnight Blizzard” are following the lead of North Korean adversaries. They’re exploiting a really bad JetBrains TeamCity vuln (CVE-2023-42793/9.8 CVSS) to manipulate source code, sign certs, and push updates. TeamCity is a CI/CD tool that helps run DevOps, sort of like Travis CI, Jenkins, CircleCI, and more. So it has the potential to be like SolarWinds issues a couple of years ago. Now appears they have patiently used it to get into more of the supply chain and gain as-of-yet dormant footholds. They are even using Dropbox to help mask their C2 – Yikes!
Continue readingGood morning folks! I have a lot of updates on the threat side of things, some talk of elections & AI, and more that we all should be aware of:
Cisco’s Talos just released an awesome 2023 Year In Review that helps break down the trends and strains that kept them up late at night changed the threat landscape. Of note?
Continue readingGood morning folks! I know I slacked off last week, but I finally have some updates on the threat side of things that we all should be aware of:
Continue readingGood morning folks! I have some updates on the threat side of things that I think are interesting and might help in conversations with your friends and colleagues.
Continue reading