March 2022 Archives

Spring4Shell Zero-Day RCE Affects VMWare’s Java Application Framework

A zero-day RCE vulnerability (CVE-2022-22965) affecting VMWare's Spring Java Framework has had PoC exploit code prematurely released.

March 31, 2022 23:27 GMT

Critical Remote Code Execution Vulnerability Found in Sophos Firewall Products

A critical Remote Code Execution vulnerability with CVSS score of 9.8 has been patched in the Sophos Firewall platform.

March 29, 2022 22:22 GMT

Okta Investigating Reported Breach of Customer Data by Threat Group LAPSUS$ – UPDATED

UPDATES ADDED — IAM service provider Okta is investigating a claim by the LAPSUS$ group that they have breached the company's administrative portal and are targeting Okta customer data.

March 22, 2022 18:25 GMT

Russian State-Sponsored Cyber Actors Exploit Unpatched Vulnerabilities and Poor Deprovisioning Hygiene

Russian state-sponsored threat actors are taking advantage of bad MFA configuration and poor AD hygiene to chain an exploit of last year's critical PrintNightmare vulnerability.

March 16, 2022 16:30 GMT

Guide To Better Security Logging

Novacoast senior engineer Dan Elder makes a case for better, more thorough log management practices for effective and efficient security data handling.

March 14, 2022 15:22 GMT

Pillr Catches Russian Actors Utilizing Google Ad Delivery Network to Establish Browser Connections

MARCH 10, 2022 1:48 GMT New research shows Russian IP addresses using the Google ad delivery network as…

March 9, 2022 21:50 GMT

Cyber Threats Associated with Russia’s Invasion of Ukraine (updated)

This advisory is a rundown of known cyber threats and groups associated with Russia's invasion of Ukraine.

March 4, 2022 17:29 GMT

Hand-Picked Top-Read Stories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

What Happened To The Internet Archive?

Trending Tags

Month: March 2022

Spring4Shell Zero-Day RCE Affects VMWare’s Java Application Framework

Critical Remote Code Execution Vulnerability Found in Sophos Firewall Products

Okta Investigating Reported Breach of Customer Data by Threat Group LAPSUS$ – UPDATED

Russian State-Sponsored Cyber Actors Exploit Unpatched Vulnerabilities and Poor Deprovisioning Hygiene

Guide To Better Security Logging

Pillr Catches Russian Actors Utilizing Google Ad Delivery Network to Establish Browser Connections

Cyber Threats Associated with Russia’s Invasion of Ukraine (updated)

Threat Advisories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Weekly Top 10: 11.11.2024: Veeam Backup Exploit Used by Frag Ransomware; North Korean Hackers Use macOS Malware to Steal Crypto; Palo Alto PAN-OS May be Vulnerable to RCE, and More.

Weekly Top 10: 11.04.2024: Android Malware ‘FakeCall’ Hijacks Outgoing Calls; PTZ Cameras Being Targeted Using Two Zero-Days; Hacker Group TeamTNT Targets Docker Environments, and More.

Weekly Top 10: 10.28.2024: Severe Flaws in E2EE Cloud Storage Platforms Used by Millions; ClickFix Tactic: The Phantom Meet; Firm Hacked After Accidentally Hiring North Korean Cyber Criminal, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware