Month: March 2022
Spring4Shell Zero-Day RCE Affects VMWare’s Java Application Framework
A zero-day RCE vulnerability (CVE-2022-22965) affecting VMWare's Spring Java Framework has had PoC exploit code prematurely released.
March 31, 2022 23:27 GMT
Critical Remote Code Execution Vulnerability Found in Sophos Firewall Products
A critical Remote Code Execution vulnerability with CVSS score of 9.8 has been patched in the Sophos Firewall platform.
March 29, 2022 22:22 GMT
Okta Investigating Reported Breach of Customer Data by Threat Group LAPSUS$ – UPDATED
UPDATES ADDED — IAM service provider Okta is investigating a claim by the LAPSUS$ group that they have breached the company's administrative portal and are targeting Okta customer data.
March 22, 2022 18:25 GMT
Russian State-Sponsored Cyber Actors Exploit Unpatched Vulnerabilities and Poor Deprovisioning Hygiene
Russian state-sponsored threat actors are taking advantage of bad MFA configuration and poor AD hygiene to chain an exploit of last year's critical PrintNightmare vulnerability.
March 16, 2022 16:30 GMT
Guide To Better Security Logging
Novacoast senior engineer Dan Elder makes a case for better, more thorough log management practices for effective and efficient security data handling.
March 14, 2022 15:22 GMT
Pillr Catches Russian Actors Utilizing Google Ad Delivery Network to Establish Browser Connections
MARCH 10, 2022 1:48 GMT New research shows Russian IP addresses using the Google ad delivery network as…
March 9, 2022 21:50 GMT
Cyber Threats Associated with Russia’s Invasion of Ukraine (updated)
This advisory is a rundown of known cyber threats and groups associated with Russia's invasion of Ukraine.
March 4, 2022 17:29 GMT