Billbug Targets Government Agencies in Multiple Asian Countries
According to Symantec, the targeting of a certificate authority was notable
Cyber News, Cyber Threat Trends
- November 15, 2022
Log4Shell-like code execution hole in popular Backstage dev tool
Researchers at cloud coding security company Oxeye have written up a critical bug that they recently discovered in the popular cloud development toolkit Backstage. Their report includes an explanation of how the bug works, plus proof-of-concept (PoC) code showing how to exploit it. Backstage is what’s known as a cloud developer portal – a sort […]
Cyber News, Cyber Threat TrendsHealthcare sector warned of Venus ransomware attacks
Healthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus. Read more in my article on the Tripwire State of Security blog.
Cyber News, Cyber Threat Trends
- November 15, 2022
Critical RCE Flaw Reported in Spotify’s Backstage Software Catalog and Developer Platform
Spotify’s Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library (CVE-2022-36067 aka Sandbreak), […]
Cyber News, Cyber Threat TrendsLazarus Backdoor DTrack Evolves to Target Europe and Latin America
DTrack has not changed substantially, but Lazarus made some “interesting” modifications
Cyber News, Cyber Threat Trends
- November 15, 2022
Stop Writing Paper Policies
ACM.112 A look at how effective your PDF and Word cybersecurity policy documents are in a cloud environment — and how to fix it This is a continuation of my series on Automating Cybersecurity Metrics. OK I’m being a little dramatic. We are not going to do away with all forms of traditional documentation, but please consider the […]
Cyber News, Cyber Threat TrendsRemote Code Execution Discovered in Spotify’s Backstage
Spotify ranked the vulnerability as critical, with a CVSS score of 9.8
Cyber News, Cyber Threat Trends
- November 15, 2022
Top Zeus Botnet Suspect “Tank” Arrested in Geneva
Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources. Wanted Ukrainian cybercrime suspect Vyacheslav “Tank” Penchukov (right) was arrested in Geneva, Switzerland. Tank was […]
Cyber News, Cyber Threat Trends
- November 15, 2022
Meta’s new kill chain model tackles online threats
In April 2014, Lockheed Martin revolutionized the cyber defense business by publishing a seminal white paper Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. This document sparked a new wave of thinking about digital adversaries, specifically, nation-state advanced persistent threat groups (APTs). The authors of the paper argued that […]
Cyber News, Cyber Threat Trends