BMT Announcement

Millions of Malicious ‘Imageless’ Containers Planted on Docker Hub Over 5 Years

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are imageless and have no [...]

By |2024-04-30T12:27:19-05:00April 30th, 2024|Categories: BMT Announcement|

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. "These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems," the Department [...]

By |2024-04-30T12:25:36-05:00April 30th, 2024|Categories: BMT Announcement|

China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with [...]

By |2024-04-29T14:22:05-05:00April 29th, 2024|Categories: BMT Announcement|

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to [...]

By |2024-04-29T14:20:30-05:00April 29th, 2024|Categories: BMT Announcement|

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") [...]

By |2024-04-29T11:50:37-05:00April 27th, 2024|Categories: BMT Announcement|

Will a Pen Test Lower Your Cyber Insurance Premium?

According to Fitch Ratings, cyber insurance is the fastest-growing segment of the U.S. property/casualty insurance market. However, claims and payouts have jumped along with that growth, giving insurers a reason to be more exacting in what they expect from policyholders. The growth and sophistication of the cyber landscape have changed [...]

Network Threats: A Step-by-Step Attack Demonstration

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day [...]

By |2024-04-26T09:23:26-05:00April 25th, 2024|Categories: BMT Announcement|

DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions

The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that end, Keonne Rodriguez, 35, [...]

By |2024-04-26T09:21:24-05:00April 25th, 2024|Categories: BMT Announcement|

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name [...]

By |2024-04-24T10:21:13-05:00April 23rd, 2024|Categories: BMT Announcement|
Go to Top