BMT Announcement

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. "Such exploitation could result in theft of emails from Gmail, data exfiltration [...]

By |2023-11-28T15:20:15-05:00November 28th, 2023|Categories: BMT Announcement|

Google to Start Deleting Inactive Accounts This Week

Act now if you want to keep your old Google accounts. Starting this week (12/1),  Google will start deleting inactive Google accounts, it said, and all their contents, including Gmail messages, Photos, Calendar appointments, Contacts records, YouTube videos and Drive documents. If an account hasn't been used or signed [...]

By |2023-11-27T12:43:47-05:00November 27th, 2023|Categories: BMT Announcement, News|Tags: , , , , , |

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files.A brief description of the vulnerabilities is as follows -Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from 0.2.0 to 0.3.0. [...]

By |2023-11-27T11:33:29-05:00November 24th, 2023|Categories: BMT Announcement|

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a North Korean cluster tracked as [...]

By |2023-11-24T09:01:00-05:00November 23rd, 2023|Categories: BMT Announcement|

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often necessary to retrieve the next stage," IBM X-Force researchers [...]

By |2023-11-24T08:58:45-05:00November 23rd, 2023|Categories: BMT Announcement|

New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login

A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found [...]

By |2023-11-22T13:03:08-05:00November 22nd, 2023|Categories: BMT Announcement|

North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns

North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, [...]

By |2023-11-22T12:45:26-05:00November 22nd, 2023|Categories: BMT Announcement|

Callback Phishing

The FBI has recently issued an advisory about the increasing threat of callback phishing, a sophisticated cyberattack tactic. Unlike traditional phishing, callback phishing doesn't include a malicious link in the email. Instead, callback phishing features a prominent phone number, urging the recipient to call for an urgent matter. The [...]

By |2023-11-22T12:37:39-05:00November 21st, 2023|Categories: BMT Announcement, News|Tags: , , , , |

NetSupport RAT Infections on the Rise – Targeting Government and Business Sectors

Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns," VMware Carbon Black researchers said [...]

By |2023-11-20T15:29:37-05:00November 20th, 2023|Categories: BMT Announcement|
Go to Top