What’s New

Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware

North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. "The threat actor gained access to [...]

By |2024-03-05T12:44:58-05:00March 5th, 2024|Categories: BMT Announcement|

What is Exposure Management and How Does it Differ from ASM?

Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some on-prem assets. While there has been a bit of [...]

By |2024-03-05T12:26:52-05:00March 5th, 2024|Categories: BMT Announcement|

4 Instructive Postmortems on Data Downtime and Loss

More than a decade ago, the concept of the 'blameless' postmortem changed how tech companies recognize failures at scale. John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, which is to point fingers: "One option [...]

By |2024-03-01T14:38:18-05:00March 1st, 2024|Categories: BMT Announcement|

Jump Into the World of AI! Get Started with Microsoft Copilot

For those not aware, Microsoft Copilot is a browser-based generative AI tool, similar to ChatGPT.  Whether you believe AI will be the salvation of humankind or the demise of it, you’re going to use it someday.  Currently, the full version of Copilot is only available for business customers willing [...]

By |2024-03-05T11:35:36-05:00February 29th, 2024|Categories: BMT Announcement, News, Partner|Tags: , , , , , |

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML "enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use [...]

By |2024-02-29T12:23:45-05:00February 29th, 2024|Categories: BMT Announcement|

GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks

Threat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers [...]

By |2024-02-29T12:21:05-05:00February 29th, 2024|Categories: BMT Announcement|

Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors

An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including Israel and the U.A.E. Other targets of the cyber espionage activity likely include Turkey, India, and Albania, Google-owned Mandiant [...]

By |2024-02-28T13:17:04-05:00February 28th, 2024|Categories: BMT Announcement|

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks

The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in an updated advisory. "This [...]

By |2024-02-28T13:14:56-05:00February 28th, 2024|Categories: BMT Announcement|

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any [...]

By |2024-02-27T12:24:31-05:00February 27th, 2024|Categories: BMT Announcement|
Go to Top