What’s New

Shields Up! Apple Fixes Actively Exploited WebKit Zero-Day

Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, [...]

By |2024-01-24T12:14:19-05:00January 24th, 2024|Categories: BMT Announcement, News|Tags: , , , , , |

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters [...]

By |2024-01-25T10:36:26-05:00January 24th, 2024|Categories: BMT Announcement|

What is Nudge Security and How Does it Work?

In today's highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT [...]

By |2024-01-25T10:38:15-05:00January 24th, 2024|Categories: BMT Announcement|

VexTrio: The Uber of Cybercrime – Brokering Malware for 60+ Affiliates

The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new findings from Infoblox reveal. The latest development demonstrates the "breadth of their activities and depth of their connections within the [...]

By |2024-01-23T15:05:21-05:00January 23rd, 2024|Categories: BMT Announcement|

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries

Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be [...]

By |2024-01-23T11:36:57-05:00January 22nd, 2024|Categories: BMT Announcement|

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The development came after the vulnerabilities – an [...]

By |2024-01-22T10:40:04-05:00January 19th, 2024|Categories: BMT Announcement|

Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware

The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google's Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as [...]

By |2024-01-18T13:39:45-05:00January 18th, 2024|Categories: BMT Announcement|

3 Important Considerations for 2024

With 2024 in full swing, we know budgets have been prepared and are in full-swing implementation.  Hoping you made considerations in security investments for the coming year to better protect your organization from growing threats, we wanted to highlight 3 things for consideration.  If you haven't given these areas [...]

By |2024-01-17T12:25:24-05:00January 17th, 2024|Categories: BMT Announcement, CyberSecurity, News|Tags: , , , , |
Go to Top