BMT Announcement

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The development came after the vulnerabilities – an [...]

By |2024-01-22T10:40:04-05:00January 19th, 2024|Categories: BMT Announcement|

Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware

The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google's Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as [...]

By |2024-01-18T13:39:45-05:00January 18th, 2024|Categories: BMT Announcement|

3 Important Considerations for 2024

With 2024 in full swing, we know budgets have been prepared and are in full-swing implementation.  Hoping you made considerations in security investments for the coming year to better protect your organization from growing threats, we wanted to highlight 3 things for consideration.  If you haven't given these areas [...]

By |2024-01-17T12:25:24-05:00January 17th, 2024|Categories: BMT Announcement, CyberSecurity, News|Tags: , , , , |

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, [...]

By |2024-01-17T14:01:04-05:00January 17th, 2024|Categories: BMT Announcement|

Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation

Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage. SaaS applications [...]

By |2024-01-17T13:59:37-05:00January 17th, 2024|Categories: BMT Announcement|

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). "The two issues are fundamentally the same but exploitable at different HTTP URI paths [...]

By |2024-01-16T12:34:31-05:00January 16th, 2024|Categories: BMT Announcement|

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. "Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network [...]

By |2024-01-12T10:53:33-05:00January 11th, 2024|Categories: BMT Announcement|

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software [...]

By |2024-01-12T10:51:59-05:00January 11th, 2024|Categories: BMT Announcement|
Go to Top