Outbreak Alert- Annual Report 2024
Post Content
Post Content
Related
Critical Fortinet FortiWeb WAF Bug Exploited in the Wild
The vulnerability could allow an unauthenticated attacker to remotely execute administrative commands.
CISA to the Known Exploited Vulnerabilities Catalog
FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities catalog on March 7, 2023. The catalog lists vulnerabilities that are being actively exploited…
Amazon Stymies APT29 Credential Theft Campaign
A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft’s device code authentication flow.
North Korea’s IT Worker Rampage Continues Amid DoJ Action
Arrests and indictments keep coming, but the North Korean fake IT worker scheme is only snowballing, and businesses can’t afford to assume their applicant-screening processes are up to the task of weeding the imposters out.
GitHub: How Code Provenance Can Prevent Supply Chain Attacks
Through artifact attestation and the SLSA framework, GitHub’s Jennifer Schelkopf argues that at least some supply chain attacks can be stopped in their tracks.
Chanel Alerts Clients of Third-Party Breach
The fashion house is added to a list of other companies that have been impacted by similar breaches, including Tiffany & Co. and Louis Vuitton.