Companies and other organizations should be careful when employing IT freelancers, lest they end up hiring North Korean hackers. The advice comes from the U.S. Department of State, the U.S. Department of the Treasury, and the Federal Bureau of Investigation, who warned that “there are reputational risks and the potential for legal consequences, including sanctions […]
An eminently sophisticated and stealthy APT group is going after specific corporate email accounts and has, on occasion, managed to remain undetected in victim environments for at least 18 months. Catalogued as UNC3524 by Mandiant, the threat actor is also extremely adept at re-gaining access to a victim environment when booted out, “re-compromising the environment […]
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring Framework. There have been reports of scanning, exploit attempts and attempts to deploy a web shell on vulnerable systems, but it seems that a successful exploitation has yet […]
Latest Comments