This advisory was written by Travis Holland and Eric Dodge of the Kudelski Security Threat Detection & Research Team Summary Incontroller/Pipedream is a collection of
Category: Security Advisory
Cyclops Blink Malware Targeting WatchGuard Firewalls
Summary On February 23rd, the UK National Cyber Security Center (NCSC) with the US Cybersecurity &Infrastructure Security Agency (CISA) and other security agencies released information
CFC Response to Russia / Ukraine Tensions and Potential Cyber-Attacks in Retaliation to Western Sanctions
As the current situation continues to evolve, the Kudelski Security Cyber Fusion Center iscontinuously adapting our response to events, intelligence, and new details being released.
Lapsus$ Threat Actor Demonstrates Access to Backend Okta Tooling
Summary Okta is one of the premier identity providers in the World and is trusted by thousands of customers. The recently known Lapsus$ threat actor
PwnKit: Local Privilege Escalation (LPE) in Polkit’s pkexec (CVE-2021-4034)
Summary On January 25, researchers at Qualys disclosed a high severity local privilege escalation (LPE) vulnerability affecting Linux’s policy kits (Polkit) pkexec utility. Pkexec is
[Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 & CVE-2021-45046)
Update December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) – RCE possible in non-default configurations The Apache Software Foundation