CVE-2014-2120: Ten-year-old Cisco ASA Flaw Exploited In The Wild
First discovered in 2014 by researcher Jonathan Claudius, CVE-2014-2120 is a vulnerability caused by insufficient input validation in the WebVPN…
Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers
A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According…
Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the…
Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors
Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the…
Resizing Persistent Volume Claims (PVCs) for OpenSearch in Kubernetes: Challenges and Solutions
Managing storage requirements for an OpenSearch cluster deployed via a Helm chart in Kubernetes can present unique challenges, especially when…
OpenSearch: How to Update index-pattern in “Broken” Visualization
If index-pattern was recreated and its id hasn’t been customized to the same as it was before, you’ll get an…
ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan
The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations…
China-linked APT Salt Typhoon has breached telcos in dozens of countries
China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries, US govt warns. President Biden’s deputy national…
NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions
The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering…
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend,…