New Lazarus Group Campaign Targets EU Defense Companies
The suspected objective of the Lazarus group was the exfiltration of proprietary information and manufacturing expertise, particularly pertaining to UAV technology.
All topics
Intrusions
47 Posts
Breaking Down the F5 Breach
In the wake of the disclosure of a serious intrusion at F5 that reportedly lasted about a year, we talk about the details of the disclosure, the potential link to Chinese state actors, the fallout from the attackers’ access to source code and bug reports, and what this could mean in the long term.
F5: Attacker Accessed BIG-IP Source Code, Bug Data
The company discovered the intrusion in August but did not say when the attackers first gained access to F5’s systems or how long they had access.
More Cl0p Clues and Huge Apple Bug Bounty Changes
This week brings some new insights into the origins and length of the Cl0p extortion attacks tied to the Oracle E-Business Suite vulnerability, big surges in scanning for Cisco ASA, Palo Alto, and Fortinet devices, and a huge upgrade to Apple bug bounty payouts.
Oracle Clop Data Theft Campaign Started Months Ago
The Clop extortion campaign on Oracle customers last week stemmed from months of intrusion activity tracking back to July 10.
The Cl0p-Oracle Extortion Emails, Red Hat Breach, and Sad Government News
Dennis and Lindsey dissect a busy week in security news, starting with the Cl0p group’s extortion campaign against Oracle customers (3:24), then moving into the Crimson Collective’s claimed breach of some of Red Hat GitLab’s repos (12:41), and finally the consequences of the expiration of th CISA legislation and de-funding of the MS-ISAC (22:46). We also […]