APT35 (aka Charming Kitten, TA453, or Phosphorus) started widespread scanning and attempted to leverage Log4j flaw in publicly facing systems only four days after the vulnerability was disclosed, according to new Check Point research.
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) are asking critical infrastructure network defenders to adopt a heightened state of awareness to mitigate attacks from Russian-state sponsored threat actors.
In a recent update, Panasonic has verified that hackers accessed personal information belonging to job candidates and interns during a November cyberattack.
The JFrog security research team has disclosed an issue in the H2 database console, which was issued a critical CVE — CVE-2021-42392. This issue has the same root cause as the Log4Shell vulnerability in Apache Log4j.
The New York Office of the Attorney General (OAG) notified 17 well-known online retailers, restaurant chains and food delivery services that have been the victims of credential stuffing attacks.