Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs
Companies critical to the aviation and aerospace supply chains didn't patch a known CVE, providing opportunity for foreign espionage.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Companies critical to the aviation and aerospace supply chains didn't patch a known CVE, providing opportunity for foreign espionage.
Customers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers.
Platform's independent server "instances" may have different security levels, creating potential for supply chain-like vulnerabilities.
The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.
The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately.
Make sure you're using the patch to block this supply chain attack.