Cyber Defense Advisors

Month: September 2022

Home / News / 2022 / September / Page 2

Enterprises embrace devsecops practices against supply chain attacks

For enterprise security professionals alarmed about the rising number of supply chain attacks, a report released this week by Google and supply chain security firm Chainguard has good news: Devsecops best practices are becoming more and more common. The recent prevalence of supply chain attacks—most notably the SolarWinds attack, which affected numerous large companies in […]

Cyber News

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

The “ProxyNotShell” security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.

Cyber News

Prison for ex-eBay staff who aggressively cyberstalked company’s critics with Craigslist sex party ads and funeral wreaths

Two men, who previously worked at eBay, have been sentenced to prison after admitting their role in a cyberstalking campaign that targeted the editor and publisher of a newsletter that criticised the company. Read more in my article on the Hot for Security blog.

Cyber News

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a […]

Cyber News

Hackers Hide Malware in Windows Logo, Target Middle East Governments

The group continued to use the LookBack backdoor, but also several new types of malware

Cyber News

SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates

The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.

Cyber News

Hackers Backdoor Pirated Windows OS With Cryptominer and Xtreme RAT

The behavior of the actors was reportedly identical to what was described by Minerva Labs in 2021

Cyber News

With the Software Supply Chain, You Can’t Secure What You Don’t Measure

Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain.

Cyber News

Security Vulnerabilities in Covert CIA Websites

Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by—at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re now learning that the CIA is still “using an irresponsibly secured system for asset communication.” Citizen Lab did the research: […]

Cyber News