Cyber Defense Advisors

Month: October 2022

A New Wave of PayPal Invoice Scams Using Crypto Disguise

Trend Micro found evidence of new PayPal scammers impersonating crypto-related businesses

Cyber News

DigiCert Root CA Approved for Matter Device Attestation by Connectivity Standards Alliance

DigiCert ready to help smart home device manufacturers achieve Matter compliance rapidly and at scale.

Cyber News

Mechanisms of Authenticating to a Linux VM (EC2 Instance) on AWS

ACM.77 Considerations for how you access virtual machines in a cloud environment and the importance of non-repudiation This is a continuation of my series on Automating Cybersecurity Metrics. We want to test using Private Link with CloudFormation in the developer VPC we created earlier, but in order to do that we need to first deploy […]

Cyber News

Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. “This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing

Cyber News

The Latest Funding News and What it Means for Cyber Security in 2023

The White House has recently announced a $1 billion cyber security grant program that is designed to help state and local governments improve their cyber defenses, especially about protecting critical infrastructure. The recent executive order stems from the $1.2 trillion infrastructure bill that was signed almost a year ago. That bill allocated $1 billion for protecting critical infrastructure

Cyber News

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. “A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox,” GitHub said in an advisory published […]

Cyber News

Data Transparency and its Impact on Customer Trust

How do organizations earn and build trust when it comes to the personal data that customers share with them? Customers certainly expect these organizations to comply with all privacy laws that are now in place in more than 130 countries. Customers also expect them not to sell personal data without consent and to try to […]

Cyber News

Inserting a Backdoor into a Machine-Learning System

Interesting research: “ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks, by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract: Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove […]

Cyber News