Cyber Defense Advisors

Month: November 2022

Home / News / 2022 / November / Page 58
  • by
  • November 2, 2022

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.“ – Jack Poller, Senior Analyst, ESG We received tremendous participation and feedback […]

Cyber News, Cyber Threat Trends
  • by
  • November 1, 2022

OpenSSL project patches two vulnerabilities but downgrades severity

The OpenSSL project released a patch for two high severity vulnerabilities in the world’s most widely used cryptographic library. The project’s maintainers warned users since last week to prepare for a critical patch on November 1, but the severity has since been downgraded following additional testing. Organizations should still determine which of their applications and […]

Cyber News, Cyber Threat Trends
  • by
  • November 1, 2022

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email

Cyber News, Cyber Threat Trends

Osaka Hospital Halts Services After Ransomware Attack

Emergency operations are continuing, but the hospital system failed and cannot be accessed

Cyber News, Cyber Threat Trends
  • by
  • November 1, 2022

OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!

That bated-breath OpenSSL update is out! It’s no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here’s why…

Cyber News, Cyber Threat Trends
  • by
  • November 1, 2022

Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware

The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a

Cyber News, Cyber Threat Trends
  • by
  • November 1, 2022

Researchers Disclose Details of Critical ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB

Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw CosMiss. “In short, […]

Cyber News, Cyber Threat Trends

CISA Publishes Multi-Factor Authentication Guidelines to Tackle Phishing

The guidelines describe methods threat actors use to steal MFA credentials and how to defend against them

Cyber News, Cyber Threat Trends
  • by
  • November 1, 2022

SHA-3 code execution bug patched in PHP – check your version!

As everyone waits for news of a bug in OpenSSL, here’s a reminder that other cryptographic code in your life may also need patching!

Cyber News, Cyber Threat Trends