Cyber Defense Advisors

Year: 2022

  • by
  • October 31, 2022

Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a

Cyber News, Cyber Threat Trends
  • by
  • October 31, 2022

Tips for Choosing a Pentesting Company

In today’s world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider? The sheer number of providers can be daunting, and finding one […]

Cyber News, Cyber Threat Trends
  • by
  • October 31, 2022

Fodcha DDoS Botnet Resurfaces with New Capabilities

The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360’s Network Security Research Lab said in a report published last week. Fodcha first came to

Cyber News, Cyber Threat Trends
  • by
  • October 31, 2022

Allowing Users to Start Encrypted EC2 Instances in the AWS Console

ACM.97 Requiring MFA, encryption, and disallowing network misconfigurations that expose admin ports and data This is a continuation of my series of posts on Automating Cybersecurity Metrics. Where was I? Oh yes, I was trying to use the Developer user created with CloudFormation for whom we autogenerated a password to login into the AWS console and […]

Cyber News, Cyber Threat Trends
  • by
  • October 31, 2022

GitHub Repojacking Bug Could’ve Allowed Attackers to Takeover Other Users’ Repositories

Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks. The RepoJacking technique, disclosed by Checkmarx, entails a bypass of a protection mechanism called popular repository namespace retirement, which aims to prevent developers from pulling unsafe repositories with

Cyber News, Cyber Threat Trends
  • by
  • October 31, 2022

Samsung Galaxy Store Bug Could’ve Let Hackers Secretly Install Apps on Targeted Devices

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting […]

Cyber News, Cyber Threat Trends

Apple Only Commits to Patching Latest OS Version

People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica: In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent […]

Cyber News, Cyber Threat Trends

What do kickboxing and cybersecurity have in common

When people think of cybersecurity, they think it is all about constant, in-the-moment, reactive execution. That is true in many regards, however, there is more to cybersecurity than that.  There is also a strategic side; that progressive, long-term vision to anticipate the unknown, convert fear into motivation, and prepare for future threats.  As the Chief […]

Cyber News, Cyber Threat Trends

Most Online Shoppers Would Leave Retailer Following Breach

Akamai study finds low levels of trust among consumers

Cyber News, Cyber Threat Trends