Cyber Defense Advisors

Year: 2023

  • by
  • October 23, 2023

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices. Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 (CVSS […]

Cyber News, Cyber Threat Trends
  • by
  • October 23, 2023

Okta’s Support System Breach Exposes Customer Data to Unidentified Threat Actors

Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” David Bradbury, Okta’s chief security officer, said. “It should […]

Cyber News, Cyber Threat Trends
  • by
  • October 23, 2023

Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer

Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a “key target” in France. “In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia,” the agency said. “The main perpetrator, suspected of being a developer of the Ragnar group, […]

Cyber News, Cyber Threat Trends
  • by
  • October 23, 2023

S3 Access and Logging Pop Quiz

ACM.348 Can a user with s3:* read the objects in a bucket with the default policy? Where are logs when a user has cross account s3 access? Continue reading on Cloud Security »

Cyber News, Cyber Threat Trends
  • by
  • October 23, 2023

Lambda Function Policy With Cross-Account S3 Bucket Access

ACM.349 Modifying our generic App Policy to grant cross account access to a bucket when a Lambda function requires it Continue reading on Cloud Security »

Cyber News, Cyber Threat Trends
  • by
  • October 23, 2023

A Generic S3 Bucket Policy for Applications

ACM.350 Granting access to Lambda in an S3 bucket policy Continue reading on Cloud Security »

Cyber News, Cyber Threat Trends

S3 Object Logging

Note if you already read my last story on S3 Logging and Access Continue reading on Medium »

Cyber News, Cyber Threat Trends

S3 Object Logging

Note if you already read my last story on S3 Logging and Access Continue reading on Medium »

Cyber News, Cyber Threat Trends

S3 Object Logging

Note if you already read my last story on S3 Logging and Access Continue reading on Medium »

Cyber News, Cyber Threat Trends