Cyber Defense Advisors

Year: 2023

  • by
  • November 28, 2023

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

Cybersecurity researchers have detailed a “severe design flaw” in Google Workspace’s domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. “Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized […]

Cyber News
  • by
  • November 28, 2023

How Hackers Phish for Your Users’ Credentials and Sell Them

Account credentials, a popular initial access vector, have become a valuable commodity in cybercrime. As a result, a single set of stolen credentials can put your organization’s entire network at risk. According to the 2023 Verizon Data Breach Investigation Report, external parties were responsible for 83 percent of breaches that occurred between November 2021 and […]

Cyber News
  • by
  • November 28, 2023

Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine

A coordinated law enforcement operation has led to the arrest of key individuals in Ukraine who are alleged to be a part of several ransomware schemes. “On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia, resulting in the arrest of the 32-year-old ringleader,” Europol said in a statement […]

Cyber News
  • by
  • November 28, 2023

Stop Identity Attacks: Discover the Key to Early Threat Detection

Identity and Access Management (IAM) systems are a staple to ensure only authorized individuals or entities have access to specific resources in order to protect sensitive information and secure business assets. But did you know that today over 80% of attacks now involve identity, compromised credentials or bypassing the authentication mechanism? Recent breaches at MGM […]

Cyber News
  • by
  • November 28, 2023

Hackers Can Exploit ‘Forced Authentication’ to Steal Windows NTLM Tokens

Cybersecurity researchers have discovered a case of “forced authentication” that could be exploited to leak a Windows user’s NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file. The attack takes advantage of a legitimate feature in the database management system solution that allows users to link to […]

Cyber News
  • by
  • November 28, 2023

Securing the software supply chain webinar

Join me, and the experts from JFrog, for a discussion about software supply-chain security on December 5 2023. In the webinar we will be exploring the challenges facing companies in the coming year, sharing some best practices, and detailing the essential strategies you should be putting in place as threats evolve and technology advances. For […]

Cyber News
  • by
  • November 28, 2023

N. Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed “mixing and matching” different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign. RustBucket […]

Cyber News
  • by
  • November 27, 2023

How to Handle Retail SaaS Security on Cyber Monday

If forecasters are right, over the course of today, consumers will spend $13.7 billion. Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information. SaaS applications supporting retail efforts will […]

Cyber News
  • by
  • November 27, 2023

The crazy world of ransomware

The CRAZY world of ransomware – keynote by cybersecurity expert Graham Cluley Watch this video on YouTube Here’s a bit of fun. A video of me talking for twenty minutes about ransomware – specifically some of the more bonkers stories from the world of ransomware. Be sure to check out my YouTube video above, or […]

Cyber News