Cyber Defense Advisors

Year: 2023

  • by
  • November 24, 2023

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks. “These encoded Kubernetes configuration secrets were uploaded to public repositories,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new research published earlier this week. Some of those impacted include two top blockchain […]

Cyber News
  • by
  • November 23, 2023

$9 million seized from “pig butchering” scammers who preyed on lonely hearts

US authorities have seized almost $9 million worth of cryptocurrency linked to a gang engaged in cryptocurrency investment fraud and romance scams. The US Department of Justice has announced that the seized funds are connected to cryptocurrency wallet addresses alleged to be associated with a “pig butchering” gang that has claimed over 70 victims around […]

Cyber News
  • by
  • November 23, 2023

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a North Korean cluster tracked as Kimsuky (aka APT43). “This campaign relies […]

Cyber News
  • by
  • November 23, 2023

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. “The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often necessary to retrieve the next stage,” IBM X-Force researchers Charlotte Hammond, Ole Villadsen, and Kat […]

Cyber News
  • by
  • November 23, 2023

Smashing Security podcast #349: Ransomware gang reports its own crime, and what happened at OpenAI?

Who gets to decide who should be CEO of OpenAI? ChatGPT or the board? Plus a ransomware gang goes a step further than most, reporting one of its own data breaches to the US Securities and Exchange Commission. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity […]

Cyber News
  • by
  • November 23, 2023

6 Steps to Accelerate Cybersecurity Incident Response

Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That’s why it’s essential that these teams not only have the right […]

Cyber News
  • by
  • November 23, 2023

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. “The payload targets routers and network video recorder (NVR) devices with default admin credentials and installs Mirai variants when successful,” Akamai said in an advisory published this […]

Cyber News

Why You Shouldn’t Ignore SEC Compliance

Why You Shouldn’t Ignore SEC Compliance Financial markets can be likened to a vast and intricate dance, with many participants moving to the beat of various regulations and guidelines. At the center of this rhythm in the United States is the Securities and Exchange Commission (SEC). Founded after the stock market crash of 1929, the […]

SEC Compliance

Simplify Your NIST-Based Risk Assessments

Simplify Your NIST-Based Risk Assessments In an era where information and data have become the lifeblood of businesses and organizations, the importance of safeguarding this invaluable resource cannot be overstated. Cybersecurity threats lurk in the shadows, waiting to exploit vulnerabilities and wreak havoc. To protect against these threats, it’s crucial to have a systematic approach […]

NIST-Based Risk Assessment