Cyber Defense Advisors

Year: 2023

  • by
  • November 15, 2023

Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation

Another two bugs in this month’s set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.

Cyber News, Cyber Threat Trends
  • by
  • November 15, 2023

Danish Energy Attacks Portend Targeting More Critical Infrastructure

Targeted attacks against two dozen related companies is just the latest evidence that hackers want a piece of energy.

Cyber News, Cyber Threat Trends
  • by
  • November 14, 2023

Microsoft Patch Tuesday, November 2023 Edition

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025, a weakness that allows malicious content to bypass the Windows SmartScreen […]

Cyber News

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the AI Summit New York on December 6, 2023. The list is maintained on this page.

Cyber News, Cyber Threat Trends
  • by
  • November 14, 2023

21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers

In this Black Hat Europe preview, devices bridging critical machinery with the wider Internet are exposed and subject to numerous supply chain-induced bugs.

Cyber News, Cyber Threat Trends
  • by
  • November 14, 2023

Squeeze some more life from your old laptop

Friends, forever Continue reading on The CISO Den »

Cyber News, Cyber Threat Trends
  • by
  • November 14, 2023

A CloudFormation Template to Enforce a Secure SSH Encryption Algorithm for EC2 Key Pairs

ACM.383 Security problems and workarounds if you choose to do this Continue reading on Cloud Security »

Cyber News, Cyber Threat Trends
  • by
  • November 14, 2023

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

A group of academics has disclosed a new “software fault attack” on AMD’s Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security and […]

Cyber News