Cyber Defense Advisors

Month: January 2024

  • by
  • January 15, 2024

Critical flaw found in WordPress plugin used on over 300,000 websites

A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. Read more in my article on the Tripwire State of Security blog. 

Cyber News
  • by
  • January 15, 2024

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

Cybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage […]

Cyber News
  • by
  • January 15, 2024

3 Ransomware Group Newcomers to Watch in 2024

The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 4,368 cases. Figure 1: Year over year victims per quarter The rollercoaster ride from explosive growth in 2021 to a momentary dip in 2022 was just a teaser—2023 roared back with the same fervor as 2021, […]

Cyber News
  • by
  • January 15, 2024

Voice Cloning with Very Short Samples

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper. Tags: academic papers, cloning, voice recognition Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News
  • by
  • January 15, 2024

High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners

Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could allow attackers to execute arbitrary code on affected systems. Romanian cybersecurity firm Bitdefender, which discovered the flaw in Bosch BCC100 thermostats last August, said the issue could be weaponized by an attacker to alter the […]

Cyber News
  • by
  • January 15, 2024

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws in WordPress plugins to inject backdoor designed to redirect visitors of […]

Cyber News
  • by
  • January 15, 2024

DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023

The environmental services industry witnessed an “unprecedented surge” in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week. “This surge in cyber attacks […]

Cyber News
  • by
  • January 14, 2024

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo (IPE24) in Cape Town, South Africa, January 25-26, 2024. The list is maintained on this page. Tags: Schneier news Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News

FINRA Compliance: Managing Digital Assets and Robo-Advisors

FINRA Compliance: Managing Digital Assets and Robo-Advisors The financial industry is in the midst of a digital revolution, and with it comes the integration of digital assets and robo-advisors into traditional investment practices. As the landscape evolves, so do the regulatory requirements that govern it. The Financial Industry Regulatory Authority (FINRA) plays a crucial role […]

FINRA Compliance