Cyber Defense Advisors

Month: January 2024

  • by
  • January 11, 2024

Atomic Stealer Gets an Upgrade – Targeting Mac Users with Encrypted Payload

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. “It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules,” […]

Cyber News
  • by
  • January 11, 2024

Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account

Anyone who works in computer security knows that they should have two-factor authentication (2FA) enabled on their accounts. 2FA provides an additional layer of security. A hacker might be able to guess, steal, or brute force the password on your accounts – but they won’t be able to gain access unless they also have a […]

Cyber News
  • by
  • January 11, 2024

Mandiant’s X Account Was Hacked Using Brute-Force Attack

The compromise of Mandiant’s X (formerly Twitter) account last week was likely the result of a “brute-force password attack,” attributing the hack to a drainer-as-a-service (DaaS) group. “Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected,” the threat intelligence […]

Cyber News
  • by
  • January 11, 2024

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure

A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking […]

Cyber News
  • by
  • January 11, 2024

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software

Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of […]

Cyber News
  • by
  • January 11, 2024

Twitter says it’s not its fault the SEC’s account got hacked

The safety team at Twitter has responded to the high profile hack of the SEC Twitter account, which made headlines around the world. And what do they have to say? Well, in a nutshell – “it’s not our fault. They lost control of their mobile phone number and didn’t have 2FA enabled.” 

Cyber News
  • by
  • January 11, 2024

Smashing Security podcast #354: Chuck Norris and the fake CEO, artificial KYC, and an Airbnb scam

Chuck Norris gives a helping hand to a mysterious cryptocurrency CEO who may have separated investors from over a billion dollars, generative AI creates a nightmare for those wanting to Know Their Customer, and a determined journalist finally gets their revenge on a sneaky Airbnb scammer. All this and much more is discussed in the […]

Cyber News
  • by
  • January 10, 2024

SEC’s Twitter account hacked to say Bitcoin ETFs approved. Politicians and lawyers demand investigation into security breach

The official Twitter account of the US Securities and Exchange Commission (SEC) was hacked yesterday, with scammers posting an unauthorised message to its 660,000+ followers. The false message – which has since been deleted – claimed that the SEC had approved the listing and trading of spot bitcoin ETFs, and caused the market price of […]

Cyber News
  • by
  • January 10, 2024

NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining

A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. “The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself to new victims,” Akamai security researcher […]

Cyber News