Cyber Defense Advisors

Month: January 2024

  • by
  • January 8, 2024

Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy

Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, “only 59% of organizations say their cybersecurity strategy has changed over the past two years.” This stagnation in strategy adaptation can be traced back to several key issues. Talent Retention Challenges: The cybersecurity field is rapidly advancing, […]

Cyber News
  • by
  • January 8, 2024

Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface

Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks. In fact, Gartner identified attack surface expansion as […]

Cyber News
  • by
  • January 8, 2024

NIST Warns of Security and Privacy Risks from Rapid AI System Deployment

The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence (AI) systems in recent years. “These security and privacy challenges include the potential for adversarial manipulation of training data, adversarial exploitation of model vulnerabilities to adversely […]

Cyber News
  • by
  • January 8, 2024

DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud

The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace, which is estimated to have facilitated more than $68 million in fraud. In wrapping up its investigation into the dark web portal, the agency said the transnational operation was the result of close cooperation with law […]

Cyber News
  • by
  • January 8, 2024

North Korea’s Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023

Threat actors affiliated with the Democratic People’s Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023. The DPRK “was responsible for almost a third of all funds stolen in crypto attacks last year, despite a 30% reduction from the USD 850 million haul in 2022,” blockchain […]

Cyber News
  • by
  • January 6, 2024

Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as Sea Turtle. “The infrastructure of the targets was susceptible to supply chain and island-hopping attacks, which the attack group used […]

Cyber News
  • by
  • January 6, 2024

Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware

The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware “crashes the operating system in a way that it cannot be rebooted.” The intrusions have been attributed to an Iranian “psychological operation group” known as Homeland […]

Cyber News
  • by
  • January 5, 2024

Friday Squid Blogging—18th Anniversary Post: New Species of Pygmy Squid Discovered

They’re Ryukyuan pygmy squid (Idiosepius kijimuna) and Hannan’s pygmy squid (Kodama jujutsu). The second one represents an entire new genus. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. And, yes, this is the eighteenth anniversary of Friday Squid Blogging. The first […]

Cyber News
  • by
  • January 5, 2024

CertiK Twitter account hijacked by cryptocurrency scammer posing as Forbes journalist

Web3 security outfit CertiK has fallen foul of scammers, who managed to hijack its Twitter account to share a malicious link to a fake version of the Revoke.cash project. WARNING: Our team has found the Uniswap Router contract to be vulnerable to a reentrancy exploit, allowing attackers to move anyone’s tokens if approved to the […]

Cyber News