Cyber Defense Advisors

Month: March 2024

Key Things to Know About a CMMC Preliminary Assessment

Key Things to Know About a CMMC Preliminary Assessment Introduction: In the quest for Cybersecurity Maturity Model Certification (CMMC) compliance, understanding the nuances of a preliminary assessment can make all the difference. This crucial step not only illuminates the path to certification but also fortifies an organization’s cybersecurity defenses—ensuring readiness for both the formal CMMC […]

CMMC Feasibility

How a Preliminary CMMC Assessment Can Save You In the Long Run

How a Preliminary CMMC Assessment Can Save You In the Long Run Introduction: The cybersecurity landscape, particularly for the Defense Industrial Base (DIB), is marked by rapidly evolving threats and stringent requirements. The Cybersecurity Maturity Model Certification (CMMC), instituted by the U.S. Department of Defense (DoD), embodies this shift, aiming to enhance the protective measures […]

CMMC Feasibility

FAQs Regarding CMMC Preliminary Assessments

FAQs Regarding CMMC Preliminary Assessments Introduction: As the Cybersecurity Maturity Model Certification (CMMC) becomes integral for collaboration with the Department of Defense (DoD), organizations within the Defense Industrial Base (DIB) are confronting the intricacies of attaining compliance. Central to navigating this process successfully is the CMMC preliminary assessment—a crucial evaluative step that primes organizations for […]

CMMC Feasibility
  • by
  • March 30, 2024

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims’ Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a […]

Cyber News
  • by
  • March 30, 2024

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

RedHat on Friday released an “urgent security alert” warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts […]

Cyber News
  • by
  • March 29, 2024

Friday Squid Blogging: The Geopolitics of Eating Squid

New York Times op-ed on the Chinese dominance of the squid industry: China’s domination in seafood has raised deep concerns among American fishermen, policymakers and human rights activists. They warn that China is expanding its maritime reach in ways that are putting domestic fishermen around the world at a competitive disadvantage, eroding international law governing […]

Cyber News
  • by
  • March 29, 2024

Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds

Security vulnerabilities discovered in Dormakaba’s Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based company […]

Cyber News
  • by
  • March 29, 2024

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. “TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024,” the […]

Cyber News
  • by
  • March 29, 2024

The Golden Age of Automated Penetration Testing is Here

Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving […]

Cyber News