Cyber Defense Advisors

Month: April 2024

  • by
  • April 4, 2024

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. “The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident,” […]

Cyber News
  • by
  • April 4, 2024

Google patches Pixel phone zero-days after exploitation by “forensic companies”

Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security. What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather “forensic companies” exploiting two vulnerabilities to extract information […]

Cyber News
  • by
  • April 4, 2024

Fake Lawsuit Threat Exposes Privnote Phishing Sites

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses […]

Cyber News
  • by
  • April 4, 2024

Considerations for Operational Technology Cybersecurity

Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise’s physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world. This unique characteristic of OT brings additional cybersecurity considerations not typically present in conventional IT security architectures. The convergence of […]

Cyber News
  • by
  • April 4, 2024

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. “Many HTTP/2 implementations do not properly limit or […]

Cyber News
  • by
  • April 4, 2024

Surveillance by the New Microsoft Outlook App

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to: Store and/or access information on the user’s […]

Cyber News
  • by
  • April 4, 2024

What makes a ransomware attack eight times as costly? Compromised backups

Sales: 0845 470 4001 | Support: 0845 230 6001 | Contact Form | NPS Company Storage Cyber Security Business Continuity Ransomware Disaster Recovery Data Protection 3589 Hits Any organisation that has tried to recover from a ransomware attack knows that it can be time-consuming and costly. Companies hit by an attack must choose between paying […]

Cyber News
  • by
  • April 4, 2024

Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure

Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows – CVE-2024-21894 (CVSS score: 8.2) – A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti […]

Cyber News
  • by
  • April 3, 2024

Smashing Security podcast #366: Money-making bots, and Incognito isn’t private

Google says it is deleting the your Google Chrome Incognito private-browsing data that it should never have collected anyway. Can a zero-risk millionaire-making bot be trusted? And what countries are banned from buying your sensitive data? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity […]

Cyber News