Cyber Defense Advisors

Month: May 2024

  • by
  • May 30, 2024

CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate […]

Cyber News
  • by
  • May 30, 2024

FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine

Cloudflare on Thursday said it took steps to disrupt a month-long phishing campaign orchestrated by a Russia-aligned threat actor called FlyingYeti targeting Ukraine. “The FlyingYeti campaign capitalized on anxiety over the potential loss of access to housing and utilities by enticing targets to open malicious files via debt-themed lures,” Cloudflare’s threat intelligence team Cloudforce One […]

Cyber News
  • by
  • May 30, 2024

Smashing Security podcast #374: Microsoft’s Recall controversy, and the North Korean insider threat

Microsoft gets itself into a pickle with a privacy-popping new feature on its CoPilot+ PCs, the FTC warns of impersonated companies, and has your company hiring North Korean IT workers? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, […]

Cyber News
  • by
  • May 30, 2024

Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors

A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. “The campaign is geared toward establishing long-term access to compromised victim organizations to enable LilacSquid to siphon data […]

Cyber News
  • by
  • May 30, 2024

‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” […]

Cyber News
  • by
  • May 30, 2024

RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability

The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal. The addition of the PAN-OS vulnerability to its toolkit has been complemented by updates to the malware, which now incorporates new anti-analysis techniques, according to findings from web infrastructure and […]

Cyber News
  • by
  • May 30, 2024

“Largest botnet ever” disrupted. 911 S5’s alleged mastermind arrested

A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. The 911 S5 botnet, described as “likely the world’s largest botnet ever” by FBI Director Christopher Wray, has had its infrastructure and assets seized and its alleged mastermind arrested […]

Cyber News
  • by
  • May 30, 2024

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts for follow-on exploitation. “These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping, making it […]

Cyber News
  • by
  • May 30, 2024

How to Build Your Autonomous SOC Strategy

Security leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from endpoint security platforms, SIEM tools, and phishing emails reported […]

Cyber News