Cyber Defense Advisors

Month: June 2024

  • by
  • June 26, 2024

Practical Guidance For Securing Your Software Supply Chain

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who see opportunities to force-multiply their attacks by orders of magnitude. For […]

Cyber News
  • by
  • June 26, 2024

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. “When your headphones are seeking a connection […]

Cyber News
  • by
  • June 26, 2024

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information. According to Sucuri, the latest campaign entails making malicious […]

Cyber News
  • by
  • June 26, 2024

New Medusa Android Trojan Targets Banking Users Across 7 Countries

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five different botnets operated by various affiliates, cybersecurity […]

Cyber News
  • by
  • June 26, 2024

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library (“polyfill.js”) to redirect users to malicious and scam sites. “Protecting our users is our top priority. We detected a security issue recently that may affect websites using certain […]

Cyber News

Federal Reserve Under Siege: Data Breach Extortion Threatens Chaos

Federal Reserve Under Siege: Data Breach Extortion Threatens Chaos Cyber Gang Demands Payment or Promises to Unleash Financial Turmoil Brace yourselves, folks, this one’s a doozy! A notorious Russian-linked cyber gang, LockBit, has thrown down the gauntlet, claiming a daring breach of the U.S. Federal Reserve. They’re threatening to spill 33 terabytes of America’s financial […]

Cyber Thoughts
  • by
  • June 25, 2024

The AI Fix #4: Fantastic voyage, and the technological singularity

In episode four of The AI Fix podcast, Graham and Mark learn there’s a 99.9% chance that AI will wipe out humans within 100 years, examine the even more chilling prospect of Barney the dinosaur reading Adolf Hitler’s Mein Kampf to six-year-olds, and resurrect a tried-and-trusted software evaluation method to decide if Claude 3.5 Sonnet […]

Cyber News
  • by
  • June 25, 2024

Breaking the M-209

Interesting paper about a German cryptanalysis machine that helped break the US M-209 mechanical ciphering machine. The paper contains a good description of how the M-209 works.  

Cyber News
  • by
  • June 25, 2024

New Attack Technique Exploits Microsoft Management Console Files

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact (“sccm-updater.msc“) that was uploaded to the VirusTotal malware scanning […]

Cyber News