Cyber Defense Advisors

Month: October 2024

  • by
  • October 14, 2024

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA. The event will be held on October 22 and 23, 2024, and my talk is  at 9:15 AM ET on October 22, 2024. The list is maintained on this page. Tags: […]

Cyber News
  • by
  • October 14, 2024

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt […]

Cyber News
  • by
  • October 14, 2024

5 Steps to Boost Detection and Response in a Multi-Layered Cloud

The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on “shift-left” practices—securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning cloud infrastructure, […]

Cyber News
  • by
  • October 14, 2024

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. “Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx […]

Cyber News
  • by
  • October 14, 2024

Perfectl Malware

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity […]

Cyber News
  • by
  • October 14, 2024

THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 – Oct 13)

Hey there, it’s your weekly dose of “what the heck is going on in cybersecurity land” – and trust me, you NEED to be in the loop this time. We’ve got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it’s full of stuff they don’t 🤫 want you […]

Cyber News
  • by
  • October 14, 2024

Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware. CVE-2024-40711, rated […]

Cyber News

CMMC 2.0 is Official: What the Final Rule Means for Defense Contractors

CMMC 2.0 is Official: What the Final Rule Means for Defense Contractors The DoD Tightens Cybersecurity Requirements—Here’s What You Need to Know It’s official! The Department of Defense has just published the final rule for the Cybersecurity Maturity Model Certification (CMMC) 2.0. If you’re part of the defense industrial base, this will impact you—big time. […]

Cyber Thoughts
  • by
  • October 13, 2024

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting […]

Cyber News