Cyber Defense Advisors

Month: November 2024

  • by
  • November 8, 2024

CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that could lead […]

Cyber News
  • by
  • November 7, 2024

Prompt Injection Defenses Against LLM Cyberattacks

Interesting research: “Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks“: Large language models (LLMs) are increasingly being harnessed to automate cyberattacks, making sophisticated exploits more accessible and scalable. In response, we propose a new defense strategy tailored to counter LLM-driven cyberattacks. We introduce Mantis, a defensive framework that exploits LLMs’ susceptibility […]

Cyber News
  • by
  • November 7, 2024

North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A threat actor with ties to the Democratic People’s Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as […]

Cyber News
  • by
  • November 7, 2024

Subverting LLM Coders

Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“: Abstract: Large Language Models (LLMs) have transformed code completion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter the […]

Cyber News
  • by
  • November 7, 2024

A Hacker’s Guide to Password Cracking

Defending your organization’s security is like fortifying a castle—you need to understand where attackers will strike and how they’ll try to breach your walls. And hackers are always searching for weaknesses, whether it’s a lax password policy or a forgotten backdoor. To build a stronger defense, you must think like a hacker and anticipate their […]

Cyber News
  • by
  • November 7, 2024

5 Most Common Malware Techniques in 2024

Tactics, techniques, and procedures (TTPs) form the foundation of modern defense strategies. Unlike indicators of compromise (IOCs), TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used techniques, according to ANY.RUN’s Q3 2024 report on malware trends, complete with real-world examples. Disabling of […]

Cyber News
  • by
  • November 7, 2024

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity firm Check Point is tracking the large-scale campaign under the name CopyRh(ight)adamantys. Targeted regions include the United States, Europe, East Asia, and South America. “The campaign impersonates dozens of […]

Cyber News
  • by
  • November 7, 2024

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait

The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an entity in the region. “During this attack, the threat actor used as a lure the upcoming World Expo, which will be held in 2025 in Osaka, Japan,” […]

Cyber News
  • by
  • November 7, 2024

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers’ Amazon Web Services (AWS) credentials. The package in question is “fabrice,” which typosquats a popular Python library known as “fabric,” which is designed to execute shell commands […]

Cyber News