Cyber Defense Advisors

Month: November 2024

  • by
  • November 20, 2024

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. “This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network 

Cyber News
  • by
  • November 20, 2024

Fintech Giant Finastra Investigating Data Breach

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen […]

Cyber News

Black Friday Warning: Cybercriminals Are Fixing Their Sights on You Like Never Before

Black Friday Warning: Cybercriminals Are Fixing Their Sights on You Like Never Before And they aren’t just after your money—they’re after your entire identity. Black Friday isn’t just a shopping bonanza anymore—it’s a cybercriminal’s Super Bowl. It has evolved into the ultimate shopping spectacle, with billions of dollars flying across the internet as fast as […]

Cyber Thoughts
  • by
  • November 19, 2024

The AI Fix #25: Beware of the superintelligence, and a spam-eating AI super gran

In episode 25 of The AI Fix, humanity creates a satellite called Skynet and then loses it, Graham folds proteins in the comfort of his living room, a Florida man gets a robot dog, Grok rats on its own boss, and a podcast host discovers Brazil nuts. Graham meets an elderly grandmother who’s taking on […]

Cyber News
  • by
  • November 19, 2024

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. “At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers […]

Cyber News
  • by
  • November 19, 2024

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report […]

Cyber News
  • by
  • November 19, 2024

Why Italy Sells So Much Spyware

Interesting analysis: Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document, as of December 2022 law enforcement in the country could rent […]

Cyber News
  • by
  • November 19, 2024

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To 

Cyber News
  • by
  • November 19, 2024

Malware delivered via malicious QR codes sent in the post

Graham CLULEY November 19, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial Cybercriminals have adopted a novel trick for infecting devices with malware: sending out physical letters that contain malicious QR codes. Switzerland’s National Cyber Security Centre (NCSC) has issued a warning to the public about letters sent through the […]

Cyber News