Cyber Defense Advisors

Year: 2024

  • by
  • April 29, 2024

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322 (CVSS score: 8.8), “involves the use of promise objects […]

Cyber News
  • by
  • April 29, 2024

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an “adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine,” Australian cybersecurity […]

Cyber News

Phishing Scammers Sink Their Baited Hooks Into Microsoft Teams

Phishing Scammers Sink Their Baited Hooks Into Microsoft Teams How To Defend Against New Workplace Messaging Threats Your inbox isn’t the only phishing scam hotspot! As email phishing defenses strengthen, cybercriminals are changing tactics. They’re now targeting Microsoft Teams—a crucial yet vulnerable tool for many organizations. Cybercriminals exploit a Microsoft Teams feature that allows messages […]

Cyber Thoughts
  • by
  • April 28, 2024

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Identity and access management (IAM) services provider Okta has warned of a spike in the “frequency and scale” of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by “the broad availability of residential proxy services, lists of previously stolen credentials (‘combo lists’), and […]

Cyber News
  • by
  • April 27, 2024

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file (“signal-2023-12-20-160512.ppsx”) as the starting point, with the […]

Cyber News
  • by
  • April 27, 2024

Bogus npm Packages Used to Trick Software Developers into Installing Malware

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. “During these fraudulent interviews, the developers are often asked […]

Cyber News
  • by
  • April 26, 2024

Friday Squid Blogging: Searching for the Colossal Squid

A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Tags: squid Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News
  • by
  • April 26, 2024

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules, insecure root access, and Docker […]

Cyber News
  • by
  • April 26, 2024

Long Article on GM Spying on Its Cars’ Drivers

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies. Tags: cars, insurance, privacy, surveillance Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News