Cyber Defense Advisors

Year: 2024

  • by
  • April 10, 2024

Beware: GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware

Threat actors are now taking advantage of GitHub’s search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that’s designed to download next-stage payloads from a remote URL, Checkmarx […]

Cyber News
  • by
  • April 10, 2024

In Memoriam: Ross Anderson, 1956–2024

Last week, I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version. EDITED TO ADD (4/11): Two weeks before he passed away, Ross gave an 80-minute interview where he told his life story. Tags: cryptanalysis, cryptography, cybersecurity, economics of security, security conferences, security […]

Cyber News
  • by
  • April 10, 2024

Hands-on Review: Cynomi AI-powered vCISO Platform

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more […]

Cyber News
  • by
  • April 10, 2024

Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

Cybersecurity researchers have disclosed what they say is the “first native Spectre v2 exploit” against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre […]

Cyber News
  • by
  • April 10, 2024

Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like […]

Cyber News
  • by
  • April 10, 2024

Targus business operations disrupted following cyber attack

Graham CLULEY April 10, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial Targus, the well-known laptop bag and case manufacturer, has been hit by a cyber attack that has interrupted its normal business operations. In an SEC filing, Targus described discovering last Friday that hackers had gained unauthorised access to […]

Cyber News
  • by
  • April 10, 2024

Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The update is aside […]

Cyber News
  • by
  • April 10, 2024

Critical ‘BatBadBut’ Rust Vulnerability Exposes Windows Systems to Attacks

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments. “The Rust standard library […]

Cyber News
  • by
  • April 9, 2024

April’s Patch Tuesday Brings Record Number of Fixes

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 […]

Cyber News