Cyber Defense Advisors

Year: 2024

  • by
  • November 29, 2024

Race Condition Attacks against LLMs

These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and more about whether user inputs and generated model outputs can […]

Cyber News
  • by
  • November 29, 2024

Protecting Tomorrow’s World: Shaping the Cyber-Physical Future

The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry experts, we discussed the most […]

Cyber News
  • by
  • November 29, 2024

UK hospital, hit by cyberattack, resorts to paper and postpones procedures

Graham CLULEY November 29, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial A British hospital is grappling with a major cyberattack that has crippled its IT systems and disrupted patient care. Wirral University Teaching Hospital (WUTH), part of the NHS, revealed on Monday that it had suffered a cybersecurity incident […]

Cyber News
  • by
  • November 29, 2024

Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks

Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. “This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA) enabled can still be vulnerable,” […]

Cyber News
  • by
  • November 29, 2024

Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks

Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an “Exploitation Detected” assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. “An improper access […]

Cyber News
  • by
  • November 29, 2024

U.S. Citizen Sentenced for Spying on Behalf of China’s Intelligence Agency

A 59-year-old U.S. citizen who immigrated from the People’s Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China’s principal civilian intelligence agency. Ping Li, 59, of Wesley Chapel, Florida, is said to have […]

Cyber News
  • by
  • November 28, 2024

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. “These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, integrity, and availability of the affected […]

Cyber News
  • by
  • November 28, 2024

Mimic ransomware: what you need to know

What is Mimic? Mimic is family of ransomware, first found in-the-wild in 2022. In common with many other ransomware attacks, Mimic encrypts a victim’s files, and demands a ransom payment in cryptocurrency for the release of a decryption key. Does Mimic also steal data? Yes, some variants of Mimic can also exfiltrate data from a […]

Cyber News
  • by
  • November 28, 2024

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue […]

Cyber News