Cyber Defense Advisors

Year: 2024

7 Cybersecurity Wins to Be Proud of This Thanksgiving

7 Cybersecurity Wins to Be Proud of This Thanksgiving “Individual commitment to a group effort – that is what makes a team work, a company work, a society work, a civilization work.” – Vince Lombardi Thanksgiving isn’t just about turkey, stuffing, and sidestepping awkward political debates. For CISOs, CEOs, and IT leaders, it’s also a moment to […]

Cyber Thoughts
  • by
  • November 26, 2024

The AI Fix #26: Would AI kill sentient robots, and is water wet?

In episode 26 of The AI Fix, an AI does surgery on pork chops, holographic Jesus wants your consent to use cookies, Mark opens the pod bay doors, our hosts discover OpenAI’s couch potato health coach, and Graham finds a robot made of drain pipes. Graham pits Mark against an AI in a morality quiz […]

Cyber News
  • by
  • November 26, 2024

Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records

Graham CLULEY November 26, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial A security researcher has blamed misconfigured implementations of Microsoft Power Pages for a slew of data breaches from web portals – including the leak of 1.1 million NHS employee records. It’s the latest discovery by Dublin-based security researcher […]

Cyber News
  • by
  • November 26, 2024

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin for WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were […]

Cyber News
  • by
  • November 26, 2024

What Graykey Can and Can’t Unlock

This is in effect a “throw your turn” game like “snakes and ladders”. You all take one or two steps forwards in turn. In general you both progress, but sometimes you fall back down a lot. There is in effect only three ways to reliably not loose, 1, Cheat any which way you can (timeless […]

Cyber News
  • by
  • November 26, 2024

Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats

When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That’s why Intruder, a leader in attack surface management, built Intel – a free vulnerability intelligence platform designed to help you act fast and prioritize real threats. What is Intel? Intel was created to fill a gap in the […]

Cyber News
  • by
  • November 26, 2024

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. “In a successful attack, if a victim browses a web page containing the exploit, […]

Cyber News
  • by
  • November 26, 2024

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.  Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed 

Cyber News
  • by
  • November 26, 2024

CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that 

Cyber News