Cyber Defense Advisors

Year: 2024

  • by
  • January 20, 2024

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. “UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, […]

Cyber News
  • by
  • January 20, 2024

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The development arrives as the vulnerabilities – an authentication bypass (CVE-2023-46805) and a code […]

Cyber News
  • by
  • January 20, 2024

Microsoft’s Top Execs’ Emails Breached in Sophisticated Russia-Linked APT Attack

Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company’s cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks […]

Cyber News
  • by
  • January 20, 2024

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. […]

Cyber News
  • by
  • January 19, 2024

Friday Squid Blogging: New Foods from Squid Fins

We only eat about half of a squid, ignoring the fins. A group of researchers is working to change that. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Tags: squid Sidebar photo of Bruce Schneier […]

Cyber News
  • by
  • January 19, 2024

Zelle Is Using My Name and Voice without My Consent

Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads—without my permission. At least, I think it is without my permission. It’s possible that I gave some sort of blanket permission when speaking at an event. It’s not likely, but it is possible. I wrote to Zelle […]

Cyber News
  • by
  • January 19, 2024

Canadian Man Stuck in Triangle of E-Commerce Fraud

A Canadian man who says he’s been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve “triangulation fraud,” which occurs when a consumer purchases something online — from a seller on Amazon or eBay, for example — but the seller doesn’t actually own the item […]

Cyber News
  • by
  • January 19, 2024

35.5 million customers of major apparel brands have their data breached after ransomware attack

Bought some Timberland shoes? Wear a North Face jacket? You, and millions of purchasers of other popular high-street brands, could have had their data stolen by the ALPHV ransomware group. Read more in my article on the Hot for Security blog. 

Cyber News
  • by
  • January 19, 2024

Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software

Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. “These applications are being hosted on Chinese pirating websites in order to gain victims,” Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said. “Once detonated, the malware will download and execute multiple payloads […]

Cyber News