Cyber Defense Advisors

Year: 2024

  • by
  • January 23, 2024

Side Channels Are Common

@ Bruce, ALL, “Side Channels Are Common” Not “common” but “ubiquitous” and inevitable in all communications channels. I’ve been through this a few times on the blog over the past two decades. But the proof if people want to work it out is fundemental to physics. To communicate is a process of “work” thus uses […]

Cyber News
  • by
  • January 23, 2024

From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks

As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore’s broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to learn about DDoS attack trends for Q3–Q4 of 2023, and […]

Cyber News
  • by
  • January 23, 2024

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias “pompompurin,” was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of […]

Cyber News
  • by
  • January 23, 2024

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible installations. The shortcoming affects […]

Cyber News
  • by
  • January 23, 2024

Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug in the WebKit browser engine that could be exploited by a threat actor to achieve arbitrary […]

Cyber News
  • by
  • January 22, 2024

North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. “ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat […]

Cyber News
  • by
  • January 22, 2024

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries

Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. “Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know […]

Cyber News
  • by
  • January 22, 2024

With hackers poisoning water systems, US agencies issue incident response guide to boost cybersecurity

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). Read more in my article on the Tripwire State of Security blog. 

Cyber News
  • by
  • January 22, 2024

AI Bots on X (Twitter)

You can find them by searching for OpenAI chatbot warning messages, like: “I’m sorry, I cannot provide a response as it goes against OpenAI’s use case policy.” I hadn’t thought about this before: identifying bots by searching for distinctive bot phrases. Tags: artificial intelligence, chatbots, identification, Twitter Sidebar photo of Bruce Schneier by Joe MacInnis. […]

Cyber News