Cyber Defense Advisors

Year: 2024

  • by
  • January 18, 2024

New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic

Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. “This is the first documented case of malware deploying the 9Hits application as a payload,” cloud security firm Cado said, adding […]

Cyber News

Value-Identifying IT Due Diligence in Mergers: The Unseen Factors

Value-Identifying IT Due Diligence in Mergers: The Unseen Factors Mergers and acquisitions (M&A) have long been a strategic move for businesses aiming to expand their operations, strengthen their market presence, or gain a competitive edge. However, the success of an M&A deal isn’t solely dependent on financial figures and market share. In today’s dynamic business […]

Value-Enhancing Technology Due Diligence

Value-Identifying Application Due Diligence in the SAAS Boom

Value-Identifying Application Due Diligence in the SAAS Boom The Software as a Service (SAAS) industry has been on a remarkable ascent in recent years. The SAAS market has grown exponentially, with companies of all sizes and industries adopting SAAS solutions to streamline their operations, increase efficiency, and stay competitive in the digital age. As the […]

Value-Enhancing Application Due Diligence

Unpacking the Penetration Testing & Exploitation Assessment Dichotomy

Unpacking the Penetration Testing & Exploitation Assessment Dichotomy In the ever-evolving landscape of cybersecurity, staying one step ahead of malicious actors is a constant challenge. As organizations strive to protect their digital assets and sensitive data, two crucial methodologies emerge to gauge their security posture: penetration testing and exploitation assessment. These practices are vital in […]

Penetration Testing and Exploitation Assessment
  • by
  • January 18, 2024

Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware

The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google’s Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection […]

Cyber News

The Realities of CMMC Compliance in Global Defense Contracts

The Realities of CMMC Compliance in Global Defense Contracts In the ever-evolving landscape of global defense, cybersecurity has emerged as a paramount concern. With the increasing sophistication of cyber threats, safeguarding sensitive military information has become a top priority for governments and defense contractors alike. To address this, the Department of Defense (DoD) in the […]

CMMC Compliance
  • by
  • January 18, 2024

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to “conduct a supply chain compromise of TensorFlow releases on GitHub and PyPi by compromising TensorFlow’s build agents via a malicious pull request,” […]

Cyber News
  • by
  • January 18, 2024

Canadian Citizen Gets Phone Back from Police

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. “This strikes me as a potentially more fruitful avenue of […]

Cyber News
  • by
  • January 18, 2024

MFA Spamming and Fatigue: When Security Measures Go Wrong

In today’s digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an additional layer of […]

Cyber News