Cyber Defense Advisors

Year: 2024

  • by
  • January 3, 2024

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an […]

Cyber News
  • by
  • January 3, 2024

Facial Recognition Systems in the US

A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. (This, of course, can all change without notice.) Three years ago, I wrote that campaigns to ban facial recognition are too narrow. The problem here is identification, correlation, and then discrimination. There’s […]

Cyber News
  • by
  • January 3, 2024

Courts service “PWNED” in Australia, as hackers steal sensitive recordings of hearings

Graham CLULEY January 03, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial Hackers are believed to have successfully accessed several weeks’ worth of sensitive video and audio recordings of court hearings, including one made at a children’s court where the identities of minors are supposed to be particularly critical to […]

Cyber News
  • by
  • January 3, 2024

5 Ways to Reduce SaaS Security Risks

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, […]

Cyber News
  • by
  • January 3, 2024

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails

A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. “Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing attacks,” Timo Longin, a senior security consultant […]

Cyber News
  • by
  • January 3, 2024

DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation

The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR). In addition to prohibiting the company from violating the law, the stipulated order requires it to […]

Cyber News
  • by
  • January 2, 2024

TikTok Editorial Analysis

TikTok seems to be skewing things in the interests of the Chinese Communist Party. (This is a serious analysis, and the methodology looks sound.) Conclusion: Substantial Differences in Hashtag Ratios RaiseConcerns about TikTok’s Impartiality Given the research above, we assess a strong possibility that content on TikTok is either amplified or suppressed based on its […]

Cyber News
  • by
  • January 2, 2024

The Definitive Enterprise Browser Buyer’s Guide

Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions […]

Cyber News
  • by
  • January 2, 2024

Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in ‘Incognito Mode’

Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers. The class-action lawsuit sought at least $5 billion in damages. The settlement terms were […]

Cyber News