Cyber Defense Advisors

Year: 2024

  • by
  • October 4, 2024

Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off “over one hundred hyper-volumetric L3/4 DDoS attacks throughout last month, with many exceeding 2 billion packets per second (Bpps) and 3 […]

Cyber News
  • by
  • October 4, 2024

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and […]

Cyber News
  • by
  • October 4, 2024

Sellafield nuclear site hit with £332,500 fine after “significant cybersecurity shortfalls”

Graham CLULEY October 04, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial The UK’s Sellafield nuclear waste processing and storage site has been fined £332,500 by regulators after its IT systems were found to have been left vulnerable to hackers and unauthorised access for years. The Office for Nuclear Regulation […]

Cyber News
  • by
  • October 3, 2024

Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that’s responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell […]

Cyber News
  • by
  • October 3, 2024

The Secret Weakness Execs Are Overlooking: Non-Human Identities

For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within […]

Cyber News
  • by
  • October 3, 2024

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. “Perfctl is particularly elusive and persistent, employing several sophisticated techniques,” Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with […]

Cyber News
  • by
  • October 3, 2024

Tick tock.. Operation Cronos arrests more LockBit ransomware gang suspects

International law enforcement agencies have scored another victory against the LockBit gang, with a series of arrests and the seizure of servers used within the notorious ransomware group’s infrastructure.  As Europol has detailed in a press release, international authorities have continued to work on “Operation Cronos”, and now arrested four people, seized servers, and implemented […]

Cyber News
  • by
  • October 3, 2024

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child […]

Cyber News
  • by
  • October 3, 2024

North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks

Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, […]

Cyber News