Cyber Defense Advisors

Year: 2024

  • by
  • September 11, 2024

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French cybersecurity company Sekoia. “The Quad7 botnet […]

Cyber News
  • by
  • September 11, 2024

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

A “simplified Chinese-speaking actor” has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, […]

Cyber News
  • by
  • September 11, 2024

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations. The six […]

Cyber News
  • by
  • September 11, 2024

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract: Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training […]

Cyber News
  • by
  • September 11, 2024

Why Is It So Challenging to Go Passwordless?

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, “If it sounds too good to be true, it probably is.” If your organization is like many, you may be contemplating a move to […]

Cyber News
  • by
  • September 11, 2024

Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details

Graham CLULEY September 11, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial A man from New York City has admitted to computer hacking and associated crimes after being caught with a laptop containing hundreds of thousands of stolen payment card details. 32-year-old Vitalii Antonenko pleaded guilty in a Boston court […]

Cyber News
  • by
  • September 11, 2024

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. “The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews,” ReversingLabs researcher Karlo Zanki said. The activity has been […]

Cyber News
  • by
  • September 11, 2024

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. […]

Cyber News
  • by
  • September 11, 2024

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows – CVE-2024-29847 (CVSS score: 10.0) – A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code […]

Cyber News