Cyber Defense Advisors

Year: 2024

  • by
  • December 17, 2024

CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below – CVE-2024-20767 (CVSS score: 7.4) – Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to […]

Cyber News

Trump Team Eyes Tougher Cyber Tactics

Trump Team Eyes Tougher Cyber Tactics Waltz: Hackers “Must Feel Consequences” as 2025 Looms On Sunday, Representative Mike Waltz—President-elect Donald Trump’s incoming pick for national security adviser—signaled a major shift in U.S. cyber policy. Two days after his appearance on CBS’s Face the Nation, the message still reverberates through Washington: No more hunkering down. No […]

Cyber Thoughts
  • by
  • December 16, 2024

DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. “Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over […]

Cyber News
  • by
  • December 16, 2024

Rydox cybercrime marketplace seized by law enforcement, suspected admins arrested

Graham CLULEY December 16, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial Rydox, an online marketplace used by cybercriminals to sell hacked personal information and tools to commit fraud, has been seized in an international law enforcement operation and its suspected administrators arrested. Rydox has been operating since early 2016, […]

Cyber News
  • by
  • December 16, 2024

NoviSpy Spyware Installed on Journalist’s Phone After Unlocking It With Cellebrite Tool

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. “NoviSpy allows for capturing sensitive personal data from a target’s phone after infection and provides the ability to turn on the phone’s microphone or […]

Cyber News
  • by
  • December 16, 2024

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. […]

Cyber News
  • by
  • December 16, 2024

Short-Lived Certificates Coming to Let’s Encrypt

Starting next year: Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time […]

Cyber News
  • by
  • December 16, 2024

Data Governance in DevOps: Ensuring Compliance in the AI Era

With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we’ll explore the concept of CI/CD pipeline governance and why it’s vital, […]

Cyber News
  • by
  • December 16, 2024

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. “The main goal of the fraudsters is to lead victims to phishing websites and forms that […]

Cyber News