Cyber Defense Advisors

Year: 2024

  • by
  • September 3, 2024

Secrets Exposed: Why Your CISO Should Worry About Slack

In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It’s a typical Tuesday in […]

Cyber News
  • by
  • September 3, 2024

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework. “If successful, the adversary could gain any privileges already granted to the affected Microsoft applications,” […]

Cyber News
  • by
  • September 3, 2024

Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt

A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional […]

Cyber News
  • by
  • September 2, 2024

Owners of 1-Time Passcode Theft Service Plead Guilty

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in […]

Cyber News
  • by
  • September 2, 2024

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, […]

Cyber News
  • by
  • September 2, 2024

SQL Injection Attack on Airport Security

Interesting vulnerability: …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips. The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA […]

Cyber News
  • by
  • September 2, 2024

Webinar: Learn to Boost Cybersecurity with AI-Powered Vulnerability Management

The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated. In this high-stakes game, security leaders need every advantage they can get. That’s where Artificial Intelligence (AI) comes in. AI isn’t just a buzzword; it’s a game-changer for vulnerability management. AI is poised to […]

Cyber News
  • by
  • September 2, 2024

IT worker charged over $750,000 cyber extortion plot against former employer

Graham CLULEY September 02, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial A former IT engineer is facing federal charges in the United States after his former employer found it had been locked out of its computer systems and received a demand for $750,000. At approximately 4pm EST on November […]

Cyber News
  • by
  • September 2, 2024

Next-Generation Attacks, Same Targets – How to Protect Your Users’ Identities

The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods. It also […]

Cyber News