Cyber Defense Advisors

Year: 2024

  • by
  • July 10, 2024

RADIUS Vulnerability

New attack against the RADIUS authentication protocol: The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or […]

Cyber News
  • by
  • July 10, 2024

New Ransomware Group Exploiting Veeam Backup Software Vulnerability

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities. Initial access to the target […]

Cyber News
  • by
  • July 10, 2024

Smash-and-Grab Extortion

The Problem The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are: 53% of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zero-days. More mass compromise events arose from […]

Cyber News
  • by
  • July 10, 2024

Microsoft’s July Update Patches 143 Flaws, Including Two Actively Exploited

Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition […]

Cyber News
  • by
  • July 10, 2024

True Protection or False Promise? The Ultimate ITDR Shortlisting Guide

It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity […]

Cyber News
  • by
  • July 10, 2024

Google Adds Passkeys to Advanced Protection Program for High-Risk Users

Google on Wednesday announced that it’s making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP). “Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account,” Shuvo Chatterjee, product lead of APP, said. Passkeys are considered a more secure and phishing-resistant […]

Cyber News
  • by
  • July 10, 2024

HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia

Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that’s widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. “Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion,” Elliptic said in a report shared with […]

Cyber News
  • by
  • July 10, 2024

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. “A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations,” Trellix security researchers Mathanraj Thangaraju and […]

Cyber News
  • by
  • July 10, 2024

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal […]

Cyber News