Cyber Defense Advisors

Cyber News

Enterprises embrace devsecops practices against supply chain attacks

For enterprise security professionals alarmed about the rising number of supply chain attacks, a report released this week by Google and supply chain security firm Chainguard has good news: Devsecops best practices are becoming more and more common. The recent prevalence of supply chain attacks—most notably the SolarWinds attack, which affected numerous large companies in […]

Cyber News

Hackers Hide Malware in Windows Logo, Target Middle East Governments

The group continued to use the LookBack backdoor, but also several new types of malware

Cyber News

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a […]

Cyber News

Prison for ex-eBay staff who aggressively cyberstalked company’s critics with Craigslist sex party ads and funeral wreaths

Two men, who previously worked at eBay, have been sentenced to prison after admitting their role in a cyberstalking campaign that targeted the editor and publisher of a newsletter that criticised the company. Read more in my article on the Hot for Security blog.

Cyber News

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

The “ProxyNotShell” security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.

Cyber News

Hackers Backdoor Pirated Windows OS With Cryptominer and Xtreme RAT

The behavior of the actors was reportedly identical to what was described by Minerva Labs in 2021

Cyber News

SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates

The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.

Cyber News

Lazarus-Associated Hackers Weaponize Open-Source Tools Against Several Countries

The advisory suggests Zinc has targeted media, defense and aerospace, and IT services

Cyber News

Watchfinder warns customers that hackers stole their data

Luxury pre-owned watch website Watchfinder has warned its user base that their personal data has been accessed after an employee’s account was broken into and a customer list accessed.

Cyber News