Cyber Defense Advisors

Cyber News

  • by
  • July 1, 2024

Indian Software Firm’s Products Hacked to Spread Data-Stealing Malware

Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply chain compromise on June 18, 2024. The issue has since been remediated by Conceptworld as of June 24 […]

Cyber News
  • by
  • July 1, 2024

Model Extraction from Neural Networks

A new paper, “Polynomial Time Cryptanalytic Extraction of Neural Network Models,” by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it’s a really interesting result. Abstract: Billions of dollars and countless GPU […]

Cyber News
  • by
  • July 1, 2024

End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities

At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk’s recent research, 93% of organizations had two or more identity-related breaches in the past year. It […]

Cyber News
  • by
  • July 1, 2024

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for […]

Cyber News
  • by
  • July 1, 2024

Juniper Networks Releases Critical Security Update for Routers

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. “An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router […]

Cyber News
  • by
  • June 29, 2024

Google to Block Entrust Certificates in Chrome Starting November 2024

Google has announced that it’s going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority’s inability to address security issues in a timely manner. “Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors […]

Cyber News
  • by
  • June 28, 2024

Friday Squid Blogging: New Squid Species

A new squid species—of the Gonatidae family—was discovered. The video shows her holding a brood of very large eggs. Research paper. Tags: academic papers, squid, video Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News
  • by
  • June 28, 2024

Russian hackers read the emails you sent us, Microsoft warns more customers

Graham CLULEY June 28, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial More of Microsoft’s clients are being warned that emails they exchanged with the company were accessed by Russian hackers who broke into its systems and spied on staff inboxes. In January, Microsoft revealed that members of the “Midnight […]

Cyber News
  • by
  • June 28, 2024

Supply-chain ransomware attack cripples thousands of car dealerships

Sales: 0845 470 4001 | Support: 0845 230 6001 | Contact Form | NPS Company Cyber Security Business Continuity Ransomware Disaster Recovery Data Protection 299 Hits Car dealerships have been brought to a standstill across the United States after a software provider was hit by a ransomware attack. The attack, believed to be by the […]

Cyber News