Cyber Defense Advisors

Cyber News

  • by
  • June 27, 2024

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat’s transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. “With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it […]

Cyber News
  • by
  • June 27, 2024

The Secrets of Hidden AI Training on Your Data

While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing’s research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable, providing seamless experiences from collaboration and communication to work management and decision-making. However, beneath […]

Cyber News
  • by
  • June 27, 2024

Security Analysis of the EU’s Digital Wallet

A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet. Tags: credentials, cryptanalysis, cryptography, EU, identification Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News
  • by
  • June 27, 2024

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the “ask” function that could be exploited to trick the library into executing […]

Cyber News
  • by
  • June 27, 2024

How to Use Python to Build Secure Blockchain Applications

Did you know it’s now possible to build blockchain applications, known also as decentralized applications (or “dApps” for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an all-in-one development toolkit for Algorand, enables developers to build blockchain applications in pure Python. This […]

Cyber News
  • by
  • June 27, 2024

US charges four FIN9-linked hackers after $71 million cybercrime spree

Four alleged members of the FIN9 cybercrime gang have been charged in relation to a series of hacks that caused over US $71 million of losses for companies across the United States. The defendants, all Vietnamese nationals, are accused of launching a series of sophisticated phishing and supply-chain attacks to gain unauthorised access to company […]

Cyber News
  • by
  • June 27, 2024

Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion

A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia’s full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of […]

Cyber News
  • by
  • June 27, 2024

Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139. […]

Cyber News
  • by
  • June 26, 2024

Smashing Security podcast #378: Julian Assange, inside a DDoS attack, and deepfake traumas

Wikileaks’s Julian Assange is a free man, deepfakes cause trouble in the playground, and we hear hot takes about ransomware and tales from inside a devastating denial-of-service attack. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this […]

Cyber News