Cyber Defense Advisors

Cyber News

  • by
  • November 7, 2024

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management interface […]

Cyber News
  • by
  • November 7, 2024

Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns

The Canadian government on Wednesday ordered ByteDance-owned TikTok to dissolve its operations in the country, citing national security risks, but stopped short of instituting a ban on the popular video-sharing platform. “The decision was based on the information and evidence collected over the course of the review and on the advice of Canada’s security and […]

Cyber News
  • by
  • November 7, 2024

Smashing Security podcast #392: Pasta spies and private eyes, and are you applying for a ghost job?

A Facebook friend request leads to arrest, Twitter scams ride again via promoted ads, and adult websites expose their members. Oh, and Graham finds out what Rule 34 is. All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault. Warning: […]

Cyber News
  • by
  • November 6, 2024

VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. “Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker exploited the trusted infrastructures of previously compromised organizations to distribute spear-phishing […]

Cyber News
  • by
  • November 6, 2024

Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Cybersecurity researchers are warning that a command-and-control (C&C) framework called Winos is being distributed within gaming-related applications like installation tools, speed boosters, and optimization utilities. “Winos 4.0 is an advanced malicious framework that offers comprehensive functionality, a stable architecture, and efficient control over numerous online endpoints to execute further actions,” Fortinet FortiGuard Labs said in […]

Cyber News
  • by
  • November 6, 2024

IoT Devices in Password-Spraying Botnet

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack: “Any threat actor using the CovertNetwork-1658 infrastructure could conduct password spraying campaigns at a larger scale and greatly […]

Cyber News
  • by
  • November 6, 2024

9 Steps to Get CTEM on Your 2025 Budgetary Radar

Budget season is upon us, and everyone in your organization is vying for their slice of the pie. Every year, every department has a pet project that they present as absolutely essential to profitability, business continuity, and quite possibly the future of humanity itself. And no doubt that some of these actually may be mission […]

Cyber News
  • by
  • November 6, 2024

INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime

INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure. “Of the approximately 30,000 suspicious IP addresses identified, 76 per […]

Cyber News
  • by
  • November 6, 2024

South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers

Meta has been fined 21.62 billion won ($15.67 million) by South Korea’s data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent. The country’s Personal Information Protection Commission (PIPC) said Meta gathered information such as religious […]

Cyber News