Cyber Defense Advisors

Cyber News

Home / News / Cyber News / Page 16
  • by
  • January 1, 2025

New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major Websites

Threat hunters have disclosed a new “widespread timing-based vulnerability class” that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. “Instead of relying on a single click, it takes advantage of a double-click sequence,” Yibelo said. “While […]

Cyber News
  • by
  • January 1, 2025

Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran’s Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia’s Main […]

Cyber News
  • by
  • December 31, 2024

Gift Card Fraud

It’s becoming an organized crime tactic: Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The crooks then repair the packaging, return to a store and place the cards back on […]

Cyber News
  • by
  • December 31, 2024

New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy

The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens’ personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. “This final rule is a crucial step forward in addressing the […]

Cyber News
  • by
  • December 31, 2024

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. “On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to […]

Cyber News
  • by
  • December 31, 2024

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. “Exploiting these flaws could allow attackers to gain persistent access as shadow administrators over the entire […]

Cyber News

U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South […]

Cyber News
  • by
  • December 30, 2024

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients’ data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader […]

Cyber News

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [30 Dec]

Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it’s a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week’s […]

Cyber News