Cyber Defense Advisors

Cyber News

  • by
  • October 24, 2024

New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. “Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support,” the […]

Cyber News
  • by
  • October 24, 2024

NotLockBit: ransomware discovery serves as wake-up call for Mac users

Historically, Mac users haven’t had to worry about malware as much as their Windows-using cousins.  Although malware targeting Apple devices actually predates viruses written for PCs, and there have been some families of malware that have presented a significant threat for both operating systems (for instance, the Word macro viruses that hit computers hard from […]

Cyber News
  • by
  • October 24, 2024

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances. “The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover,” Aqua […]

Cyber News
  • by
  • October 24, 2024

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. Arising […]

Cyber News
  • by
  • October 24, 2024

Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA

Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, […]

Cyber News
  • by
  • October 24, 2024

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it made the discovery after it came across a novel attack chain in May 2024 that targeted the personal computer of […]

Cyber News
  • by
  • October 24, 2024

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol. “A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon […]

Cyber News
  • by
  • October 23, 2024

Smashing Security podcast #390: When security firms get hacked, and your new North Korean remote worker

The SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired… but what’s their plan? All this and much much more is discussed in the latest edition of the “Smashing […]

Cyber News
  • by
  • October 23, 2024

Are Automatic License Plate Scanners Constitutional?

An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers. “The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of their every […]

Cyber News