Cyber Defense Advisors

Cyber News

  • by
  • October 11, 2024

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. “In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, […]

Cyber News
  • by
  • October 11, 2024

IronNet Has Shut Down

After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me. Whatever ideas he had, they were […]

Cyber News
  • by
  • October 11, 2024

How Hybrid Password Attacks Work and How to Defend Against Them

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process. In this post, we’ll explore hybrid attacks — what they are and the most common […]

Cyber News
  • by
  • October 11, 2024

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did […]

Cyber News
  • by
  • October 11, 2024

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. “An issue was discovered in […]

Cyber News
  • by
  • October 11, 2024

Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world’s largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of […]

Cyber News
  • by
  • October 10, 2024

Ransomware attack leaks social security numbers of over 230,000 Comcast customers

Graham CLULEY October 10, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial Over 237,000 Comcast customers have had their sensitive personal information compromising following a ransomware attack against a third party company. Financial Business and Consumer Solutions (FBCS), a debt collection agency previously used by Comcast, was the subject of […]

Cyber News
  • by
  • October 10, 2024

OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts […]

Cyber News
  • by
  • October 10, 2024

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. “A vulnerability in the Nortek […]

Cyber News