Cyber Defense Advisors

Cyber News

  • by
  • October 9, 2024

Social Media Accounts: The Weak Link in Organizational SaaS Security

Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a […]

Cyber News
  • by
  • October 9, 2024

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn’t include the 25 additional […]

Cyber News
  • by
  • October 9, 2024

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks

Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) […]

Cyber News
  • by
  • October 8, 2024

Patch Tuesday, October 2024 Edition

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “Sequoia” update that broke many cybersecurity […]

Cyber News
  • by
  • October 8, 2024

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an […]

Cyber News
  • by
  • October 8, 2024

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. “These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community,” Morphisec researcher Shmuel Uzan said in a new report published today, adding “this […]

Cyber News
  • by
  • October 8, 2024

The AI Fix #19: AI spy specs, robot dogs with ladders, and is it AI or the climate?

In episode 19 of “The AI Fix” podcast, Graham and Mark discover some AI podcast hosts having an existential crisis, a robot dog climbs another step towards world domination, Mark makes a gift for anyone working in tech support, and William Shatner chews through Lucy in the Sky with Diamonds. Things can take a terrible […]

Cyber News
  • by
  • October 8, 2024

Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools

Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. “The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems,” Kaspersky said, detailing a new campaign that began in June […]

Cyber News
  • by
  • October 8, 2024

China Possibly Hacking US “Lawful Access” Backdoor

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994. It’s a weird story. The first line of the article is: “A cyberattack […]

Cyber News