Cyber Defense Advisors

Cyber News

  • by
  • September 12, 2024

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 “An issue was discovered in GitLab CE/EE affecting all versions starting […]

Cyber News
  • by
  • September 12, 2024

WordPress plugin and theme developers told they must use 2FA

Developers of plugins and themes for WordPress.org have been told they are required to enable two-factor authentication (2FA) from October 1st. The move is intended to enhance security, helping prevent hackers from gaining access to accounts through which malicious code could be injected into code used by millions of websites running the self-hosted version of […]

Cyber News
  • by
  • September 12, 2024

Microsoft Is Adding New Cryptography Algorithms

Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article: The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The […]

Cyber News
  • by
  • September 12, 2024

Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide

Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d (aka Void). “It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and […]

Cyber News
  • by
  • September 12, 2024

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. “Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions,” Cado Security researchers Tara Gould and Nate Bill said in an analysis published today. “However, Selenium Grid’s default configuration lacks authentication, […]

Cyber News
  • by
  • September 12, 2024

Top 3 Threat Report Insights for Q2 2024

Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato’s global customers, between April and June 2024. Key Insights from the Q2 2024 Cato CTRL SASE Threat […]

Cyber News
  • by
  • September 12, 2024

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Iraqi government networks have emerged as the target of an “elaborate” cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister’s Office and the Ministry of Foreign Affairs, cybersecurity company Check Point said in a new analysis. OilRig, also called APT34, Crambus, […]

Cyber News
  • by
  • September 12, 2024

Ireland’s Watchdog Launches Inquiry into Google’s AI Data Practices in Europe

The Irish Data Protection Commission (DPC) has announced that it has commenced a “Cross-Border statutory inquiry” into Google’s foundational artificial intelligence (AI) model to determine whether the tech giant has adhered to data protection regulations in the region when processing the personal data of European users. “The statutory inquiry concerns the question of whether Google […]

Cyber News
  • by
  • September 12, 2024

Smashing Security podcast #384: A room with a view, AI music shenanigans, and a cocaine bear

It’s a case of algorithm and blues as we look into an AI music scam, Ukraine believes it has caught a spy high in the sky, and a cocaine-fuelled bear goes on the rampage. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and […]

Cyber News