Cyber Defense Advisors

Cyber News

  • by
  • September 6, 2024

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. “An attacker with no valid credentials […]

Cyber News
  • by
  • September 6, 2024

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. “If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself,” Durov said in a 600-word statement on his Telegram account. “Using laws […]

Cyber News
  • by
  • September 5, 2024

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. “Sighting this group’s [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic […]

Cyber News
  • by
  • September 5, 2024

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below – CVE-2024-40711 (CVSS score: 9.8) – A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS […]

Cyber News
  • by
  • September 5, 2024

Cicada ransomware – what you need to know

What is the Cicada ransomware? Cicada (also known as Cicada3301) is sophisticated ransomware written in Rust that has claimed more than 20 victims since its discovery in June 2024. Why is the ransomware called Cicada? The criminals behind Cicada appear to have named it after the mysterious Cicada 3301 puzzles posted on the internet between […]

Cyber News
  • by
  • September 5, 2024

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S. money laundering and criminal trademark laws, the agency called out companies Social Design […]

Cyber News
  • by
  • September 5, 2024

Long Analysis of the M-209

Really interesting analysis of the American M-209 encryption device and its security.  

Cyber News
  • by
  • September 5, 2024

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally […]

Cyber News
  • by
  • September 5, 2024

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. […]

Cyber News