Cyber Defense Advisors

Cyber News

  • by
  • August 28, 2024

New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials

Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. “By using legitimate cloud applications, attackers provide credibility to victims, helping them to trust the content it serves,” Netskope Threat […]

Cyber News
  • by
  • August 28, 2024

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024. Arising due to missing input validation […]

Cyber News
  • by
  • August 27, 2024

The AI Fix #13: ChatGPT runs for mayor, and should we stop killer robots?

In episode 13 of “The AI Fix”, meat avatar Cluley learns that AI doesn’t pose an existential threat to humanity and tells meat avatar Stockley how cybersex is about to get very, very weird. Our hosts also learn that men lie on their dating profiles, hear ChatGPT steal somebody’s voice, and discover an AI that […]

Cyber News
  • by
  • August 27, 2024

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts “almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the […]

Cyber News
  • by
  • August 27, 2024

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States […]

Cyber News
  • by
  • August 27, 2024

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet service provider (ISP), managed service provider (MSP) and information technology (IT) sectors as […]

Cyber News
  • by
  • August 27, 2024

CTEM in the Spotlight: How Gartner’s New Categories Help to Manage Exposures

Want to know what’s the latest and greatest in SecOps for 2024? Gartner’s recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year’s report: Threat Exposure Management, Exposure Assessment Platforms (EAP), […]

Cyber News
  • by
  • August 27, 2024

The Present and Future of TV Surveillance

Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.  

Cyber News
  • by
  • August 27, 2024

Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot

Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. “ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface,” security researcher Johann Rehberger said. “This […]

Cyber News