Cyber Defense Advisors

Cyber News

ICO: Department for Education Should Have Been Fined £10m

DfE oversight leads to misuse of data on 28 million children

Cyber News, Cyber Threat Trends
  • by
  • November 7, 2022

Robin Banks Phishing Service for Cybercriminals Returns with Russian Server

A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after “Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations,” according to a report from cybersecurity company IronNet. Robin Banks was 

Cyber News, Cyber Threat Trends
  • by
  • November 6, 2022

Prefix Lists in Network Rules to Access AWS Services Without CIDRs

ACM.103 Provide access to S3 (and yum) in network rules without adding every S3 CIDR to maintain zero-trust networking This is a continuation of my series on Automating Cybersecurity Metrics. In the last post, I showed you how to access Git using a static IP addess (otherwise known as an EIP on AWS to add […]

Cyber News, Cyber Threat Trends
  • by
  • November 6, 2022

Bug in AWS IAM Console for User Groups

I was just updating my deployment script to add users to groups as part of my latest blog series on automated security metrics: Automating Cybersecurity Metrics (ACM) I added a user to the Developers group. I had an existing user named Developer, added a new user name Developer2 using my add to group code. After deploying my […]

Cyber News, Cyber Threat Trends
  • by
  • November 5, 2022

Limiting Access to an AWS EIP in GitHub

ACM.102 Ensuring only authorized IP addresses can access your private GitHub repositories This is a continuation of my series on Automating Cybersecurity Metrics. My last post explained how you can restrict SSH access on your local network to only authorized IP addresses. Local Firewall Rules to Connect to an AWS EIP via SSH Specifically, we […]

Cyber News, Cyber Threat Trends
  • by
  • November 5, 2022

Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers’ machines with a malware called W4SP Stealer. “The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22,” […]

Cyber News, Cyber Threat Trends
  • by
  • November 5, 2022

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

Microsoft is warning of an uptick in the nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has “observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability,” making it imperative that

Cyber News, Cyber Threat Trends

Friday Squid Blogging: Newfoundland Giant Squid Sculpture

In 1878, a 55-foot-long giant squid washed up on the shores of Glover’s Harbour, Newfoundland. It’s the largest giant squid ever recorded—although scientists now think that the size was an exaggeration or the result of postmortem stretching—and there’s a full-sized statue of it near the beach where it was found. As usual, you can also […]

Cyber News, Cyber Threat Trends
  • by
  • November 4, 2022

Qualys previews TotalCloud FlexScan for multicloud security management

Vulnerability management vendor Qualys this week announced the trial availability of its TotalCloud with FlexScan offering, an agentless, cloud-native vulnerability detection and response platform designed for use in multicloud and hybrid environments. The software is designed to provide a holistic overview of an organization’s cloud-based workloads and identify known vulnerabilities. The system also scans workloads […]

Cyber News, Cyber Threat Trends