Cyber Defense Advisors

News

  • by
  • July 16, 2024

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation […]

Cyber News

How To Achieve Compliance in Record Time

How To Achieve Compliance in Record Time Fast-Track Your Way to FedRAMP, CMMC & More With Pre-Built Compliant IT Architectures Is your company’s path to achieving compliance proving difficult and costly? There is a revolutionary solution to help your organization swiftly meet stringent standards such as FedRAMP, CMMC, and more. The Compliance Challenge Regulatory frameworks […]

Cyber Thoughts
  • by
  • July 15, 2024

Hacking Scientific Citations

Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors’ names, publication year, journal or conference name, and page numbers of the cited publication. These details are stored as metadata, not visible in the […]

Cyber News
  • by
  • July 15, 2024

Disney hacked? NullBulge claims to have stolen 1.1 TB of data from internal Slack channels

Graham CLULEY July 15, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial A group of hacktivists claims to have breached the IT systems of Disney, and stolen a gigantic 1.1 terabytes worth of data from the entertainment giant’s internal Slack messaging channels. The hacking group, which calls itself NullBulge, posted […]

Cyber News
  • by
  • July 15, 2024

GitHub Token Leak Exposes Python’s Core Repositories to Potential Attacks

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF). JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker […]

Cyber News
  • by
  • July 15, 2024

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, […]

Cyber News
  • by
  • July 15, 2024

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn’t it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that’s basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few […]

Cyber News
  • by
  • July 15, 2024

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool

A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a tenfold surge, adding it includes “mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source […]

Cyber News
  • by
  • July 15, 2024

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on July 9, 2024. […]

Cyber News