Cyber Defense Advisors

News

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. “A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox,” GitHub said in an advisory published […]

Cyber News

Data Transparency and its Impact on Customer Trust

How do organizations earn and build trust when it comes to the personal data that customers share with them? Customers certainly expect these organizations to comply with all privacy laws that are now in place in more than 130 countries. Customers also expect them not to sell personal data without consent and to try to […]

Cyber News

Inserting a Backdoor into a Machine-Learning System

Interesting research: “ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks, by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract: Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove […]

Cyber News

How legacy tech impedes zero trust and what to do about it

As organizations embrace the zero-trust security model, legacy tech has created some roadblocks. In fact, replacing or rebuilding existing legacy infrastructures is the biggest challenge to implementing zero trust, according to a recent study. General Dynamics’ 2022 Zero Trust Research Report surveyed 300 IT and program managers across US federal, civilian, and defense agencies, which […]

Cyber News

#ISC2Congress: Cybersecurity Pros Must Prepare for Emerging Deepfake Threats

The security risks posed by deepfake technology are increasing

Cyber News

Pro-Russian Group KillNet Claims Responsibility for 14 US Airport DDoS Attacks

The websites of several major US airports were disrupted on October 10, 2022

Cyber News

Kolide gives you real-time fleet visibility across Mac, Windows, and Linux, answering questions MDMs can’t

Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for their support! Device security is a lot like Mount Everest: it’s tough to scale. When you’re a small company dominated by engineers, you can keep up with fleet management with nothing more than trust and […]

Cyber News

PCI DSS v4.0

2022 is the year that much of the world managed, to varying degrees of success, to get back to normal.  People ramped up traveling, returned to in-person activities and many returned to the office.  The pandemic changed most aspects of day-to-day life, but hackers and other bad actors generally continued making life difficult for businesses, […]

Cyber News

Calls for Better Microsoft Teams Backup as Confidential Info Sent on the Platform

Many admitted to sending messages on Teams they should not have

Cyber News