Cyber Defense Advisors

News

Home / News / Page 1135
  • by
  • October 28, 2022

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. “This vulnerability

Cyber News, Cyber Threat Trends

Raspberry Robin Worm Actors Linked to Clop, LockBit Ransomware Groups

Microsoft said the worm had alternate infection methods beyond its original USB drive spread

Cyber News, Cyber Threat Trends

Critical Vulnerability in Open SSL

There are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It’s likely to be abused to disclose server memory contents, and potentially […]

Cyber News, Cyber Threat Trends
  • by
  • October 28, 2022

AWS Changing ARNs in Trust Policies — Big Problems

AWS Changing ARNs in Trust Policies — Big Problems ACM.94 Trying to restore things after a user gets deleted leaves you in a malformed state for which there is no simple recovery This is a continuation of my series on Automating Cybersecurity Metrics. While updating my code in prior posts, the KMSAdmin user got inadvertently deleted so I couldn’t […]

Cyber News, Cyber Threat Trends
  • by
  • October 28, 2022

These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets

Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud. “These droppers continue the unstopping evolution of malicious apps sneaking to the official store,” Dutch mobile security firm ThreatFabric

Cyber News, Cyber Threat Trends
  • by
  • October 28, 2022

Updates to Apple’s zero-day update story – iPhone and iPad users read this!

Turns out that Tuesday’s zero-day for iOS 16 is Friday’s zero-day for iOS 15…

Cyber News, Cyber Threat Trends
  • by
  • October 28, 2022

Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints

The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is “part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread,” the Microsoft Security Threat Intelligence Center (MSTIC

Cyber News, Cyber Threat Trends
  • by
  • October 28, 2022

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October […]

Cyber News, Cyber Threat Trends
  • by
  • October 28, 2022

Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks

The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth is a strategy in which companies use multiple layers of security […]

Cyber News, Cyber Threat Trends