Cyber Defense Advisors

News

  • by
  • June 28, 2024

Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

The modern kill chain is eluding enterprises because they aren’t protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven’t revised their security programs or adopted security tooling built for SaaS. Security teams keep jamming […]

Cyber News
  • by
  • June 28, 2024

New SnailLoad Attack Exploits Network Latency to Spy on Users’ Web Activities

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user’s web activity. “SnailLoad exploits a bottleneck present on all Internet connections,” the researchers said in a study released this week. “This bottleneck influences the latency of […]

Cyber News
  • by
  • June 28, 2024

Better resilience sees more extorted companies refuse to pay their ransomware attackers

There’s some possibly good news on the ransomware front. Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend. That’s one of the findings of insurance broker Marsh, which conducted an analysis of the more than 1800 cyber claims it received during 2023 from […]

Cyber News
  • by
  • June 28, 2024

Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior. According to operational technology (OT) security firm Claroty, the […]

Cyber News
  • by
  • June 28, 2024

TeamViewer Detects Security Breach in Corporate IT Environment

TeamViewer on Thursday disclosed it detected an “irregularity” in its internal corporate IT environment on June 26, 2024. “We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures,” the company said in a statement. It further noted that its corporate […]

Cyber News
  • by
  • June 27, 2024

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat’s transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. “With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it […]

Cyber News
  • by
  • June 27, 2024

The Secrets of Hidden AI Training on Your Data

While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing’s research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable, providing seamless experiences from collaboration and communication to work management and decision-making. However, beneath […]

Cyber News
  • by
  • June 27, 2024

Security Analysis of the EU’s Digital Wallet

A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet. Tags: credentials, cryptanalysis, cryptography, EU, identification Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News
  • by
  • June 27, 2024

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the “ask” function that could be exploited to trick the library into executing […]

Cyber News