Cyber Defense Advisors

News

Home / News / Page 228

Unpacking the Penetration Testing & Exploitation Assessment Dichotomy

Unpacking the Penetration Testing & Exploitation Assessment Dichotomy In the ever-evolving landscape of cybersecurity, staying one step ahead of malicious actors is a constant challenge. As organizations strive to protect their digital assets and sensitive data, two crucial methodologies emerge to gauge their security posture: penetration testing and exploitation assessment. These practices are vital in […]

Penetration Testing and Exploitation Assessment
Russian COLDRIVER Hackers
  • by
  • January 18, 2024

Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware

The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google’s Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection […]

Cyber News

The Realities of CMMC Compliance in Global Defense Contracts

The Realities of CMMC Compliance in Global Defense Contracts In the ever-evolving landscape of global defense, cybersecurity has emerged as a paramount concern. With the increasing sophistication of cyber threats, safeguarding sensitive military information has become a top priority for governments and defense contractors alike. To address this, the Department of Defense (DoD) in the […]

CMMC Compliance
TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks
  • by
  • January 18, 2024

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to “conduct a supply chain compromise of TensorFlow releases on GitHub and PyPi by compromising TensorFlow’s build agents via a malicious pull request,” […]

Cyber News
  • by
  • January 18, 2024

Canadian Citizen Gets Phone Back from Police

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. “This strikes me as a potentially more fruitful avenue of […]

Cyber News
MFA Spamming and Fatigue
  • by
  • January 18, 2024

MFA Spamming and Fatigue: When Security Measures Go Wrong

In today’s digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an additional layer of […]

Cyber News
PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft
  • by
  • January 18, 2024

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to achieve remote […]

Cyber News
Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts
  • by
  • January 18, 2024

Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts

High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage group called Mint Sandstorm since November 2023. The threat actor “used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files,” […]

Cyber News
Smashing Security
  • by
  • January 18, 2024

Smashing Security podcast #355: Fishy Rishi, 23andMe, and the labour of love

Has the British Prime Minister been caught secretly profiting from a cryptocurrency app? Were 23andMe right to blame their users after a data breach? And Indian men have hard feelings after falling for a money-for-sex scam. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity […]

Cyber News