Cyber Defense Advisors

News

  • by
  • June 18, 2024

Convicted BEC scammer could face over 100 years in prison

Graham CLULEY June 18, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial A US court has found a Nigerian national guilty of charges related to a US $1.5 million business email compromise (BEC) scam and could face the rest of his life in prison as a consequence. 35-year-old Ebuka Raphael […]

Cyber News
  • by
  • June 18, 2024

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that’s capable of downloading and executing more malicious programs as well as a utility to propagate the malware via SSH, […]

Cyber News
  • by
  • June 18, 2024

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows – CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) – Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could […]

Cyber News
  • by
  • June 18, 2024

Singapore Police Extradites Malaysians Linked to Android Malware Fraud

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into downloading malicious apps onto their Android devices via phishing […]

Cyber News

Top 10 Cyber Security Blunders: The Homer Simpson Guide to What Not to Do

Top 10 Cyber Security Blunders The Homer Simpson Guide to What Not to Do This week, we’re diving into Cyber Security Lessons from Springfield! Discover the top 10 blunders—from password fumbles to ignoring updates—through Homer Simpson’s hilarious missteps, and learn how a single “D’oh!” can jeopardize your business. 1. Password Fumbles: “Mmm… Passwords”Using “Springfield” as […]

Cyber Thoughts
  • by
  • June 17, 2024

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. “Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log […]

Cyber News
  • by
  • June 17, 2024

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal command-and-control (C&C) for defense evasion purposes. Cybersecurity company Sygnia, which […]

Cyber News
  • by
  • June 17, 2024

What is DevSecOps and Why is it Essential for Secure Software Delivery?

Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts […]

Cyber News
  • by
  • June 17, 2024

Using LLMs to Exploit Vulnerabilities

Interesting research: “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly on real-world vulnerabilities that are […]

Cyber News