Cyber Defense Advisors

News

  • by
  • December 15, 2023

New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen Technologies, the malicious network is an amalgamation of two […]

Cyber News
  • by
  • December 15, 2023

Crypto Hardware Wallet Ledger’s Supply Chain Breach Results in $600,000 Theft

Crypto hardware wallet maker Ledger published a new version of its “@ledgerhq/connect-kit” npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishing attack, the company said in a statement. This […]

Cyber News
  • by
  • December 15, 2023

A Robot the Size of the World

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and then actually do […]

Cyber News
  • by
  • December 15, 2023

Bug or Feature? Hidden Web Application Vulnerabilities Uncovered

Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot be exploited to operate out of bounds. Cannot initiate operations that it is not supposed to do. Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and […]

Cyber News
  • by
  • December 15, 2023

New Security Vulnerabilities Uncovered in pfSense Firewall Software – Patch Now

Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from Sonar. “Security inside a local network […]

Cyber News
  • by
  • December 15, 2023

Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies

Google on Thursday announced that it will start testing a new feature called “Tracking Protection” beginning January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit “cross-site tracking by restricting website access to third-party cookies by default,” Anthony […]

Cyber News
  • by
  • December 15, 2023

New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel. “The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities,” Russian cybersecurity company […]

Cyber News
  • by
  • December 14, 2023

Prison for man who wiped bank’s data after being fired for accessing porn in the office

Graham CLULEY December 14, 2023 Promo Protect all your devices, without slowing them down. Free 30-day trial A man has been sentenced to 24 months in prison after being found guilty of hacking into his former employer’s network, and causing substantial damage. 38-year-old Miklos Daniel Brody, of San Francisco, worked as a cloud engineer for […]

Cyber News
  • by
  • December 14, 2023

Smashing Security podcast #352: For research purposes only

A hacker bursts the bubble of inflatable fetish fans, Hollywood celebrities unwittingly record videos in a Kremlin plot, and there’s a particularly devious WordPress-related malware campaign. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by […]

Cyber News