Cyber Defense Advisors

News

  • by
  • December 7, 2023

Governments May Spy on You by Requesting Push Notifications from Apple and Google

Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. “Push notifications are alerts sent by phone apps to users’ smartphones,” Wyden said. “These alerts pass through a digital post office run by the phone operating system provider — overwhelmingly Apple […]

Cyber News
  • by
  • December 7, 2023

Smashing Security podcast #351: Nuclear cybersecurity, Marketplace scams, and face up to porn

Hacking fears are raised at Western Europe’s most hazardous building, why porn sites might soon be scanning your face, and our guest narrowly avoids a Facebook Marketplace scammer. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this […]

Cyber News
  • by
  • December 7, 2023

See me talking about “Future-proofing enterprise cybersecurity for AI, vulnerabilities, and business risks”

Future-proofing enterprise cybersecurity for AI, vulnerabilities, and business risks” teaser Watch this video on YouTube I’m joining the folks at Skybox Security on Wednesday 13 December 2023, for a webinar about “Future-proofing enterprise cybersecurity for AI, vulnerabilities, and business risks.” Using real-life examples of organisations who have been hacked, we’ll be discussing the importance of […]

Cyber News
  • by
  • December 7, 2023

New Stealthy ‘Krasue’ Linux Trojan Targeting Telecom Firms in Thailand

A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore, the malware is “able to conceal its own presence during the initialization phase,” Group-IB […]

Cyber News
  • by
  • December 7, 2023

Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger

Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the “most significant milestone yet.” “This isn’t a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts,” Loredana […]

Cyber News
  • by
  • December 6, 2023

Security Analysis of a Thirteenth-Century Venetian Election Protocol

Interesting analysis: This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader […]

Cyber News
  • by
  • December 6, 2023

ICANN Launches Service to Help With WHOIS Lookups

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars. In May 2018, the Internet Corporation […]

Cyber News
  • by
  • December 6, 2023

Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis. AWS STS is […]

Cyber News
  • by
  • December 6, 2023

New Report: Unveiling the Threat of Malicious Browser Extensions

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate […]

Cyber News