Cyber Defense Advisors

News

  • by
  • November 9, 2023

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. “This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its […]

Cyber News
  • by
  • November 9, 2023

NetRise releases Trace solution with AI-powered semantic search aimed at protecting firmware

Extended internet of things (XIoT) security platform developer NetRise has released its Trace solution, which the company say allows users to identify and validate compromised and vulnerable third-party and proprietary software assets using an AI-powered semantic search. NetRise, based in Austin, Texas, said Trace introduces intent-driven searches to enhance vulnerability detection and validation in firmware […]

Cyber News, Cyber Threat Trends
  • by
  • November 9, 2023

When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules

While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution that solves […]

Cyber News
  • by
  • November 9, 2023

MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel

Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called MuddyC2Go as part of attacks targeting Israel. “The framework’s web component is written in the Go programming language,” Deep Instinct security researcher Simon Kenin said in a technical report published Wednesday. The tool has been attributed to MuddyWater, an Iranian state-sponsored […]

Cyber News
  • by
  • November 9, 2023

CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be weaponized to launch massive DoS amplification […]

Cyber News

Smashing Security podcast #347: Trolls, military data, and the hitman and her

A woman’s attempt to hire an assassin online backfires badly, it’s scary just how cheap it is to buy information about US military personnel, and trolls and tattoos don’t mix. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, […]

Cyber News, Cyber Threat Trends

Smashing Security podcast #347: Trolls, military data, and the hitman and her

A woman’s attempt to hire an assassin online backfires badly, it’s scary just how cheap it is to buy information about US military personnel, and trolls and tattoos don’t mix. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, […]

Cyber News

Women sue plastic surgery after hack saw their naked photos posted online

Graham CLULEY November 08, 2023 Promo Protect all your devices, without slowing them down. Free 30-day trial Photos of naked patients and medical records have been posted online by extortionists who hacked a Las Vegas plastic surgery, driving victims to file a lawsuit claiming not enough care was taken to protect their private information. As […]

Cyber News