Cyber Defense Advisors

News

Home / News / Page 404
  • by
  • December 4, 2023

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

New research has unearthed multiple novel attacks that break Bluetooth Classic’s forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8) and were responsibly disclosed in October […]

Cyber News
  • by
  • December 4, 2023

AI and Trust

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted […]

Cyber News
  • by
  • December 4, 2023

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn’t have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk […]

Cyber News
  • by
  • December 4, 2023

New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices

Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that’s capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, broadening its capabilities and reach. “It’s highly likely that by targeting MIPS, the P2PInfect developers intend to […]

Cyber News

A Comprehensive Guide to Cyber Security Risk Assessments

A Comprehensive Guide to Cyber Security Risk Assessments In an increasingly interconnected world, where businesses and individuals alike rely heavily on digital technologies, the importance of cybersecurity cannot be overstated. Cyber threats, ranging from data breaches to ransomware attacks, have become more sophisticated and prevalent, posing significant risks to organizations of all sizes. To effectively […]

High-Level Risk Assessment
  • by
  • December 4, 2023

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks

The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, “can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel Boot […]

Cyber News
  • by
  • December 4, 2023

Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware

Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to “hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of CACTUS ransomware,” the Microsoft Threat Intelligence team said in a series of posts […]

Cyber News

Why You Shouldn’t Ignore Regulatory Compliance Assessments

Why You Shouldn’t Ignore Regulatory Compliance Assessments Regulatory compliance assessments are more than just bureaucratic boxes to tick; they’re essential tools for businesses to ensure they remain on the right side of the law, safeguard their operations, and maintain trust with stakeholders. Overlooking their significance can lead to severe repercussions, both legally and financially. Here’s […]

Regulatory Compliance Assessments

Why You Shouldn’t Ignore Operational Resilience Programs

Why You Shouldn’t Ignore Operational Resilience Programs Operational resilience has rapidly become one of the most discussed topics in the corporate world, yet many still underestimate its importance. Rather than viewing operational resilience programs as a mere checkbox or a regulatory compliance demand, businesses should recognize them as essential drivers of long-term stability and success. […]

Operational Resilience Program