Cyber Defense Advisors

News

  • by
  • September 21, 2024

LinkedIn Halts AI Data Processing in U.K. Amid Privacy Concerns Raised by ICO

The U.K. Information Commissioner’s Office (ICO) has confirmed that professional social networking platform LinkedIn has suspended processing users’ data in the country to train its artificial intelligence (AI) models. “We are pleased that LinkedIn has reflected on the concerns we raised about its approach to training generative AI models with information relating to its U.K. […]

Cyber News
  • by
  • September 21, 2024

Ukraine Bans Telegram Use for Government and Military Personnel

Ukraine has restricted the use of the Telegram messaging app by government officials, military personnel, and other defense and critical infrastructure workers, citing national security concerns. The ban was announced by the National Coordination Centre for Cybersecurity (NCCC) in a post shared on Facebook. “I have always advocated and advocate for freedom of speech, but […]

Cyber News
  • by
  • September 21, 2024

Friday Squid Blogging: Squid Game Season Two Teaser

The teaser for Squid Game Season Two dropped. Blog moderation policy.  

Cyber News
  • by
  • September 20, 2024

Clever Social Engineering Attack Using Captchas

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. Clever. Tags: captchas, malware, social engineering Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News
  • by
  • September 20, 2024

Europol Shuts Down iServer Phishing Scheme and Ghost Cybercrime Chat Platform

Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru (41,500), Spain (30,000), and Argentina (29,000). […]

Cyber News
  • by
  • September 20, 2024

Passwordless AND Keyless: The Future of (Privileged) Access Management

In IT environments, some secrets are managed well and some fly under the radar. Here’s a quick checklist of what kinds of secrets companies typically manage, including one type they should manage: Passwords [x] TLS certificates [x] Accounts [x] SSH keys ??? The secrets listed above are typically secured with privileged access management (PAM) solutions […]

Cyber News
  • by
  • September 20, 2024

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks. Google-owned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by Microsoft, […]

Cyber News
  • by
  • September 20, 2024

Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. “This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can’t be accessed by anyone, not even Google,” Chrome product manager Chirag Desai said. The […]

Cyber News
  • by
  • September 20, 2024

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by the company as part of CSA 4.6 Patch 519 […]

Cyber News