Cyber Defense Advisors

News

  • by
  • August 27, 2024

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States […]

Cyber News
  • by
  • August 27, 2024

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet service provider (ISP), managed service provider (MSP) and information technology (IT) sectors as […]

Cyber News
  • by
  • August 27, 2024

CTEM in the Spotlight: How Gartner’s New Categories Help to Manage Exposures

Want to know what’s the latest and greatest in SecOps for 2024? Gartner’s recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year’s report: Threat Exposure Management, Exposure Assessment Platforms (EAP), […]

Cyber News
  • by
  • August 27, 2024

The Present and Future of TV Surveillance

Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.  

Cyber News
  • by
  • August 27, 2024

Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot

Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. “ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface,” security researcher Johann Rehberger said. “This […]

Cyber News
  • by
  • August 27, 2024

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. “Inappropriate implementation in […]

Cyber News
  • by
  • August 26, 2024

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access

SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. “An improper access control vulnerability has been identified in the SonicWall SonicOS […]

Cyber News
  • by
  • August 26, 2024

Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.

The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending sensitive driver data to the U.S. “The Dutch DPA found that Uber transferred personal data of European taxi drivers to the United States (U.S.) and failed […]

Cyber News
  • by
  • August 26, 2024

US Federal Court Rules Against Geofence Warrants

This is a big deal. A US Appeals Court ruled that geofence warrants—these are general warrants demanding information about all people within a geographical boundary—are unconstitutional. The decision seems obvious to me, but you can’t take anything for granted. Tags: courts, data privacy, geolocation, laws Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News