Cyber Defense Advisors

News

#RSAC: Election Protection is CISA’s Top Priority for Next 18 Months

Protecting the democratic process from cyber-criminals is a top priority for CISA over the next 18 months, ahead of the US General Election

Cyber News, Cyber Threat Trends

Falling Dwell Time May Be Due to Faster Threat Activity

Sophos warns against simple interpretation of the data

Cyber News, Cyber Threat Trends
  • by
  • April 25, 2023

Thousands of misconfigured container and artifact registries expose sensitive credentials

Researchers have found thousands of publicly exposed and misconfigured container registries and artifact repositories belonging to businesses that could give attackers access to access tokens, encryption keys, and other sensitive information about internal systems. This information can allow attackers to plan and execute attacks against production and development systems, and in some cases even inject […]

Cyber News, Cyber Threat Trends
  • by
  • April 25, 2023

Circle Security debuts platform “purpose-built” to tackle credential-driven threats, cloud attacks

Cybersecurity company Circle Security has emerged from stealth with the release of a new platform “purpose-built” to protect against credential-driven threats and cloud attacks. Powered by a decentralized architecture, Circle is available as a device-native service, a mobile app, a browser-based solution, and via a developer-focused API, according to the firm. Circle Security boasts an […]

Cyber News, Cyber Threat Trends

UK Threatens End-to-End Encryption

In an open letter, seven secure messaging apps—including Signal and WhatsApp—point out that the UK’s Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians […]

Cyber News, Cyber Threat Trends

Friday Squid Blogging: More on Squid Fishing

The squid you eat most likely comes from unregulated waters. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Cyber News, Cyber Threat Trends
  • by
  • April 23, 2023

Storing a GPG / PGP key on a Yubikey

Moving a GPG key to a Yubikey and using it from there to encrypt documents Continue reading on Cloud Security »

Cyber News, Cyber Threat Trends
  • by
  • April 23, 2023

Troubleshooting S3 bucket policies

ACM.199 A working Organization CloudTrail Bucket Policy Continue reading on Cloud Security »

Cyber News, Cyber Threat Trends
  • by
  • April 23, 2023

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows – CVE-2023-28432 (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability  CVE-2023-27350 (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control

Cyber News, Cyber Threat Trends