CIL Security Advisory

Review Bombing Attacks and Extortion

IntroductionMalicious actors use "review-bombing", a coordinated flood of fake, one-star reviews as an initial step for extortion. This high volume…

Synthetic Phishing: AI-Enabled Insider Impersonation

IntroductionThreat actors increasingly use artificial intelligence (AI) to impersonate trusted individuals such as executives, employees, or suppliers within organisations. These…

The Silent Security Threat: Data Hoarding

IntroductionThe greatest risk to your organization may be the sheer volume of data we hold, a practice known as Data…

Supply Chain Security: Preventing Software and Hardware Breaches

IntroductionA supply chain attack is an attack strategy that targets an organization through vulnerabilities in its supply chain. These vulnerable…

Cisco Firewall Zero-Day Vulnerability

IntroductionCisco has announced a new attack variant. This attack targets devices running Cisco Secure Firewall ASA and FTD Software that…

Understanding and Preventing Backdoor Execution

What Is Backdoor Execution?Backdoor execution occurs when cyber adversaries use hidden access points within a computer system or network to…

Pixel Stealing “Pixnapping”: A new exploit on Android

Introduction Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other…

Understanding and Defending Against Adversary-in-the-Middle (AiTM) Phishing Attacks

What is an Adversary-in-the-Middle (AiTM) Phishing Attack? An AiTM phishing attack is a sophisticated form of phishing in which attackers…

CAPTCHA Scams Exploiting Users to Steal Data

A CAPTCHA test is designed to determine if an online user is really a human and not a bot. CAPTCHA…