# Latest Podcast
# Description
Today, iOS security and various vulnerabilities such as debugserver access, memory dumping, insufficient input sanitization, and improper handling of sensitive data. The mitigation strategies involve enforcing safe coding practices and proper encryption. Eclipse has emerged as an AI tool helping to detect sensitive information in documents to enhance privacy, though with limitations and specific system requirements. On a parallel note, Nebula is an AI ethical hacking assistant designed to identify and exploit vulnerabilities by translating natural language into commands, assisting both novices and experienced ethical hackers with features like autonomous exploitation and command suggestions. Meanwhile, Alessandro Bresciani offers insights into port scanning via his blog, particularly using Golang and gopacket, and compares different scanner types while explaining banner grabbing. Tackling advanced cyber threats on operational technology (OT), another piece details measures to secure industrial systems like HMIs, EWS, and PLCs from cyber attacks by suggesting defenses such as leveraging the MITRE ATTACK framework and implementing CIP Security.
Siemens urges updates for fire protection system vulnerabilities, posing remote attack risks. GitGuardian report reveals 12 million secrets exposed on GitHub, notably in IT and education. A breakthrough 3D nanoscale optical disk promises revolution in data storage. FortiGuard Labs unveils a complex Java-based RAT phishing campaign. Techniques discovered for bypassing AI restrictions, raising security concerns. EquiLend and Leicester City Council experience cyberattacks, while a WordPress plugin flaw and D-Link router vulnerability pose widespread threats. South Korean national arrested in Russia for cyber espionage, and a former Google engineer in the US for stealing tech secrets.
Siemens urges updates for fire protection system vulnerabilities, posing remote attack risks. GitGuardian report reveals 12 million secrets exposed on GitHub, notably in IT and education. A breakthrough 3D nanoscale optical disk promises revolution in data storage. FortiGuard Labs unveils a complex Java-based RAT phishing campaign. Techniques discovered for bypassing AI restrictions, raising security concerns. EquiLend and Leicester City Council experience cyberattacks, while a WordPress plugin flaw and D-Link router vulnerability pose widespread threats. South Korean national arrested in Russia for cyber espionage, and a former Google engineer in the US for stealing tech secrets.
# Tradecraft
[#]
Explore iOS security vulnerabilities such as debugserver access, memory dumping, insufficient input sanitization, and improper handling of sensitive data; apply safe coding practices and proper encryption to mitigate these risks.
[#]
Eclipse is an AI-powered tool for detecting sensitive information in documents, streamlining privacy preservation in data sharing and preliminary screenings while acknowledging its limitations of not being exhaustive and having specific system requirements.
[#]
Nebula is an AI-powered ethical hacking assistant that facilitates vulnerability identification and exploitation by translating natural language into commands and suggesting actions based on outputs from security tools like NMAP, OWASP ZAP, and others, with a focus on helping both novice and veteran ethical hackers through features like autonomous exploitation mode, command suggestions, and the optional Nebula-Watcher for monitoring coverage during penetration tests.
[#]
Alessandro Bresciani's blog post delves into the creation of a port scanner using Golang and gopacket, discussing its structure and comparing PCAP-based and socket-based scanners, with insights on banner grabbing and installation instructions for the Scanme tool.
[#]
The article discusses advanced cyber attacks on operational technology (OT), focusing on disrupting industrial automation processes by targeting human-machine interfaces (HMIs), engineering workstations (EWS), and programmable logic controllers (PLCs), with proposed defenses including understanding attack incentives, using the MITRE ATT&CK framework, and deploying cybersecurity measures like CIP Security.
# News
[#]
Siemens fire protection systems are facing critical vulnerabilities CVE-2024-22039, CVE-2024-22040, and CVE-2024-22041, with advisories to apply updates or workarounds promptly to secure the systems against potential remote attacks.
[#]
In 2023, over 12 million authentication and critical secrets were accidentally exposed on GitHub across 3 million public repositories, and less than 2% were addressed promptly despite GitGuardian's alerts, with the majority of leaks originating from the IT and education sectors.
[#]
Researchers have developed a 3D nanoscale optical disk with petabit capacity, increasing data storage potential for big data centers, although the current high cost and size of required lasers, plus slow write speed, make it more suitable for archival use than immediate widespread adoption.
[#]
FortiGuard Labs reports a sophisticated phishing campaign deploying Java-based RATs via AWS and GitHub, using obfuscated JAR files and Proton Mail for communication, with the notable inclusion of a new RAT called VCURMS alongside STRRAT, password stealers, and keyloggers.
[#]
Researchers have found methods, such as encoding requests in ASCII art, Morse code, or base64, that can bypass language model restrictions designed for user safety, revealing a cat-and-mouse game between securing AI systems and subverting those security measures.
[#]
Okta refutes claims of a data breach after a leaker named 'Ddarknotevil' posts alleged customer information online, citing an investigation that suggests the data may be outdated or aggregated from public sources.
[#]
EquiLend, a U.S. securities lending platform, experienced a LockBit ransomware attack resulting in the theft of employee personal data, although customer data was unaffected, and the company has since restored all client services and offered identity theft protection to employees.
[#]
Cybersecurity researchers uncovered seven malicious PyPI packages designed to steal cryptocurrency wallet recovery phrases, with over 7,000 combined downloads before being removed, highlighting the ongoing threat to software supply chains.
[#]
Leicester City Council's IT infrastructure suffered a cyber attack on March 7, 2024, resulting in a total shutdown of systems and emergency measures to restore services, with the attack type and extent of damage currently under investigation.
[#]
A critical vulnerability in the "Anti-Malware Security and Brute-Force Firewall" WordPress plugin, identified as CVE-2024-22144 with a CVSS score of 9.0, could allow unauthenticated attackers total control of sites; users must update to version 4.23.56 or later to patch the issue and conduct site scans for anomalies.
[#]
Google's Gemini AI exhibits vulnerabilities such as system prompt leakage and manipulation to produce unauthorized content, with researchers from HiddenLayer demonstrating how attackers could exploit these weaknesses to inject misinformation or extract sensitive information, necessitating enhanced security measures and awareness to mitigate risks associated with deploying large language models.
[#]
EquiLend Holdings, a New York-based securities lending platform, confirmed that its employees' personal data was stolen during a January ransomware attack by LockBit, and is now offering free identity theft protection services for two years to the affected individuals.
[#]
The Italian Postal Police have issued a warning about insurance fraud involving QR codes, advising verification of insurance intermediaries' credibility and reporting of suspicious activity to authorities.
[#]
A malware campaign is exploiting a vulnerability in the Popup Builder WordPress plugin to inject malicious JavaScript, with 3,900+ sites affected, and site owners should update their plugins and scan for suspicious code or users.
[#]
Security experts discovered a critical stack-based buffer overflow vulnerability, CVE-2024-25331, in D-Link DIR-822 routers, allowing remote code execution without authentication, with no patches available, urging users to replace the device for security.
[#]
A significant vishing scam in South Korea, involving social engineering and technology manipulation, defrauded a victim of $3 million by impersonating law enforcement, highlighting the global rise of such attacks and the importance of educating people on the tactics used by scammers to prevent further incidents.
[#]
Security researchers from SpecterOps have unveiled a knowledge base called Misconfiguration Manager, detailing attack techniques and defenses for common misconfigurations in Microsoft's Configuration Manager (MCM/SCCM), a tool widely used in Active Directory environments which, if set up incorrectly, can significantly compromise network security.
[#]
The Kremlin alleges that the United States plans to attack Russia's online voting system to disrupt the upcoming presidential election, a claim coming soon after assurances that Russia does not intend to interfere with US elections.
[#]
The Cybersecurity and Infrastructure Security Agency took two systems offline due to a breach involving Ivanti product vulnerabilities, advising organizations to review their advisory on these issues to strengthen defenses.
[#]
Microsoft will terminate support for Windows 10 21H2 in June 2024, advising users to update to the latest version or switch to Windows 11 to avoid vulnerabilities.
[#]
Security researchers at ASEC have identified a sophisticated infostealer campaign that tricks users into downloading a fake Adobe Reader installer, which uses DLL hijacking and a disguised chrome.exe to evade detection and steal sensitive data.
[#]
Security researchers discovered a widespread attack on the Meson Network, where hackers exploited a vulnerable Laravel application and WordPress misconfiguration, orchestrating the establishment of about 6,000 nodes using compromised cloud accounts to profit from an unreleased cryptocurrency.
[#]
Security researchers at NetSPI have identified a critical Outlook RCE vulnerability, CVE-2024-21378, and though Microsoft has patched it, details and PoC code will be publicly released, necessitating immediate patch application and vigilance against form object syncing exploits.
[#]
A significant security flaw in WP Statistics plugin, CVE-2024-2194, threatens over 600,000 WordPress sites through stored XSS, and users should urgently update to the patched version to prevent attacks.
[#]
French government websites were hit by a large-scale distributed denial of service (DDoS) attack, believed to be a response to political tension over Ukraine, with Cloudflare and FalconFeeds indicating potential involvement from Russian and Sudanese actors, while the French digital agency DINUM took measures to mitigate its impact.
[#]
South Korean national Baek Won-soon was arrested in Vladivostok on cyber espionage charges, accused of providing classified information to foreign intelligence, and is now detained at Moscow's Lefortovo pretrial detention center alongside American journalist Evan Gershkovich who is facing similar accusations; meanwhile, a former Google engineer has been apprehended in the U.S. for allegedly stealing proprietary tech secrets.
