VayFul Security - August 06 2024

Hi all!

Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…

📰 SECURITY BYTES

Auth Bypass Vulnerability Discovered in Select Rockwell Automation Logix Devices - “Chassis Restrictions Bypass”, allows attackers to potentially bypass the Trusted® Slot feature and execute unauthorized commands that could modify user projects or device configurations. Chassis Restrictions Bypass," allows attackers to potentially bypass the Trusted® Slot feature and execute unauthorized commands that could modify user projects or device configurations. #ICS #security

New Exploit Technique "SLUBStick" Kernel Heap Vulnerability Let Attackers Gain Full System Control - A research paper by Stefan Gast introduces a novel exploit technique called "SLUBStick." This technique leverages a software timing side channel on the Linux kernel's SLUB memory allocator to achieve arbitrary memory read-and-write access. #linux #kernel #vulnerability

"Sitting Ducks": DNS Vulnerabilities Expose Weaknesses in Internet Infrastructure - A Blog post from Eclypsium sheds light on a critical security issue plaguing the DNS, highlights new concept of "Sitting Ducks," referring to vulnerabilities in the DNS that attackers readily exploit. These vulnerabilities enable a variety of malicious activities, including malware delivery, phishing scams, and data exfiltration. #dns #vulnerabilities

Snooping Through Your HDMI: Researchers Explore Eavesdropping via Electromagnetic Emissions - A new research paper, "Deep-TEMPEST: Using Deep Learning to Eavesdrop on HDMI from its Unintended Electromagnetic Emanations," explores a novel eavesdropping technique. #deeplearning #hdmi #eavesdropping

Google Chrome Vulnerability (CVE-2024-7256) Exploited for Arbitrary Code Execution - CVE-2024-7256) in Google Chrome (prior to version 127.0.6533.88) posed a serious security risk. This vulnerability allowed attackers to potentially execute malicious code on user devices by exploiting insufficient data validation in the Dawn library. #chrome #vulnerability

🔥 INTERESTING WRITEUPS

Access body and title of Internal Repo Issues in Project -  [4000$ Bounty] 

Abusing Virtual number functionality on directapply.indeed.com to get free virtual number - [1000$ Bounty]

📝 BLOGS & ARTICLES

Demystifying GitHub Private Forks - The Hidden Danger of Cached View - GitHub: "zombie leaks." These leaks occur when seemingly deleted commits, containing sensitive information, remain accessible through cached views.Even after deletion, attackers can access these commits using the first few characters of the hash, potentially exposing secrets like passwords or API keys. #git #private #repo #fork #leak

Wiper Malware "AcidPour" Targets Ukraine: A Threat Analysis by Splunk - The blog post offers a detailed analysis of AcidPour's capabilities, including its data deletion techniques and potential delivery methods. Splunk also provides detection strategies to help organizations identify and mitigate the AcidPour threat. #malware #threat #analysis #soc

SOAR: Autonomous Improvement of Instruction Following Skills via Foundation Models -  This paper explores the concept of "autonomous improvement" in AI, a field focused on enabling AI models to learn and enhance their capabilities without human intervention. #AI #autonomous

You might have never understood the OSI Model this way - Rohilla Chavi offers a fresh perspective on the OSI (Open Systems Interconnection) model. The article breaks down the functionalities of each layer through relatable analogies, making it easier for non-technical readers to grasp the core principles of network communication. #osi #layer #networking

🛠️TOOLS

Wifi-heatmapper - Tool to generate WiFi heatmap. #wifi #heatmap

Hackberry-Pi_Zero - A handheld Linux terminal using Raspberry pi Zero 2W as Core with 4" 720X720 TFT display. #RaspberryPi #with #BlackBerry #keyboard

File-Smuggling - HTML smuggling is not an evil, it can be useful.File Smuggling Builder. This is a self-contained HTML app, handy, supports Windows, Mac, Linux and mobile. #html #file #smuggling 

Course-cryptanalysis - A Course in Cryptanalysis. Learn about cryptographic attacks and how to apply this knowledge to design secure cryptographic primitives. #crypto #course

🧠 TUTORIALS & SKILL-BUILDING

Why Google failed to make GPT-3 -- with David Luan of Adept - David Luan has been at the center of the modern AI revolution: he led Google's LLM efforts and talks about failure of Google GPT-3. #AI #gpt3 #google

Reverse Engineering Age Of Empires - How I reverse engineered the original Age Of Empires to see how its AI works. #game #reverse #engineering

Full-Circle Zero Trust: Ensuring No App is Left Behind in your IAM Strategy - Session talks about importance of a zero trust strategy and identifying gaps, offering a forward-looking blueprint to bring every application, irrespective of its native support for identity standards, under zero trust. #zero #trust #architecture #gaps

Physical And Information Security In The NHS - Phil Smith - Phil smith talks about physical and information security in the NHS at BSides Leeds conference. #physical #security #healthcare

🎁 MISCELLANEOUS

Jailbreak_llms - In-The-Wild Jailbreak Prompts on LLMs. #LLM #prompt #jailbreak

Rea - A Reverse Engineering Assistant leveraging Retrieval-Augmented Generation (RAG) and the LLaMA-3.1-8B-Instant Large Language Model (LLM). This tool is designed to revolutionize reverse engineering tasks by combining machine learning with retrieval-based systems. #LLM #reverse-engg 

Bioweapons Made with AI? US Government Grapples with New National Security Threat - Bloomberg highlights growing concerns within the US government regarding the potential use of Artificial Intelligence (AI) to create bioweapons. #AI #bioweapons #biosecurity

AI-Powered Stock Market Analyst with Global Coverage - AI-powered stock market analyst chatbot, designed to help you analyze stocks and gain valuable market insights with ease. Our intuitive conversational chat interface makes it simple for anyone to get started. #AI #stock-market #chatbot

🎯 QUOTE OF THE DAY

⭐ HOW DID WE DO?

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.

That’s a wrap!

Thank you for reading,
VayFul Team