VayFul Security - August 30 2024

Hi all!

Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…

📰 SECURITY BYTES

Dell Client Platform BIOS for a Use of Default Cryptographic Key Vulnerability - Dell has issued a security advisory (DSA-2024-354) regarding a critical vulnerability in their Client Platform BIOS. This vulnerability, categorized as "Use of Default Cryptographic Key," could allow attackers with local access to potentially bypass Secure Boot and execute arbitrary code on affected Dell systems. #dell #bios #bypass #secure #boot 

BlackByte Ransomware Evolves: Blending Old Tricks with New Threats: An Authentication Bypass Vulnerability in VMware ESXi - BlackByte ransomware attacks utilizing a mix of established tactics and recently discovered vulnerabilities. The report details how BlackByte leverages known-good system tools (LOLBins) and exploits fresh security holes to compromise systems and deploy ransomware. #ransomware #exploited #vmware #systems

WPS Office Suite Hit by Zero-Day with Two different RCE - ESET researchers have identified critical vulnerabilities in WPS Office, a widely used office suite. These vulnerabilities,including a zero-day exploit, could allow attackers to execute malicious code on vulnerable systems. ESET reports the vulnerabilities have been actively exploited by a South Korea-aligned cyberespionage group targeting East Asian countries. #APT-C-60  #0day #rce

Critical Code Execution Flaw Found in Apache library (CVE-2023-49582) - Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h). #Apache #rce

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool - The attackers are distributing a malicious program masquerading as the legitimate "Palo Alto GlobalProtect" tool. Users tricked into downloading and running this fake tool unknowingly infect their systems with malware capable of remote code execution, file exfiltration, and data encryption. #malware #rce #data #exfiltration

🔥 INTERESTING WRITEUPS

Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898) - [4263$ Bounty]

CVE-2024-38875: Denial-Of-Service through uncontrolled resource consumption caused by poor time complexity of strip_punctuation -  [2142$ Bounty]

📝 BLOGS & ARTICLES

Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information - Microsoft 365 Copilot exposed users to email theft. Researchers discovered how attackers could exploit a combination of techniques, including prompt injection and ASCII smuggling, to gain control of Copilot functionality. #copilot #AI #prompt-injection #data #exfiltration

BlackSuit Ransomware DFIR(Digital Forensic Incident Response) Report - The DFIR Report delves into the growing threat of BlackSuit ransomware for its unique tactic of partially encrypting files while stealing sensitive data. This "double extortion" strategy aims to pressure victims into paying ransoms for both data recovery and to prevent sensitive information from being leaked publicly. #ransomware #analysis #soc

SaaS-to-SaaS Phishing: The Hidden Threat in Your Email Security - SaaS-to-SaaS phishing. This method leverages compromised legitimate SaaS platforms to launch phishing attacks against users of other integrated SaaS applications. The attackers exploit trust established with one platform to gain access to user credentials for another, potentially bypassing traditional email security measures. #phishing #saas #application #users

Detect and Fix Common Container Vulnerability - The article delves into common causes of container vulnerabilities and provides a clear roadmap for fixing them. Whether you're dealing with vulnerabilities in base images, third-party dependencies, or your own code, this guide offers practical strategies and recommendations. #container #security

🛠️TOOLS

Permify - Open Source Fine-Grained Authorization. Implement fine-grained, scalable and extensible access controls within minutes to days instead of months. Inspired by Google’s consistent, global authorization system,Zanzibar. #auth #system #opensource

Elevation of MLsec - ​​Elevation of MLsec is an unofficial Machine Learning Security (MLsec) extension of Microsoft's Elevation of Privilege threat modeling card game. #ML #threat #modeling  #game

Awesome-ctf - A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place. #ctf #challenge #resources

🧠 TUTORIALS & SKILL-BUILDING

Where People Go When They Want to Hack You -  What do you need to hack any system on the planet? Whatever it is, you can certainly find it on the Zero-day market: a network that consists of the world’s best hackers trading vulnerabilities with governments, cybercriminals and megacorporations. How does this market appear, how does it work and why nobody talks about it? #hacking #0day #black-market #criminals

You've Got a JWT - Now What? - John Bradley, JWT Co-inventor talks about  the origins and structure of JWTs, their various use cases, and their role in modern authentication standards. Discover how JWTs function in different scenarios, from workforce to consumer applications, and learn effective strategies for their implementation and security. #jwt #auth security

Exploring the Future of AI: Luke Marsden Unveils Helix and the Open Source Revolution - AI expert Luke Marsden, founder of Helix, for a deep dive into the rapidly evolving world of large language models (LLMs) and AI technology. We explore how these advancements are revolutionizing industries, from their foundational concepts to their real-world applications. #AI #chatgpt #future

🎁 MISCELLANEOUS

Awesome-small-language-models - A curated list of awesome resources, tools, and projects related to small language models. This list focuses on modern, efficient language models designed for various applications, from research to production deployment. #LLaMA #resources

Exploring inner workings of a random free android VPN - LeCromée delves into a new post-quantum secure VPN protocol called BD-Net. Traditional VPNs might become vulnerable with the advancement of quantum computing. BD-Net emerges as a potential solution, offering secure communication even in the face of this emerging technological threat. #free #vpn #android

Team Atlanta Secures $2 Million Prize with LLM-Based SQLite Bug Fix - Team Atlanta, a cybersecurity research group, has solved AI Cyber Challenge. Their entry, Atlantis, an LLM  based bug-finding system, not only autonomously identified and patched a real vulnerability in SQLite but also earned them a prestigious $2 million prize and a spot in the grand finals. #llm #AI #bug #fix

🎯 QUOTE OF THE DAY

⭐ HOW DID WE DO?

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.

These cannabis gummies keep selling out in 2023

• Mood is an online dispensary that has invented a “joint within a gummy” that’s extremely potent yet federally-legal.

• Just 1 of their rapid onset THC gummies can get you feeling right within 5 minutes!

Order Now

That’s a wrap!

Thank you for reading,
VayFul Team