- VayFul®
- Posts
- VayFul Security Issue - July 19 2024
VayFul Security Issue - July 19 2024
VayFul Security - July 19 2024
Hi all!
Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…
📰 SECURITY BYTES
Akira Ransomware Targets Latin American Airlines - BlackBerry researchers have identified a recent attack by the Akira ransomware group targeting a Latin American airline.The attackers gained initial access through SSH and were able to steal critical data before deploying the ransomware. #Akira #ransomware
Juniper Addresses Privilege Escalation Vulnerabilities in Junos OS Evolved - Juniper Networks has released a critical security patch addressing multiple vulnerabilities in Junos OS Evolved. These vulnerabilities, identified as CVE-2024-39520, CVE-2024-39521, and CVE-2024-39522, could allow an attacker with low privileges to escalate their access to "root" on the system, potentially compromising the entire network device. #Juniper #priv #escalation
Zero-Day Exploited! Void Banshee Targets Windows Users Through "Zombie" Internet Explorer (CVE-2024-38112) - Trend Micro researchers have uncovered a sophisticated attack campaign by the APT (Advanced Persistent Threat) group Void Banshee. This campaign exploits a previously unknown vulnerability (CVE-2024-38112) in the Microsoft MHTML browser engine, a component used by the now-discontinued Internet Explorer (IE) browser. #APT #IE #0day #exploit
New Threat Actor "NullBulge" Targets AI with Low-Sophistication Attacks - SentinelOne Labs has exposed a new cybercriminal threat group, NullBulge, masquerading as a hactivist collective. This group targets AI-focused organizations and gaming companies with low-sophisticated attacks. #APT #AI #attacks
Beware! New Phishing Tactic Targets Employees with Fake HR Updates - Cybercriminals are impersonating HR departments by sending emails that appear to outline important company policy changes or handbook updates. These emails often leverage urgency and a fear of non-compliance to trick employees into clicking on malicious links or divulging sensitive information. #corporate #phishing #HR
🔥 INTERESTING WRITEUPS
Apache HTTP Server on WIndows UNC SSRF (CVE-2024-38472) - [4920$ Bounty]
Apache HTTP Server weakness with encoded question marks in backreferences (CVE-2024-38474) - [4920$ Bounty]
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (CVE-2024-38475) - [4920$ Bounty]
📝 BLOGS & ARTICLES
A Squarespace Retrospective, or How to Coordinate an Industry-Wide Incident Response - This article delves into the details of the Squarespace incident response and offers valuable takeaways for organisations and security professionals. It likely explores the challenges and potential best practices for collaboration during security incidents, potentially focusing on communication, resource sharing, and collective action plans. #SOC #incident #response
How Fake AWS Packages ship Command and Control Malware In JPEG Files - Phylum raises concerns about a sophisticated cyberattack targeting developers. The report details the discovery of malicious packages published on the npm package registry. These seemingly legitimate AWS packages contained hidden command and control (C&C) malware embedded within JPEG files. #supply-chain-attack #AWS #s3 #packages
Introduction to Bash Scripting eBook - This is an open-source introduction to Bash scripting github guide/ebook that will help you learn the basics of Bash scripting and start writing awesome Bash scripts that will help you automate your daily SysOps, DevOps, and Dev tasks. #bash #scripting #automation
RE-Canary: Detecting Reverse Engineering with Canary Tokens - The article explores how Canary Tokens function, their effectiveness in deterring reverse engineering, and considerations for implementing them in software. #reverse #engg
🛠️TOOLS
Tlsfp - TLS fingerprinting HTTPS server. #tls #https #fingerprinting
rawgithack - Serves files from github, bitbucket and gitlab, but with the correct content type. #git #code #cdn
Find - A find-in-page extension for Chrome and Firefox that supports regular expressions. #chrome #regex #extension
KUtrace - Low-overhead tracing of all Linux kernel-user transitions, for serious performance analysis. Includes kernel patches, loadable module, and post-processing software. #linux #kernel
🧠 TUTORIALS & SKILL-BUILDING
Unsafe At Any Speed: CISA's Plan to Foster Tech Ecosystem Security - Bob Lord, Senior Technical Advisor and Jack Cable, Senior Technical Advisor discuss why it's time to build cybersecurity into the design and manufacture of technology products. #ot #automobile #security
New Sora showcase for OpenAI - Sora testing to more creatives (digital VFX pioneers, architects, choreographers, engineering artists, and creative entrepreneurs) to help us understand the model's capabilities and limitations, shaping the next phase of research to create increasingly safe AI systems over time. #openAI #model
Prompt Engineering - Basic Concepts For Developers - Concepts that you need to understand when trying to write non-trivial applications on top of LLMs. "Prompt Engineering for LLMs" book. #prompt #AI #dev
🎁 MISCELLANEOUS
Exo - Run your own AI cluster at home with everyday devices 📱💻 🖥️⌚ #AI
Amazon GenAI Services - Dominance of Generative AI (GenAI) at the latest Amazon Web Services (AWS) summit. The author observed a strong emphasis on GenAI across keynote addresses and booth presentations, sparking concerns about a potential shift in focus away from other critical AWS services. #aws #genai
Privacy Concerns Arise as Gemini AI Accused of Scanning Google Drive Files Without Permission - A recent report raises privacy concerns surrounding Google's AI platform, Gemini. A user alleges that Gemini scanned their private Google Drive files, including tax documents, without explicit consent or prior notification. #google #gemini #privacy
🎯 QUOTE OF THE DAY
“Try to be a rainbow in someone's cloud.”
⭐ HOW DID WE DO?
Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.
That’s a wrap!
Thank you for reading,
VayFul Team