- VayFul®
- Posts
- VayFul Security Issue - July 23 2024
VayFul Security Issue - July 23 2024
VayFul Security - July 23 2024
Hi all!
Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…
📰 SECURITY BYTES
CrowdStrike a sensor configuration update that caused Blue Screen of Death (BSOD) for Windows users - CrowdStrike recently addressed a sensor configuration update issue that caused system crashes for some Windows users. The update, deployed on July 19, 2024, affected Falcon sensors for Windows versions 7.11 and above that were online between 4:09 UTC and 5:27 UTC on that date. #windows #bsod
Leaked Document Reveals Cellebrite's iOS Support Matrix: List of Phones That Can Be Unlocked - A document titled "cellebrite-ios-document-april-2024" has been leaked on DocumentCloud, potentially revealing details about Cellebrite's iOS support matrix. This matrix might outline functionalities available in Cellebrite's tools for extracting data from Apple devices running various iOS versions #ios #device #unlock
E-Criminals Exploit CrowdStrike Sensor Issue with phishing emails and deploy Remcos malware - CrowdStrike warns of a cybercriminal campaign involves sending phishing emails and impersonating CrowdStrike support to trick users into downloading malicious files.These files aim to hijack legitimate tools and ultimately deploy malware on unsuspecting targets. IOC’s are listed on blogspot. #CrowdStrike #phishing #malware
Critical Splunk Vulnerability Exposes Systems to Attack (CVE-2024-36991) - SonicWall warns of a critical vulnerability (CVE-2024-36991) impacting Splunk Enterprise installations. This path traversal flaw could allow attackers to potentially read arbitrary files on vulnerable systems, granting unauthorized access to sensitive data. #splunk #path-traversal #patch
🔥 INTERESTING WRITEUPS
Exploitable live argument in onClick Function leads to Data Leakage of Inactive/Suspended Products - [1000$ Bounty]
Local Privilege Escalation via Confluence Server - [800$ Bounty]
📝 BLOGS & ARTICLES
SAPwned: Unpatched Vulnerabilities Exposed in SAP AI Core Platform - A recent blog post by Wiz reveals critical security vulnerabilities discovered in the SAP AI Core platform, these vulnerabilities could have allowed attackers to gain unauthorized access to customer data, exploit internal artifacts,and potentially manipulate AI models used by SAP customers. #AI #SAP #vulnerabilities
Discovered HTTP Request Smuggling in Thousands of Google Cloud Websites - Bugcrowd details a novel HTTP Request Smuggling technique dubbed "TE.0" discovered by security researchers.The vulnerability affected those using GCP's Load Balancer and certain tech stacks. #gcp #website #http #request #smuggling
Security researcher found MitM vulnerability in KakaoTalk's "Secret Chat" Feature - Security researcher identified vulnerabilities in KakaoTalk's "Secret Chat" feature, advertised as offering end-to-end encryption for private communication. Flaw identified as stulle123, details weaknesses in the protocol that could potentially allow attackers with full access to KakaoTalk's servers to intercept communications or replace public keys without user notification. #MiTM #attack
Essential Steps for Securing Your Website - The article outlines a clear roadmap for website owners to ensure their online presence is protected from vulnerabilities.Learn the essential steps involved in a security audit, from basic hygiene checks and software updates to penetration testing and configuration reviews. #websecurity #config #checklist
🛠️TOOLS
NetSour - Wireshark CLI based packet reader. #wireshark #packet #analyser
Spring-security-oauth2-password-jpa-implementation - The fully extended and extensible implementation of Spring Security 6 Spring Authorization Server for stateful OAuth2 Password Grant. #spring #security
Constantine - Constantine: modular, high-performance, zero-dependency cryptography stack for verifiable computation, proof systems and blockchain protocols. #cryptography #blockchain
🧠 TUTORIALS & SKILL-BUILDING
CrowdStrike IT Outage Explained by a Windows Developer - Dave explains the Crowdstrike IT outage, focusing on its role as a kernel mode driver. #windows #kernel #driver #crowdstrike #outage
Beyond the Hype: A Realistic Look at Large Language Models • Jodie Burchell - Talk explains noise and delves deep into the current applications, risks, and limitations of LLMs. How early research endeavours aimed at creating an "artificial brain" and trace the path that has led us to today's sophisticated text models. #AI #LLM
Guardians of Cybersecurity: Deploying IoT Devices via Drones and Dropboxes - Drones are becoming more common in skies around the world. Having it carry a hacking device or it being a hacking device itself is something that has not been talked about enough. #drones #hacking #IoT
🎁 MISCELLANEOUS
Mutahunter - Open Source, Language Agnostic Automatic Test Generation + LLM Mutation Testing. #AI #LLM #based #testing
Aide - Master Any Code: One-Click Comments and Language Conversion. A visual studio code extension. #AI #ide #extension
Hands-On with Google Illuminate AI : Exploring a New Approach to Online Learning - This blog post dives into a first-hand experience with Google Illuminate, a potentially revolutionary new online learning platform. #google #AI
🎯 QUOTE OF THE DAY
“If you’re offered a seat on a rocket ship, don’t ask what seat. Just get on.”
⭐ HOW DID WE DO?
Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.
That’s a wrap!
Thank you for reading,
VayFul Team