• VayFul®
  • Posts
  • VayFul Security Issue - June 04 2024

VayFul Security Issue - June 04 2024

VayFul Security - June 04 2024

Hi all!

Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…

📰 SECURITY BYTES

Massive Malware Attack Disables Over 600,000 SOHO Routers - A recent cyberattack dubbed "The Pumpkin Eclipse" targeted small office/home office (SOHO) routers, rendering over 600,000 devices permanently inoperable. #attack

Critical GIT Vulnerability exploit released - CVE-2024-32002; CVE-2024-32004; CVE-2024-32465 - GitHub multiple CVE and exploits released for unauthorized access and file manipulation, remote code execution. #git #CVEs

BBC Pension Hack: Staff Data Compromised (Phishing Likely Culprit) - The BBC is grappling with a data breach affecting its pension program. Hackers gained access to some employee files containing personal information such as names and national insurance numbers. While the BBC hasn't confirmed the exact cause, phishing attacks are a suspected entry point. #breach #data

🔥 INTERESTING WRITEUPS

📝 BLOGS & ARTICLES

LLM Agents can Autonomously Hack Websites - How LLM agents would affect cybersecurity. It shows that LLM agents can autonomously hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback. #AI #LLM

SQLi, SSRF And Code Secrets — All In One - This article dives into a real-world example where a c where a chain of vulnerabilities (SQL injection, Server-Side RequestForgery, and exposed code secrets) were exploited to compromise a system. #appsec #bugbounty

Chaining NOSQLi and XSS to Take Over a Server — HackTheBox Stocker Walkthrough - The walkthrough details how to exploit two vulnerabilities: NoSQL injection (NoSQLi) and Cross-Site Scripting (XSS) to ultimately gain root access on the server. #hackthebox #appsec

Hackers Exploit "Prompt Injection" to Manipulate Large Language Models - A new vulnerability called "prompt injection" threatens the security of certain AI systems, particularly large language models (LLMs). Researchers discovered attackers can manipulate these AI models by injecting malicious instructions into prompts, causing the model to perform unintended actions. #AI #prompts

🛠️TOOLS

EvilSlackbot - A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. #redteam #bot

The Ars0n Framework - A Modern Framework for Bug Bounty Hunting. #bugbounty 

JA4+ - It is a suite of network fingerprinting standards. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. #network #fingerprinting

🧠 TUTORIALS & SKILL-BUILDING

Real World GitLab Account Take Over - A recently discovered vulnerability in GitLab allowed attackers to potentially take over accounts. The exploit involved sending a password reset request with two email addresses – one for the valid user and another for the attacker. This vulnerability has since been patched. #gitlab #ATO

UPI Recon | Scammed on Instagram /Telegram? - This article exposes a scam targeting UPI users in India. Scammers exploit popular social media platforms like Instagram and Telegram to lure victims. The tactics involve impersonating legitimate entities or offering fake deals to trick users into sharing their UPI credentials or initiating unauthorized transactions. #UPI #phishing

Elevate your AWS Security with basic alerting - Struggling to keep tabs on your sprawling AWS environment? The AWS Security Survival Kit (ASSK), a free, open-source toolkit that sets up basic proactive monitoring and alerting for suspicious activity in your AWS account. #AWS #security

🎁 MISCELLANEOUS

AI Won't Replace You, But It Might Shrink Your Paycheck - This article challenges the notion that AI will eliminate jobs entirely. Instead, it argues that AI will erode the skill premium traditionally associated with high-skilled roles. As AI automates tasks and becomes more accessible, competition for jobs will increase, potentially leading to stagnant or even declining salaries for skilled workers.  #AI #jobs

Crypto Giants Unite to Fight Online Scams: Coinbase Leads "Tech Against Scams" Coalition - Coinbase joins forces with tech leaders like Meta, Match Group, and Ripple to form the "Tech Against Scams" coalition. This industry-wide initiative aims to combat online scams and financial schemes, protecting users across social media, finance, and crypto platforms. #AI #scams

Spacetop, the radical new laptop with no screen, is ready for launch - Spacetop, a laptop that gets rid of the screen entirely and uses augmented reality to create a 100-inch virtual display floating in front of your face. #AR

🎯 QUOTE OF THE DAY

“Believe you can and you're halfway there.”

- Theodore Roosevelt

⭐ HOW DID WE DO?

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.

That’s a wrap!

Thank you for reading,
VayFul Team