- VayFul®
- Posts
- VayFul Security Issue - June 04 2024
VayFul Security Issue - June 04 2024
VayFul Security - June 04 2024
Hi all!
Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…
📰 SECURITY BYTES
Massive Malware Attack Disables Over 600,000 SOHO Routers - A recent cyberattack dubbed "The Pumpkin Eclipse" targeted small office/home office (SOHO) routers, rendering over 600,000 devices permanently inoperable. #attack
Critical GIT Vulnerability exploit released - CVE-2024-32002; CVE-2024-32004; CVE-2024-32465 - GitHub multiple CVE and exploits released for unauthorized access and file manipulation, remote code execution. #git #CVEs
BBC Pension Hack: Staff Data Compromised (Phishing Likely Culprit) - The BBC is grappling with a data breach affecting its pension program. Hackers gained access to some employee files containing personal information such as names and national insurance numbers. While the BBC hasn't confirmed the exact cause, phishing attacks are a suspected entry point. #breach #data
🔥 INTERESTING WRITEUPS
Denial of Service caused by HTTP/2 CONTINUATION Flood - [4,860$ Bounty]
Libuv: Improper Domain Lookup that potentially leads to SSRF attacks - [4,860$ Bounty]
📝 BLOGS & ARTICLES
LLM Agents can Autonomously Hack Websites - How LLM agents would affect cybersecurity. It shows that LLM agents can autonomously hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback. #AI #LLM
SQLi, SSRF And Code Secrets — All In One - This article dives into a real-world example where a c where a chain of vulnerabilities (SQL injection, Server-Side RequestForgery, and exposed code secrets) were exploited to compromise a system. #appsec #bugbounty
Chaining NOSQLi and XSS to Take Over a Server — HackTheBox Stocker Walkthrough - The walkthrough details how to exploit two vulnerabilities: NoSQL injection (NoSQLi) and Cross-Site Scripting (XSS) to ultimately gain root access on the server. #hackthebox #appsec
Hackers Exploit "Prompt Injection" to Manipulate Large Language Models - A new vulnerability called "prompt injection" threatens the security of certain AI systems, particularly large language models (LLMs). Researchers discovered attackers can manipulate these AI models by injecting malicious instructions into prompts, causing the model to perform unintended actions. #AI #prompts
🛠️TOOLS
EvilSlackbot - A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. #redteam #bot
The Ars0n Framework - A Modern Framework for Bug Bounty Hunting. #bugbounty
JA4+ - It is a suite of network fingerprinting standards. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. #network #fingerprinting
🧠 TUTORIALS & SKILL-BUILDING
Real World GitLab Account Take Over - A recently discovered vulnerability in GitLab allowed attackers to potentially take over accounts. The exploit involved sending a password reset request with two email addresses – one for the valid user and another for the attacker. This vulnerability has since been patched. #gitlab #ATO
UPI Recon | Scammed on Instagram /Telegram? - This article exposes a scam targeting UPI users in India. Scammers exploit popular social media platforms like Instagram and Telegram to lure victims. The tactics involve impersonating legitimate entities or offering fake deals to trick users into sharing their UPI credentials or initiating unauthorized transactions. #UPI #phishing
Elevate your AWS Security with basic alerting - Struggling to keep tabs on your sprawling AWS environment? The AWS Security Survival Kit (ASSK), a free, open-source toolkit that sets up basic proactive monitoring and alerting for suspicious activity in your AWS account. #AWS #security
🎁 MISCELLANEOUS
AI Won't Replace You, But It Might Shrink Your Paycheck - This article challenges the notion that AI will eliminate jobs entirely. Instead, it argues that AI will erode the skill premium traditionally associated with high-skilled roles. As AI automates tasks and becomes more accessible, competition for jobs will increase, potentially leading to stagnant or even declining salaries for skilled workers. #AI #jobs
Crypto Giants Unite to Fight Online Scams: Coinbase Leads "Tech Against Scams" Coalition - Coinbase joins forces with tech leaders like Meta, Match Group, and Ripple to form the "Tech Against Scams" coalition. This industry-wide initiative aims to combat online scams and financial schemes, protecting users across social media, finance, and crypto platforms. #AI #scams
Spacetop, the radical new laptop with no screen, is ready for launch - Spacetop, a laptop that gets rid of the screen entirely and uses augmented reality to create a 100-inch virtual display floating in front of your face. #AR
🎯 QUOTE OF THE DAY
“Believe you can and you're halfway there.”
⭐ HOW DID WE DO?
Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.
That’s a wrap!
Thank you for reading,
VayFul Team