- VayFul®
- Posts
- VayFul Security Issue - June 07 2024
VayFul Security Issue - June 07 2024
VayFul Security - June 07 2024
Hi all!
Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…
📰 SECURITY BYTES
Massive Data Leak: 361 Million Emails Exposed on Telegram - A security researcher discovered a massive data leak on Telegram containing 361 million unique email addresses and passwords. This "combo list" is believed to be a collection of compromised credentials from various breaches. #password #dataleak
Fake Chrome Update Pop-Ups Target Hundreds of Websites - Be cautious when browsing! A recent campaign targets unsuspecting users with fake pop-up notifications claiming to be Chrome updates. Clicking these can lead to malware infection. The advice? Keep Chrome updated through trusted sources and avoid interacting with suspicious pop-ups. #patch #malware
Russia-linked 'Lumma' crypto stealer now targets Python devs - Sonatype's automated malware detection systems identified a counterfeited 'crytic-compilers' PyPI package named very closely after a fairly known legitimate Python library which is used by cryptocurrency developers to facilitate compilation of smart contracts, or digital agreements which are stored on the blockchain network. #crypto #malware
Mac Users Beware: New Exploit Targets PackageKit for Local Privilege Escalation - A recently discovered vulnerability (CVE-2024-27822) allows attackers to gain unauthorized access on macOS systems. This vulnerability exploits Apple's PackageKit framework when running ZSH-based packages. Users who install such packages are at risk. #macos #exploits
🔥 INTERESTING WRITEUPS
LLM01: Invisible Prompt Injection - [2500$ Bounty]
Possible PII Disclosure via Advanced Vetting Process - [2500$ Bounty]
Path traversal by monkey-patching Buffer internals - [2430$ Bounty]
📝 BLOGS & ARTICLES
Unlock Any PC Remotely with Just an Image: The Ultimate VNC Hack! - A new hacking technique has emerged that utilizes images to gain unauthorized remote access to computers via VNC (Virtual Network Computing). This raises concerns for network security, as it bypasses traditional password-based authentication methods. #vnc #auth-bypass
Understanding Vulnerabilities in Large Language Models (LLMs) - This article explores the potential security risks lurking within powerful Large Language Models (LLMs), the AI systems behind features like chatbots and text generation. While LLMs offer exciting possibilities, researchers are uncovering vulnerabilities that could be exploited for malicious purposes. #AI #LLM
CVE-2024–4358 Critical Flaw Found in Progress Telerik Report Server - A critical vulnerability (CVE-2024-4358) has been discovered in Progress Telerik Report Server, a popular reporting software solution. This flaw could potentially allow attackers to remotely execute malicious code on vulnerable systems. #rce
🛠️TOOLS
Thief Raccoon - Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. #phishing
Genzai- The IoT security toolkit to help identify IoT related dashboards and scan them for default passwords and vulnerabilities. #IoT
🧠 TUTORIALS & SKILL-BUILDING
Webcast: Beyond the Firewall: Ensuring OT App Security - In this webcast, we delve into how application security principles intersect with the Operational Technology (OT) landscape, bolstering your OT application security posture. #OT #appsec
Reducing AI’s Blast Radius: How to Prevent Your First AI Breach - In this video Matt Radolec, Vice President, Incident Response and Cloud Operations, Varonis talks about Generative AI has taken the world by storm, but how can you control the data AI can access? And how can you ensure sensitive information isn’t used in gen AI training? #AI #genai
Apple Unveils Comprehensive Security Guide: Unveiling the Secrets of Their Secure Ecosystem - Apple released Apple Platform Security Guide offers a deep dive into the security features integrated across their devices (iPhone, iPad, Mac, etc.) and services (iCloud, Apple Pay, etc.). This guide delves into the technical aspects of these features, including encryption methods, access controls, and application security measures. #apple
🎁 MISCELLANEOUS
Can AI Be Hacked? Understanding AI Jailbreaks and Their Mitigation - Microsoft explores the concept of "AI jailbreaks," where techniques bypass safeguards designed to keep AI systems functioning as intended. It explains the potential consequences of such breaches and offers strategies to mitigate them. #AI #jailbreak
Generative AI: Job Creator or Disruptor? New Study Explores Impact on Labor Market - A recent McKinsey study delves into the potential impact of generative AI (gen AI) on the job market in the New York region. While job losses due to automation are a concern, the study suggests gen AI may create a "jolt" by shifting as many as 380,000 jobs by 2030. #AI #jobs
🎯 QUOTE OF THE DAY
“A goal without a plan is only a dream.”
⭐ HOW DID WE DO?
Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.
That’s a wrap!
Thank you for reading,
VayFul Team