• VayFul®
  • Posts
  • VayFul Security Issue - June 25 2024

VayFul Security Issue - June 25 2024

VayFul Security - June 25 2024

Hi all!

Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…

📰 SECURITY BYTES

Apple Vision Pro Flaw Let Attackers Fill Your Room with Hundreds of Spiders - A bug in visionOS Safari that allows a malicious website to bypass all warnings and forcefully fill your room with an arbitrary number of animated 3D objects (CVE-2024-27812). These objects persist in your space even after you exit Safari. #Apple #visionPro #hacked

Critical Vulnerabilities Found in Zyxel NAS Devices - A recent security report by Outpost24 details critical vulnerabilities in Zyxel NAS devices, specifically the NAS326 and NAS542 models. These vulnerabilities could allow attackers to remotely execute malicious code on affected devices,potentially compromising stored data and disrupting operations. #Zyxel #NAS #vulnerabilities

Recovering from the Storm: Microsoft Offers Guidance on Hybrid Identity Compromise- Microsoft Security Experts delves into "Octo Tempest," a group known for employing social engineering and other human-centric tactics to breach hybrid environments. The article outlines a series of steps to recover from a successful Octo Tempest attack. #microsoft #identity #breach #recovery

Microsoft Power BI Reports Expose Sensitive Information - A security vulnerability in Microsoft's popular business intelligence tool, Power BI, could be exposing sensitive data online like employee details, customer records, financial information, and even government data could be leaked unintentionally. #microsoft #powerBI #data-leak

Facebook PrestaShop module exploited to steal credit cards using Account Takeover vulnerability -  A critical security vulnerability has been discovered in the popular "PF Facebook" module, exposing stores to account takeover attacks. This vulnerability could allow attackers to gain unauthorized access to your store's administration panel,potentially compromising sensitive data and disrupting operations. #Facebook #extension #ATO

🔥 INTERESTING WRITEUPS

📝 BLOGS & ARTICLES

Hidden Tunnels: ExCobalt Backdoor Uses DNS Tunneling for Stealthy Attacks - A new backdoor dubbed "GoRed" employed by the cybercrime group ExCobalt. This backdoor leverages DNS tunneling,a technique that hides malicious traffic within seemingly legitimate DNS requests, for covert communication with its command and control server. #DNS #tunneling #backdoor

Google Project Zero Unveils "Naptime": AI Framework for Sharper Vulnerability Research - Google Project Zero, renowned for its security research, introduces "Naptime." This innovative framework leverages large language models (LLMs) to streamline vulnerability research. Naptime equips LLMs with task-specific tools and verification methods, enabling them to mimic the human approach of hypothesis-driven analysis. #Google #AI #vulnerability #research 

Unpatched MarkDown Processor Vulnerability Could Lead to Remote Code Execution - This vulnerability, if exploited, could allow attackers to execute malicious code on a victim's machine remotely. Malicious actors could potentially use this flaw to gain unauthorized access to systems, steal data, or deploy malware. #flask #webapp #rce 

Introducing CVE Seeker — Unveiling Cyber Threats: From Assets to Vulnerability Insights - Guide to use CVE Seeker, a free and comprehensive tool designed to simplify vulnerability identification and mitigation. #CVE #search #tool

🛠️TOOLS

tsellm - Use LLMs in your SQLite queries. #AI #LLM #SQLite

Sshfsui - UI to mount remote filesystems locally using SSHFS. #sshfs #filesystem #mount

Sqlx4k - A small sql library written in kotlin for the native platform. #kotlin #sqll

Donut - Donut  is a zero setup required SRT+MPEG-TS -> WebRTC Bridge powered by Pion. #webrtc

🧠 TUTORIALS & SKILL-BUILDING

Leverages AI for "Security Engineer Copilot" in Code Reviews - Article details the development and implementation of an AI-powered "Security Engineer Copilot" tool. This tool integrates Large Language Models (LLMs) into the code review process, streamlining security checks and empowering engineers for faster, more secure software development. #secure #development #AI #LLM #copilot

Secure AI: Integrating OWASP Principles in Machine Learning Model Development- Haritha Thilakarathne - OWASP principles into machine learning model development processes. Addressing vulnerabilities and ensuring data privacy are paramount as AI technologies become more prevalent. #AIML #OWASP 

AI, the Software Supply Chain, and Other (Not So) Puzzling Pieces - As attacks against the software supply chain become more advanced, we must evolve along with them. With the addition of artificial intelligence integrations into the developer toolkit, the old view of supply chain security as just one tool or standard will no longer suffice. #AI #supply-chain #attacks

The Anatomy of Cloud Attacks - The honeypot analysis has decoded the mindset and tactics of adversaries like Headcrab Kinsing and Teamtnt. Uncovering their chosen attack vectors and prevalent patterns. This session will dive into these findings, spotlight key attack sequences, and elucidate the attacker mindset. Attendees will gain key strategies to defend against these cloud threats. #cloud #attacks

🎁 MISCELLANEOUS

Detecting hallucinations in large language models using semantic entropy -  A new study published in Nature explores the power of artificial intelligence (AI) for drug discovery. Researchers used AI to analyze vast datasets of existing drugs, uncovering hidden antibiotic potential within some already-approved medications. #AI #LLM #drugs #discovery

The Completely Hackable Amateur Radio Telescope - AstroDraw: A free and open-source JavaScript library for generating SVG charts to display planets in astrology. #Astrology #tool

Copilot for Xcode - The missing GitHub Copilot, Codeium and ChatGPT Xcode Source Editor Extension. #xcode #copilot 

LLM101n -  Let's build a Storyteller. create, refine and illustrate little stories with the AI. #AI #LLM

🎯 QUOTE OF THE DAY

“Learn as if you will live forever, live like you will die tomorrow"

- Mahatma Gandhi

⭐ HOW DID WE DO?

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.

That’s a wrap!

Thank you for reading,
VayFul Team