[tl;dr sec] #211 – LLMs + Fuzzing, Navigating the Incident Response Maze, Product Security @ HashiCorp
I hope you’ve been doing well! 🎅 Last tl;dr sec until January 4th This issue will be the last tl;dr sec for the year (I…
Month: December 2023
Russia-linked APT29 spotted targeting JetBrains TeamCity servers
Russia-linked APT29 spotted targeting JetBrains TeamCity servers Pierluigi Paganini December 14, 2023 Russia-linked cyber espionage group APT29 has been targeting JetBrains TeamCity servers since September…
Chinese Hackers Seize Hundreds Outdated Routers for Data Transfer
Volt Typhoon, also known as the Bronze Silhouette, has been discovered to be linked with a complex botnet called “KV-botnet.” The threat actor has been…
New Pierogi++ Malware by Gaza Cyber Gang Targeting Palestinian Entities
Dec 14, 2023NewsroomMalware / Threat Analysis A pro-Hamas threat actor known as Gaza Cyber Gang is targeting Palestinian entities using an updated version of a…
New Dark Web Market OLVX Advertising Variety of Hacking Tools
Threat actors exploit underground markets by purchasing or selling stolen data, malware, and hacking tools to facilitate cybercrime. These underground markets provide the following key…
MITRE Reveals EMB3D, a Threat Model for Embedded Devices
Red Balloon Security, Narf Industries, and MITRE collaborated to create the EMB3D Threat Model, which offers a shared knowledge of the risks embedded devices experience…
Apple now requires a judges order to hand over your push notification data
Last week, we reported on how US government agencies have been asking Apple and Google for metadata related to push notifications, but the companies aren’t…
Government plans to regulate to tackle datacentre threats
The Department for Science, Innovation and Technology (DSIT) has outlined plans to better protect the UK’s key data storage facilities, or datacentres, from a range…
Microsoft seized US infrastructure of Storm-1152 cybercrime group
Microsoft seized the US infrastructure of the Storm-1152 cybercrime group Pierluigi Paganini December 14, 2023 Microsoft’s Digital Crimes Unit seized multiple domains used by cybercrime…
Dynamic Malware Analysis using GPT-4 With 100% Recall Rate
A new prompt engineering-assisted Dynamic Malware Analysis model has been introduced, which can overcome the drawbacks faced in the quality API call sequences deployed for…
Poisoned AI Coding Assistant Tools Opens Application Hack Attack
AI (Artificial Intelligence) has significantly revolutionized software engineering with several advanced AI tools like ChatGPT and GitHub Copilot, which help boost developers’ efficiency. Besides this,…
Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges
The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be…