InfoSec News 20241112
Top News
-
VMware makes Workstation and Fusion free for everyone
"VMware has announced that its VMware Fusion and VMware Workstation desktop hypervisors are now free to everyone for commercial, educational, and personal use."
TLP1 : Green
-
New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks
"Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer."
TLP1 : Green
-
IP Spoofing Attack Tried to Disrupt Tor Network
"A coordinated IP spoofing attack attempted to disrupt the Tor anonymity network, according to the Tor Project and relay operators."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Why you should always offboard outgoing staff: A disgruntled ex-Disney employee targeted former colleagues with DDoS attacks and hacked its menu system to change peanut allergen information
"Former Disney employee Michael Scheuer is accused of targeting colleagues in a spate of attacks"
TLP1 : Green
Breaches: Data Breaches and Hacks
-
HIBP notifies 57 million people of Hot Topic data breach
"Have I Been Pwned warns that an alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Unpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking
"A newly discovered security vulnerability, CVE-2024-47295, affecting multiple SEIKO EPSON products, could allow attackers to take control of devices with administrative privileges. This issue arises from an insecure initial password configuration in SEIKO EPSON’s Web Config software, which manages settings for networked devices like printers and scanners."
TLP1 : Green
-
Ghostscript Update Patches Six Critical Vulnerabilities: Code Execution, Buffer Overflow, and Path Traversal Risks
"Popular document rendering engine Ghostscript has released a critical security update addressing multiple vulnerabilities, some of which could lead to remote code execution."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Everything you need to know to start fine-tuning LLMs in the privacy of your home
"Got a modern Nvidia or AMD graphics card? Custom Llamas are only a few commands and a little data prep away"
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI
"In the race to gain a competitive edge, organizations are increasingly training artificial intelligence (AI) models on sensitive data. But what if a seemingly harmless AI model became a gateway for attackers?"
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.