154 words
1 minute
GUARD - Week 5
I’m changing the convention. Previously, I was able to delve into a maximum of 3/4 topics per week. For this reason, and taking into account different perspectives, I decided to change GUARD into an aggregator of interesting, categorized news from the world of cyber security. I hope there is something for everyone!
Data Breaches/Leaks
- Set Forth, Inc. - 1.5 million people affected
- Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/5c00fedb-134a-4436-b778-5df30b84cdab.html
- Article: https://cybernews.com/security/american-debt-relief-service-set-forth-breached/
- Type of data: name or other personal identifier + (not disclosed)
- MOVEit - over 4 million records leaked
- Source: https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/
- Article: https://cybernews.com/security/moveit-fallout-hackers-leak-employee-data-from-amazon-metlife/
- Type of data: full names, titles, cost center codes and names, phone numbers, and email addresses.
Vulnerabilities
- Smoke Loader - anti-detection tactic
- Security Flaws in ML Toolkits - server hijacks and privilege escalation
- Article:: https://thehackernews.com/2024/11/security-flaws-in-popular-ml-toolkits.html
- Vulnerable toolkits: Weave, ZenML, Deep Lake, Vanna.AI, and Mage AI.
- CVEs:
- CVE-2024-7340 (CVSS score: 8.8)
- CVE-2024-6507 (CVSS score: 8.1)
- CVE-2024-5565 (CVSS score: 8.1)
- CVE-2024-45187 (CVSS score: 7.1)
- CVE-2024-45188, CVE-2024-45189, and CVE-2024-45190 (CVSS scores: 6.5)
- Excel Exploits - Remcos RAT malware
- Article: https://thehackernews.com/2024/11/cybercriminals-use-excel-exploit-to.html
- CVE: (CVE-2017-0199, CVSS score: 7.8)
AI
- Agentic AI - Autonomous Code Execution
- Exposing ChatGPT Environment
- AI granny vs Scammers
GUARD - Week 5
https://typetherapy.blog/posts/guard/guard_17_11_2024/