🔓
Attacks & Vulnerabilities
Personal information of 287,000 taxi passengers exposed in data breach (3 minute read)
Irish taxi software firm iCabbi suffered a data breach that exposed nearly 300,000 customers' personal data, including names, emails, and phone numbers of senior officials and journalists. The breach was due to an unprotected database resulting from "human error" during a database migration. iCabbi acknowledged the breach, stating that it notified affected taxi companies, but did not disclose if any individuals suffered losses.
Apple alerts users in 92 nations to mercenary spyware attacks (3 minute read)
Apple has sent threat notifications to iPhone users in 92 countries warning them about potential targeting by mercenary spyware attacks. The alerts state that Apple detected attempts to remotely compromise the users' iPhones, likely due to who they are or what they do. The warnings come amid rising concerns over state-sponsored efforts to influence elections, though Apple did not comment on the timing.
Inside AWS's Crusade Against IP Spoofing and DDoS Attacks (7 minute read)
In an ongoing effort to combat DDoS attacks, Amazon Web Services (AWS) has made significant progress in tackling the long-standing issue of IP spoofing, which allows attackers to hide the source of attacks. In this interview, AWS explains its new approach in disrupting a decades-old problem that has given attackers a major advantage.
Google Public DNS's approach to fight against cache poisoning attacks (4 minute read)
Google Public DNS uses multiple strategies like case randomization and DNS-over-TLS to protect users from cache poisoning attacks. These measures make it harder for attackers to manipulate DNS responses and improve security for users worldwide. Google Public DNS aims to enhance DNS security by actively implementing countermeasures and collaborating with the DNS community.
Creating the Perfect Bug Bounty Automation (8 minute read)
Hakluke describes his bug bounty automation process and its evolution. Hakluke began with a bash script before moving to a framework that relied upon Django admin commands. To scale better, Hakluke moved to a distributed Golang environment and now plans to move over to a Cloud Native solution.
Google Cloud's AI-Powered Security Tools Improve Enterprise Security (4 minute read)
Google Cloud has integrated its flagship Gemini language model into new AI-powered security tools unveiled at its Next 2024 event. These include Gemini in Threat Intelligence for conversational threat research, Gemini in Security Operations to assist in investigations and draft detection rules, and Gemini in Security Command Center to generate summaries of security alerts.
Knostic (Product Launch)
Knostic prevents the chatbots used by enterprises from sharing sensitive information with employees who should not have access to it.
Jigsaw (GitHub Repo)
Jigsaw is a tool to obfuscate raw shell code by outputting randomized shell code, a lookup table, and a C/C++ stub to reassemble it at runtime.
96% of US hospital websites share visitor info with Meta, Google, data brokers (5 minute read)
Research from the University of Pennsylvania reveals a concerning lack of privacy on hospital websites, with 96% transmitting user data to third parties like Google, Meta, and data brokers without explicit consent. Despite being places where privacy is expected, many hospitals employ tracking technologies and lack transparency, with only 56% of those with privacy policies disclosing the third parties receiving user information.