🔓
Attacks & Vulnerabilities
University Systems of Georgia Admits MOVEit Attack Hit Data of 800K People (3 minute read)
The University Systems of Georgia, which administers 26 higher education institutions in the state, sent a letter to 800k victims disclosing that it was a victim of several breaches by the Cl0p gang's campaign. The data obtained may include full SSNs, the last four digits of SSNs, dates of birth, bank account numbers, federal tax documents, and driver's licenses. USG reports that the data will likely be published and offered victims 13 months of credit monitoring.
Ascension Healthcare Takes Systems Offline After Cyberattack (2 minute read)
Private healthcare system Ascension reports that it has taken some systems offline to investigate a suspected cyberattack. Ascension has advised all partners to sever connections to its networks and has retained Mandiant for incident response. Clinical operations have also been impacted due to the attack.
Advancing Emergency Response Security with Autonomous Pentesting (6 minute read)
Horizon3.ai's customer story highlights the implementation of autonomous pentesting to advance security in emergency response sectors, particularly 911 call centers. Utilizing its NodeZero platform, Horizon3.ai enables organizations to perform continuous security assessments, identifying vulnerabilities and enhancing defenses against cyber threats.
LLM pentest: Leveraging agent integration for RCE (7 minute read)
This blog post discusses how vulnerabilities like "Prompt Leaking" were exploited during an LLM pentest, enabling unauthorized execution of system commands via Python code injection. By manipulating the assistant's responses, attackers were able to extract sensitive information and even execute code, demonstrating the risks of integrating LLMs without proper security measures. Understanding these attack vectors can help prevent unauthorized access and data breaches.
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1 (5 minute read)
This blog post discusses the use of symbols in Ghidra for reverse engineering tasks. It emphasizes how symbols help clarify disassembled code by providing human-readable identifiers like function names, prototypes, and data types. This aids in transforming obscure assembly code into more understandable formats, similar to high-level programming languages. The post explains how symbols are extracted from binary exports and imports and their significance in making the reverse engineering process more intuitive and efficient.
Minecraft Source Pack Becomes Gateway for zEus Stealer Distribution (2 minute read)
Fortinet's FortiGuard Labs has discovered that a dangerous malware called zEus stealer is being spread through a Minecraft source pack, targeting Windows users and stealing sensitive data like IP addresses and browser information. The malware cleverly disguises itself as a screensaver file to evade detection and maintains control over infected systems through auto-run entries and a command-and-control script. Users are urged to use MFA, download files from trustworthy sources, and be cautious when downloading custom game mods to protect against threats like zEus.
Zscaler Test Environment Exposed (2 minute read)
Zscaler has published a security update following posts on X that an isolated test environment on a server was unintentionally exposed. Zscaler has confirmed that there was no impact or compromise to customer, production, or corporate environments.