Python is the Swiss Army knife for attackers, offering the ability to call any Windows API and perform low-level system activities. Discover how a Python script uses live patching to hook APIs like AmsiScanBuffer, allowing malicious code to bypass security controls.

Citrine Sleet, a North Korean threat actor, is exploiting CVE-2024-7971 to target the cryptocurrency sector. Using a zero-day vulnerability in Chromium, they aim for financial gain. Microsoft’s analysis reveals shared tools with Diamond Sleet and recommends timely updates to enhance security against these sophisticated attacks.

Microsoft researchers have uncovered a critical ESXi hypervisor vulnerability exploited by ransomware operators to gain full administrative access. This allows them to encrypt systems, access hosted VMs, and move laterally within networks. Apply VMware updates immediately to mitigate this risk.

Introducing Skeleton Key: a new AI jailbreak technique that bypasses model guardrails using multi-turn strategies. This attack can cause models to ignore safety protocols, leading to harmful content generation. Microsoft has implemented defenses in Azure AI to detect and block such attacks, ensuring robust protection for AI applications.

Generative AI systems are like overenthusiastic rookies – imaginative, yet sometimes unreliable. AI jailbreaks exploit this, making the AI produce harmful content or follow malicious instructions. Learn how to mitigate these risks by implementing robust layers of defense mechanisms and maintaining a zero-trust approach.

19 new top-level domains are now the playground for phishing, pranking, and torrents. Our graph-based detection system reveals that these TLDs are magnets for bad actors. From .zip phishing to .bot chat scams, the new TLDs are bustling with cyber mischief. Are you ready to dodge the digital dodgeball?

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, featuring two Draytek VigorConnect issues and one Kingsoft WPS Office flaw. BOD 22-01 urges federal agencies to fix these vulnerabilities promptly to thwart cyber threats. Prioritize timely remediation to keep those pesky cyber gremlins at bay!

View CSAF: LOYTEC electronics GmbH’s LINX series is under siege! With vulnerabilities including Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function, and Improper Access Control, even a cyber-rookie could wreak havoc. Update your firmware, follow the security guidelines, and, for heaven’s sake, stop using HTTP!

CISA released an ICS advisory on September 3, 2024. Stay informed about current security issues, vulnerabilities, and exploits in Industrial Control Systems.

Cisco Finesse and friends have an unauthenticated access vulnerability that’s basically an open door for remote attackers. The fix? A software update from Cisco, because the only workaround is wishing you had installed it sooner.

Unlocking the mysteries of protected Word documents involves diving into the word/settings.xml file and locating the w:documentProtection element. While the hash algorithm matches that of OOXML spreadsheets, don’t expect hashcat to save the day—Word passwords are encoded differently. A legacy algorithm and a Python script might just be your new best friends!

CISA sounds the alarm on four new ICS vulnerabilities. These advisories are your golden ticket to staying one step ahead of cyber threats. Don’t miss the technical details and mitigations!

Dive into the ISC Stormcast for Wednesday, September 4th, 2024, where cyber threats are scarier than your boss’s PowerPoint presentations!

New IP address functions have debuted in Wireshark 4.4, but Windows users beware: version 4.4.0 lacks the crucial DLL. Linux and Mac users, you’re in the clear.

Security vulnerabilities fixed in Thunderbird 128.2 include high-impact issues like CVE-2024-8394, which could cause a crash when aborting OTR chat verification, and CVE-2024-8385, involving WASM type confusion. Thunderbird users, update now to stay protected!

Baxter’s Connex Health Portal has a CVSS v3.1 score of 10.0 due to SQL Injection and Improper Access Control vulnerabilities. Hackers could remotely exploit these issues to mess with sensitive data or shut down databases faster than you can say “cybersecurity nightmare.”

Tune into the ISC Stormcast for Wednesday, September 11th, 2024, where we navigate cyber threats with the precision of a caffeinated squirrel on a power line. Get the latest updates and stay ahead of the game!

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including CVE-2024-43491. These vulnerabilities are prime targets for cybercriminals, posing significant risks to federal enterprises.

CISA drops a quartet of ICS advisories, revealing the latest security plot twists in the world of Industrial Control Systems. Users and admins, grab your popcorn and review these bulletins for crucial details and mitigations!

Attention, defenders of the cyber realm! AutomationDirect’s DirectLogic H2-DM1E is under siege by session fixation and authentication bypass vulnerabilities. With a CVSS v4 score of 8.7, these weaknesses could allow an attacker to hijack sessions faster than you can say “network segmentation.” Upgrade to the BRX platform and keep the hackers at bay!