SysBumps – New Kernel Break Attack Bypassing macOS Systems Security

Researchers from Korea University exposed “SysBumps,” an attack on macOS systems using Apple Silicon. It exploits speculative execution vulnerabilities to bypass Kernel Address Space Layout Randomization (KASLR), a key security feature. By manipulating system calls and using the Translation Lookaside Buffer (TLB) as a side channel, attackers can accurately map kernel memory, achieving over 96% success in locating the kernel base address. This undermines existing kernel isolation techniques. Apple is investigating, and proposed countermeasures include TLB partitioning and code reordering. Users are advised to keep systems updated for future fixes.

https://cybersecuritynews.com/sysbumps/

It’s Only a Matter of Time Before LLMs Jump Start Supply-chain Attacks

,

LLMs may enhance supply-chain attacks by aiding social engineering, particularly spear phishing. Criminals can exploit existing LLMs rather than creating their own, making attacks more feasible. In 2025, targeted scams based on personal data could rise significantly, as attackers craft convincing messages. Previous incidents, like the Change Healthcare ransomware attack, underscore the potential impacts. Security tools are emerging, but users must remain vigilant against phishing and voice cloning scams. Effective prevention includes careful scrutiny of emails and communications.

https://www.theregister.com/2024/12/29/llm_supply_chain_attacks/

Customer Data From 800,000 Electric Cars and Owners Exposed Online

,

Data from 800,000 electric cars owned by Volkswagen, Seat, Audi, and Skoda was exposed online due to misconfigured Amazon cloud storage. The leak revealed detailed vehicle info, including precise location data, notable for its accuracy. Ethical hackers informed Volkswagen's software company, Cariad, of the vulnerability. Although access required technical expertise, some sensitive data was linked to high-profile individuals, raising privacy concerns. Cariad claims the issue was quickly resolved, with no evidence of data misuse by others found.

Customer data from 800,000 electric cars and owners exposed online

Cyberhaven Chrome Extension Compromised in Targeted Attack

Cyberhaven Chrome extension compromised in targeted attack on December 24, 2024. Attacker accessed employee account, published malicious version (24.10.4) on Chrome Web Store. Detected and removed within 60 minutes on December 25. Users at risk of sensitive data exfiltration. Recommendations: update to version 24.10.5+, rotate passwords, revoke API tokens, and check logs. Extensions on Firefox and Edge unaffected. Cyberhaven engaging Federal Law Enforcement and Mandiant for investigation.

Cyberhaven Chrome Extension Compromised in Targeted Attack

Ghost Tap: New Cash-out Tactic with Nfc Relay

,

Ghost Tap: New cash-out tactic using NFC Relay
Fraudsters adopt “Ghost Tap”, relaying NFC traffic for cash-outs using stolen card details linked to mobile payments. This technique, leveraging NFCGate, enables cybercriminals to perform transactions anonymously at retail locations, enhancing scalability. Detection challenges arise due to transaction patterns and lack of device presence at POS terminals, necessitating improved anti-fraud measures in financial institutions to combat this emerging threat.

Ghost Tap: New cash-out tactic with NFC Relay

Don’t Let Your Domain Name Become a “sitting Duck”

Over a million domain names, including those from Fortune 100 companies, are vulnerable to cybercriminal takeover due to authentication flaws at major web hosting and registrar firms. These “Sitting Duck” domains can be exploited easily, as attackers can claim control without direct access to the original owner's account. Research indicates that at least 30,000 such domains have been hijacked since 2019, allowing criminals to use them for phishing and spam attacks. Key vulnerabilities stem from misconfigured DNS records and weak verification processes by DNS providers. Security experts urge better practices and coordination among stakeholders to mitigate these risks.

Don’t Let Your Domain Name Become a “Sitting Duck”

With Open Source Artificial Intelligence, Don’t Forget the Lessons of Open Source Software

Open source AI raises innovation and security concerns, similar to past debates about open source software. CISA emphasizes learning from open source software security to promote responsible development of open foundation models while addressing potential harms. Key lessons include sustainability in contributions to open source ecosystems and prioritizing secure design and transparency in AI model development. CISA advocates for dual-use tools, acknowledging that while risks exist, the benefits for cybersecurity outweigh them. Ensuring safe, secure, and trustworthy AI models is crucial for fostering innovation.

With Open Source Artificial Intelligence, Don’t Forget the Lessons of Open Source Software

Anyone Can Access Deleted and Private Repository Data on Github

,

GitHub allows access to data from deleted and private repositories due to its repository architecture. This includes data from deleted forks and commits linked to public repositories, leading to potential exposure of sensitive information. A new term, Cross Fork Object Reference (CFOR), describes vulnerabilities where one fork can access another's sensitive data. Examples highlight that such data remains accessible even after deletion, primarily through known commit hashes. GitHub policies confirm this design, posing serious security implications for public repository users, as misuse could lead to leakage of confidential information. Key rotation is advised for secure handling of exposed secrets.

Anyone can Access Deleted and Private Repository Data on GitHub

Payload Trends in Malicious Onenote Samples

Extreme TLDR: Attackers exploit Microsoft OneNote for phishing using embedded payloads, primarily through images and buttons that execute malicious scripts or binaries. Analysis of 6,000 samples shows various payload types like JavaScript, VBScript, and EXE files are used, with a trend towards smaller file sizes for stealth. Organizations are advised to block dangerous extensions and monitor embedded objects in OneNote files to mitigate risks.

Payload Trends in Malicious OneNote Samples

Are Your Passwords in the Green?

TLDR: The 2024 Hive Systems Password Table updates show how long it takes for hackers to brute force passwords, switching from MD5 to bcrypt for better security. The table has evolved since 2020 based on hardware advancements and data from breaches. It highlights the increased difficulty in cracking passwords due to more robust hashing methods, providing max time estimates for cracking various password complexities. Additionally, it emphasizes the impact of previously leaked passwords on security and the importance of using strong, randomly generated passwords.

Are Your Passwords in the Green?

The Drop in Ransomware Attacks in 2024 and What It Means

Ransomware attacks decreased by 22% in Q1 2024 after a 55.5% surge in 2023. Key factors for this drop include enhanced law enforcement actions against major groups like LockBit and ALPHV, leading to significant arrests and infrastructure takedowns. Additionally, a historic low in ransom payments and emerging new groups suggest changes in the landscape of cybercrime, with new entrants struggling to fill the void left by established ransomware operations.

The Drop in Ransomware Attacks in 2024 and What it Means

Protecting the Weakest Link: How Human Errors Can Put a Company in Risk

95% of cybersecurity breaches stem from human errors. Companies must prioritize cybersecurity training, implement Zero Trust strategies, and have an incident response plan to mitigate risks. Employees are the weakest link; common mistakes include weak passwords and falling for phishing scams. Advanced technological aids and behavioral insights can improve security by anticipating human errors. A comprehensive approach integrating training and technology is essential for effective protection.

Protecting the weakest link: how human errors can put a company in risk

Scroll to Top