Podcasts about remote code execution

Forecast: Cloudy with a chance of SSRF attacks. OpenAI's skies clear, but third-party wrappers bring storms. ‍ This week's episode kicks off with a poll asking listeners which virtual assistant they use—Alexa, Siri, Google Assistant, or none at all due to privacy concerns. The results give us a snapshot of how people feel about these ubiquitous technologies and their trust levels in them. We then tackle the headlines surrounding OpenAI and the alleged "attack" on its systems. While media outlets are buzzing with claims of vulnerabilities in ChatGPT, the reality is less dramatic. A third-party wrapper using OpenAI's API introduced an SSRF vulnerability that's being actively exploited. This issue highlights the risks of insecure third-party implementations rather than flaws in OpenAI's core infrastructure. It's a reminder that integrations can be a weak link in the cybersecurity chain, and we explore how this misunderstanding has fueled sensationalized reporting. Next up is a discussion on cybersecurity labeling for consumer IoT devices that have reached their End-of-Life (EOL) or End-of-Service (EOS). The idea is to inform users when their devices will no longer receive updates, but the execution is fraught with challenges. From complex software stacks to secondary markets breaking communication chains between vendors and consumers, we unpack why this labeling initiative is easier said than done. With home networks increasingly tied to employer networks, outdated IoT devices could become major security risks, especially in remote work setups. Privacy concerns take center stage as we examine Amazon's controversial decision to eliminate the "Do Not Send Voice Recordings" feature on Echo devices starting March 28, 2025. This change means all voice data will be processed in Amazon's cloud as part of its Alexa+ upgrade, which promises advanced generative AI capabilities. Critics argue this move erodes user privacy by removing local processing options entirely, raising questions about data retention and misuse. For privacy-conscious users, this might signal the end of their relationship with Echo devices. We also cover two critical vulnerabilities making waves in the cybersecurity world. First is CVE-2025-23120, a post-authentication Remote Code Execution flaw in Veeam Backup & Replication software. Exploitable by any domain user due to weak authentication measures and unsafe deserialization practices, this vulnerability underscores why blacklist-based approaches are insufficient for robust security. Then there's CVE-2025-24813, a remote code execution vulnerability affecting Apache Tomcat servers that can be exploited with just one PUT request. This attack leverages session persistence mechanisms and deserialization processes to gain full remote access without authentication—a stark reminder of how seemingly benign requests can lead to catastrophic breaches. Finally, we touch on updates from our benevolent overlords, including insights into ServiceNow vulnerabilities and upcoming events like NoiseFest at RSAC 2025. These resources continue to provide valuable intelligence for staying ahead of emerging threats in the cybersecurity landscape. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode, Pablo's avoiding the topic of garbage collection by talking about his latest PEP, which allows unprecedented interaction with a running Python process. We also resolve the bet about reference counting semantics, mention some notable changes in Python since the last episode, and discuss syntax highlighting in PyREPL and why it's bad, actually.## Timestamps(00:00:00) INTRO(00:02:16) PART 1: PABLO'S LATEST PEP(00:04:34) gdb is IMPOSSIBLE(00:12:49) Make the process run code for you(00:14:14) This already works on PyPy(00:15:13) How does it work?(00:25:38) Why a file?(00:31:15) What if you don't trust Pablo?(00:32:57) sys.remote_exec()(00:36:09) Less obvious use cases(00:46:56) PART 2: BETS(00:55:44) PART 3: PR OF THE WEEK(00:55:50) Łukasz: syntax highlighting in PyREPL(01:10:14) Pablo's PR: allow the parser to activate future imports on the fly(01:20:11) PART 4: WHAT'S GOING ON IN CPYTHON(01:20:22) Free threading(01:23:30) Performance(01:34:41) PEP 765 implemented(01:36:08) concurrent.futures.Executor.map(buffersize=)(01:36:57) io.Reader and io.Writer(01:38:40) Pabluco's linecache fetching interactive source code(01:41:25) ast.unparse() roundtrip with semicolons(01:41:59) OUTRO

In today's episode of Exploit Brokers, we dive deep into two major security threats making waves across the digital world. A critical Remote Code Execution (RCE) vulnerability in Microsoft Outlook is putting millions of users at risk, with hackers exploiting it through spear phishing emails and malicious links. Not only that, but we're also uncovering the stealthy tactics of the notorious North Korean hacking group, Kimsuky. They're evolving their methods with custom RDP wrappers and proxy tools to evade detection while gaining unauthorized access to systems. Stay informed about the latest threats, learn how to keep your systems secure, and protect yourself from the growing wave of cyberattacks that are more dangerous than ever.  #OutlookRCE #Cybersecurity #Hacking #ExploitBrokers #CyberThreats #Phishing #RDPWrapper #Kimsuky #RemoteCodeExecution #MicrosoftSecurity #TechNews #Malware #DataBreach #EmailSecurity #Hackers #InfoSec #SecurityUpdates #cyberdefense

"Hello! I'm a Printer! Please Let Me In!" “Hello! I'm a printer! Please let me enter, thank you!” – It may sound absurd, but this is how attackers can trick your Linux systems through the cups-browsed service..   In this latest Threat Talk, Lieuwe-Jan Koning reveals, with ON2IT's Rob Maas and Luca Cipriano how a seemingly harmless printer can turn into a hacker's gateway to your network.   With open ports and weak default configurations, your Linux environment could be more exposed than you think.  

In today's episode, we dive deep into the fascinating yet troubling world of cybersecurity, exploring how even the most advanced antivirus software, firewalls, and endpoint security measures can fall short due to a single factor: human error. Despite the latest tech solutions, hackers continue to exploit one consistent vulnerability—users clicking on suspicious links and files. We'll discuss how phishing emails, malware, and outdated software create an entryway for cybercriminals, even in some of the most secure environments. Using two real-world cases, we'll uncover how modern-day malware such as Remcos RAT and Smoke Loader Trojan bypass standard security protocols. These cyber threats often use a combination of remote code execution (RCE) vulnerabilities, phishing emails disguised as business orders, and cleverly crafted zip files that hide malicious content. What's even more shocking? These vulnerabilities have been known for years, yet are still exploited due to outdated software and a lack of user awareness. Whether you're an individual trying to protect your personal data or part of an organization concerned with cybersecurity, this video is packed with insights on staying safe online. Learn how to spot phishing attempts, recognize the importance of regular software updates, and understand why cybersecurity training is essential to protecting yourself and your organization from potential threats. If you enjoy this breakdown, don't forget to hit the like button, subscribe, and click the notification bell to stay updated with more cybersecurity insights! Your support helps the channel grow and allows us to bring more content your way. Let's keep your digital world safe—one informed click at a time. #Cybersecurity #Malware #DataBreach #Phishing #CyberThreats #RemoteCodeExecution #RemcosRAT #SmokeLoader #UserAwareness #TechNews #CyberAttack #OnlineSafety #DigitalSecurity #Antivirus #CyberHygiene #TechExplained #StaySafeOnline #CybersecurityTips #DataProtection #Infosec

[Referências do Episódio] BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar - https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar  Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution - https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html  Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command - https://www.trendmicro.com/en_us/research/24/i/banking-trojans-mekotio-looks-to-expand-targets--bbtok-abuses-ut.html  TIDRONE Targets Military and Satellite Industries in Taiwan - https://www.trendmicro.com/en_us/research/24/i/tidrone-targets-military-and-satellite-industries-in-taiwan.html   Veeam Security Bulletin (September 2024) - https://www.veeam.com/kb4649  New Eucleak attack lets threat actors clone YubiKey FIDO keys - https://www.bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keys/  Russian Military Cyber Actors Target US and Global Critical Infrastructure - https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a  Predator Spyware Infrastructure Returns Following Exposure and Sanctions - https://www.recordedfuture.com/research/predator-spyware-infrastructure-returns-following-exposure-sanctions  Tropic Trooper spies on government entities in the Middle East - https://securelist.com/new-tropic-trooper-web-shell-infection/113737/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Starting in October, all Microsoft Azure customers will be required to have multi-factor authentication (MFA) enabled on their accounts.Documents from a lawsuit revealed that over 2.9 billion records are vulnerable after a massive hack of the Florida-based National Public Data network.Microsoft recently advised of a critical TCP/IP Remote Code Execution Vulnerability dubbed CVE 2024-38063, which is a critical unauthenticated Remote Code Execution - or RCE - vulnerability within the Windows TCP/IP stack. Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level.

The Automox Security Team discusses August 2024's Patch Tuesday, including a SmartScreen remote code execution vulnerability, a Windows kernel elevation of privilege vulnerability, and print spooler elevation vulnerabilities. They emphasize the importance of user education, keeping operating systems and software up to date, and implementing network segmentation. The conversation also touches on the need to modernize infrastructure and be aware of the services running within server stacks.

Emmanuel, Guillaume et Arnaud discutent des nouvelles de l'été. JEPs, transactional outbox pattern avec Spring, LLM dans Chrome, faille polyfill.io, TOTP, congés illimités et IDE payant ou pas payant ? Enregistré le 12 juillet 2024 Téléchargement de l'épisode LesCastCodeurs-Episode-314.mp3 News Langages Les fonctionnalités de JDK 23 ont été figées début Juin (release prévue en septembre) https://openjdk.org/projects/jdk/23/ https://www.youtube.com/watch?v=kzjGp7LmW0I JEPs finales: 467: Markdown Documentation Comments 471: Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal 474: ZGC: Generational Mode by Default JEPs en incubation / preview 455: Primitive Types in Patterns, instanceof, and switch (Preview) 466: Class-File API (Second Preview) 469: Vector API (Eighth Incubator) 473: Stream Gatherers (Second Preview) 476: Module Import Declarations (Preview) 477: Implicitly Declared Classes and Instance Main Methods (Third Preview) 480: Structured Concurrency (Third Preview) 481: Scoped Values (Third Preview) 482: Flexible Constructor Bodies (Second Preview) Librairies Le transactional outbox pattern avec Spring Boot https://www.wimdeblauwe.com/blog/2024/06/25/transactional-outbox-pattern-with-spring-boot/ transactional outbox permet d'éviter des 2PC ou des désynchronisations de resources: typiquement un commit dans une base et un envoie de message dans un bus on ecrit le message dans une table de la base de données, et un process séparé récupère les messages et les envoient dans le bus implémentation utilise Spring Integration dans l'article, la seconde resource est l'envoie d'email montre une approche de tests le flow descrit pas psring integration est pas super trivial a lire quand on est pas familier mais cela poll la table toutes les secondes et envoie email et si succes de l'appel de service, vide le message de la table Deuxieme exemple avec Spring modulith qui a un event bus interne qui peut être persisté décrit les differences avec spring integration et les limites de l'approche modulith (message order, retry etc) Comment tester des valeurs de propriétés différentes dans un test Quarkus https://quarkus.io/blog/overriding-configuration-from-test-code/ on a tendance a ne pas tester les propriétés de config ce blog montre 5 (enfin 4 utiles) façons de le faire avec Quarkus. les profils de test, mocker l'objet de config, les test components (experimental), l'injection dans les constructeurs Quarkus 3.12 https://quarkus.io/blog/quarkus-3-12-0-released/ centralisation des configs TLS support pour le load shedding (reject requests on service overload) événements JFR specific a Quarkus native image agent support Spring Boot 3 (compat layer) Support Kotlin 2 etc Cloud On vous parlait dans un épisode précédent de ce problème de coûts S3 sur des requêtes non autorisées. C'est Graphana Loki qui a mis ce problème sous les projecteurs https://grafana.com/blog/2024/06/27/grafana-security-update-grafana-loki-and-unintended-data-write-attempts-to-amazon-s3-buckets/ le problème venait des valeurs par défaut des buckets déclarés dans le chart helm de Loki, en particulier celui nommé ‘chunks' Data et Intelligence Artificielle Guillaume avait partagé l'information sur la disponibilité prochaine d'un mini modele LLM dans chrome. C'est maintenant une réalité et vous pouvez le tester. https://ai-sdk-chrome-ai.vercel.app/ Nécessite Chrome 127 (version stable à partir de mi-juillet) Utilise le SDK Vercel AI Guillaume nous parle de toutes les nouveautés liées au modèle Gemini de Google dans la dernière release de LangChain4j https://glaforge.dev/posts/2024/07/05/latest-gemini-features-support-in-langchain4j/ Outillage 1% des utilisateurs de Maven Central utilisent 83% de sa bande passante. Installez un repository manager qui fait proxy (et cela pour tous les types de dépendances)!!! https://www.sonatype.com/blog/maven-central-and-the-tragedy-of-the-commons rien n'est réellement gratuit et l'abus d'une minorité peut nuire à l'ensemble. Cela fait maintenant plus de 20 ans que les communautés le répète: installer un gestionnaire de dépendances dans votre infrastructure (nexus, artifactory, CodeArtifact, …). En plus de protéger le bien commun cela vous permet de raffiner le filtrage des dépendances, d'assurer la reproductibilité de vos builds, d'optimiser les performances (et réduire les coûts) en ne téléchargeant que depuis votre propre infrastructure, etc … Maven Central est un commun qui ne coute rien à l'utilisteur mais qui est indispensable à tous 1000 milliards de téléchargements l'année dernière 83% de la bande passante consommé par 1% des IPs Beaucoup des ces IP viennent des companies les plus larges proxy pour réduire charge sur central, réduire couts ingress/egress ils vont implementer un mécanisme de throttling question est-ce que la concentration des IPs veut juste dire que c'est le dernier noeud mais que cacher n'est pas effectif pour eux et qu'il y a des milliers de clients derrière une IP? le trotting ferait mal et le proxy ne marche plus dans un monde ou le dev est dans le cloud et distribue géographiquement Comment mettre en place backstage, ici avec un projet Spring Boot utilisant CircleCi, Renovate, SonarCloud… https://piotrminkowski.com/2024/06/13/getting-started-with-backstage/ Cet article explique comment utiliser backstage pour fournir à vos équipes un template d'une application spring-boot. Elle est automatiquement crée sous forme d'un repository git(hub) avec les integrations classiques pour gérer la CI (via CircleCI), la qualité (via SonarCloud), la mise à jour de dépendances (via Renovate) et bien sur son référencement sur le portail backstage. tutoriel tres complet tres facilement remplacable pour un project avec votre technologie preferee (pas specifique a Spring Boot, ou Java) Architecture Que se passe t'il quand vous faites un push sur GitHub? https://github.blog/2024-06-11-how-we-improved-push-processing-on-github/ GitHub explique comment ils ont amélioré leur architecture, notamment en mettant en place Kafka pour distribuer les actions qui découlent d'un push sur GitHub. paralelisation des taches (avant sequentiel) limitation des dependances entre etapes effectuées lors d'un push plus de taches peuvent faire un retry un classique de decoupling via un EDA Sécurité Attaque du CDN polyfill.io https://sansec.io/research/polyfill-supply-chain-attack polyfill c'est un support de nouvelles fonctionalites dans les ancien navigateurs servi par cdn notamment une societe chinoise a achete le domaine et le github et injecte du malware qui pointe sur des serveurs qui servent le malware selectivement (device, admin ou pas, heure de la journée) Fastly et Cloudflare on des deploiements alternatiuve Une faille de sécurité, de type Remote Code Execution, vieille de 10ans, dans CocoaPods, un gestionnaire de dépendances très utilisé dans le monde Apple (macOS et iOS) https://securityboulevard.com/2024/07/cocoapods-apple-vulns-richixbw/ https://cocoapods.org/ / https://cocoapods.org/ est un gestionnaire de dépendances pour les projets Xcode. Les dependances (Pods) sont publiées sous forme de Specs qui sont référencées dans un Specs Repo (une sorte de Maven central mais seulement avec des metadonnées) CVE-2024-38366 est une vulnérabilité de type remote code execution avec un score CVSS de 10 La faille existait depuis 10 ans et a été corrigée en Sept 2023. Elle permettait d'avoir un accès root sur trunk.cocoapods.org qui stock les Specs. Elles auraient donc pu être modifiées sans que les auteurs ne s'en apperçoivent. Pas de preuve pour l'instant que la faille ait été exploitée Mieux comprendre la double authentification avec TOTP https://hendrik-erz.de/post/understanding-totp-two-factor-authentication-eli5 Cet article revient sur le fonctionnement de TOTP et comment l'implementer avec des exemples en python the QR code est une URL qui contient: le secret en base 32. le nom du totp, qui a fournit le TOTP, combien de chiffres et la durée de vie du TOTP pour generer les chiffres, prends le secret, le temps et hash le tout, prendre 4 bytes et les convertir le chiffres typiquement le serveur genere les deux d'avant, les deux d'apres et le courant pour comparer Loi, société et organisation L'équipe Apache Maven gagne le troisième prix BlueHats https://nlnet.nl/bluehatsprize/2024/3.html le projet remporte un gain de 10000€. Ce prix est organisé par le gouvernement français afin de récompenser les projets open sources les plus impactants. La clause de congés illimités en Europe https://www.osborneclarke.com/insights/why-your-unlimited-vacation-policy-may-be-of-limited-use-in-europe Les politiques de congés illimités, populaires aux États-Unis, ne sont pas aussi avantageuses en Europe. En Europe, les employeurs doivent suivre les congés pris pour respecter les minima légaux de quatre semaines par an donc ils ne peuvent pas economiser sur le faire de ne plus les gérer. Les congés illimités permettent aux US de ne plus à devoir les payer au départ de l'employé. En Europe les employeurs doivent payer les congés non utilisés lors de la fin du contrat. Les employés européens pourraient prendre davantage de congés, car ils sont mieux protégés contre le licenciement. Les jours de maladie sont plus cadrés en europe. Un employé qui souffre d'une maladie longue pourrait utiliser les congés illimités mais ce ne sont pas les même règles qui s'appliquent OpenDNS n'est plus disponible en France et au Portugal https://support.opendns.com/hc/en-us/articles/27951404269204-OpenDNS-Service-Not-Available-To-Users-In-France-and-Portugal A priori Cisco qui opère openDNS en a marre des demandes de restrictions spécifiques à nos pays et préfère donc retirer entièrement l'accès au service plutôt que de se conformer à la nième demande de restrictions qui faisait suite à la plainte du groupe Canal+ portant sur l'accès à des sites illicites de streaming pour du sport Ask Me Anything Salut ! Êtes-vous plutôt IDE payants (ex : IJ Ultimate, ou des plugins payants), ou ne jurez-vous que par des outils gratuits ? Un peu des deux ? Si adaptes du payant, ça ne vous déprime pas qu'un nombre considérable d'employeurs rechignent à nous payer nos outils ? Que “de toute façon VSCode c'est gratuit” (à prononcer avec une voix méprisante) ? Quid du confort, ou de la productivité et/ou qualité accrue quand on maîtrise de tels outils ? Merci ! Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6 septembre 2024 : JUG Summer Camp - La Rochelle (France) 6-7 septembre 2024 : Agile Pays Basque - Bidart (France) 17 septembre 2024 : We Love Speed - Nantes (France) 17-18 septembre 2024 : Agile en Seine 2024 - Issy-les-Moulineaux (France) 19-20 septembre 2024 : API Platform Conference - Lille (France) & Online 25-26 septembre 2024 : PyData Paris - Paris (France) 26 septembre 2024 : Agile Tour Sophia-Antipolis 2024 - Biot (France) 2-4 octobre 2024 : Devoxx Morocco - Marrakech (Morocco) 7-11 octobre 2024 : Devoxx Belgium - Antwerp (Belgium) 8 octobre 2024 : Red Hat Summit: Connect 2024 - Paris (France) 10 octobre 2024 : Cloud Nord - Lille (France) 10-11 octobre 2024 : Volcamp - Clermont-Ferrand (France) 10-11 octobre 2024 : Forum PHP - Marne-la-Vallée (France) 11-12 octobre 2024 : SecSea2k24 - La Ciotat (France) 16 octobre 2024 : DotPy - Paris (France) 16-17 octobre 2024 : NoCode Summit 2024 - Paris (France) 17-18 octobre 2024 : DevFest Nantes - Nantes (France) 17-18 octobre 2024 : DotAI - Paris (France) 30-31 octobre 2024 : Agile Tour Nantais 2024 - Nantes (France) 30-31 octobre 2024 : Agile Tour Bordeaux 2024 - Bordeaux (France) 31 octobre 2024-3 novembre 2024 : PyCon.FR - Strasbourg (France) 6 novembre 2024 : Master Dev De France - Paris (France) 7 novembre 2024 : DevFest Toulouse - Toulouse (France) 8 novembre 2024 : BDX I/O - Bordeaux (France) 13-14 novembre 2024 : Agile Tour Rennes 2024 - Rennes (France) 20-22 novembre 2024 : Agile Grenoble 2024 - Grenoble (France) 21 novembre 2024 : DevFest Strasbourg - Strasbourg (France) 21 novembre 2024 : Codeurs en Seine - Rouen (France) 27-28 novembre 2024 : Cloud Expo Europe - Paris (France) 28 novembre 2024 : Who Run The Tech ? - Rennes (France) 3-5 décembre 2024 : APIdays Paris - Paris (France) 4-5 décembre 2024 : DevOpsRex - Paris (France) 4-5 décembre 2024 : Open Source Experience - Paris (France) 6 décembre 2024 : DevFest Dijon - Dijon (France) 22-25 janvier 2025 : SnowCamp 2025 - Grenoble (France) 16-18 avril 2025 : Devoxx France - Paris (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

A newly revealed OpenSSH vulnerability can open enterprises to remote code execution. We explain what is happening, why you should care, and what to do about it.

Get the latest Patch Tuesday releases, mitigation tips, and learn about custom automations (aka Automox Worklets) that can help you with CVE remediations.

In today's episode, we discuss fake browser updates distributing BitRAT and Lumma Stealer via Discord (https://thehackernews.com/2024/06/beware-fake-browser-updates-deliver.html), a malicious npm package targeting Gulp users with a RAT (https://thehackernews.com/2024/06/researchers-uncover-rat-dropping-npm.html), and the high-severity Atlassian Confluence RCE vulnerability (CVE-2024-21683) for which a PoC is now available (https://www.helpnetsecurity.com/2024/06/03/cve-2024-21683-poc/). Tune in to learn about these critical cybersecurity threats and how you can protect your systems.Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Browser Updates, Cybersecurity Threat, BitRAT, Lumma Stealer, eSentire, Fake Browser Updates, Discord, Malicious npm Package, Gulp Toolkit, Remote Access Trojans, Software Supply Chain Attacks, CVE-2024-21683, Atlassian Confluence, Remote Code Execution, Cyber Attackers, Cybersecurity Researchers, Downloader Malware, Exploit, Developer Security, Cyber Attack Mitigation Search Phrases: How to avoid fake browser updates BitRAT malware detection What is Lumma Stealer Discord used for malware distribution Malicious npm packages 2024 Latest remote access trojans CVE-2024-21683 Atlassian Confluence vulnerability Protect against software supply chain attacks eSentire cybersecurity report Remote code execution in Atlassian Confluence https://thehackernews.com/2024/06/beware-fake-browser-updates-deliver.html Rise of Fake Browser Updates as Malware Vectors: Cybercriminals now use fake browser updates to distribute BitRAT and Lumma Stealer malware. These attacks typically start when users visit compromised websites that redirect them to fraudulent update pages. Actionable Insight: Avoid downloading updates from unfamiliar sources; always verify the legitimacy of update prompts through official channels. Discord as a Malware Distribution Platform: Attackers use Discord to host malicious files, leveraging its widespread use among legitimate users. Bitdefender found over 50,000 harmful links on Discord in the past six months. Actionable Insight: Exercise caution when downloading files from Discord and report suspicious links to platform moderators. Sophisticated Attack Chain Mechanisms: Attacks involve JavaScript and PowerShell scripts within ZIP files to execute malware. These scripts load additional payloads disguised as PNG image files, adding a layer of obfuscation. Actionable Insight: Use advanced endpoint protection that can detect and mitigate script-based attacks. BitRAT and Lumma Stealer Capabilities: BitRAT can harvest data, mine cryptocurrency, and take control of infected devices. Lumma Stealer, available for rent, steals information from web browsers and crypto wallets. Actionable Insight: Regularly update and patch software, employ strong passwords, and use multi-factor authentication to protect sensitive information. Emerging Threats: Drive-by Downloads and Malvertising: Fake browser update attacks often utilize drive-by downloads and malvertising techniques. Recent campaigns trick users into manually executing malicious PowerShell code under the guise of browser updates. Actionable Insight: Educate users on the risks of drive-by downloads and ensure robust network defenses are in place. Lumma Stealer's Growing Popularity: Lumma Stealer logs for sale increased by 110% from Q3 to Q4 2023, indicating its effectiveness and high success rate. Actionable Insight: Implement continuous monitoring and threat intelligence to detect and respond to emerging threats promptly. Exploiting Pirated Software: Attackers use pirated software and adult game installers to distribute various malware, including Orcus RAT and XMRig miner. Actionable Insight: Avoid using pirated software and educate users about the risks involved. CryptoChameleon's DNSPod Utilization: CryptoChameleon uses DNSPod servers for fast flux evasion, making it difficult to track and mitigate. Actionable Insight: Employ advanced DNS security measures and stay updated on threat actor tactics to enhance detection capabilities. Malicious npm Package Alert: Cybersecurity researchers discovered a suspicious npm package named "glup-debugger-log" targeting Gulp users. This package aims to drop a remote access trojan (RAT) on compromised systems. [Source: Phylum] Target Audience: The malicious package specifically targets developers using the Gulp toolkit by posing as a logger for Gulp plugins. So far, it has been downloaded 175 times. [Source: Phylum] Technical Breakdown: The package contains two obfuscated files working together. One file acts as an initial dropper to compromise the target machine and download additional malware. The other file provides persistent remote access to the attacker. [Source: Phylum] Detection Evasion: The malware includes checks for network interfaces, specific Windows OS types, and the number of files in the Desktop folder. This step likely aims to avoid deployment in controlled environments like virtual machines (VMs) or new installations. [Source: Phylum] Persistence Mechanism: If all checks pass, the malware launches another script to set up persistence and execute commands from a URL or local file. It establishes an HTTP server on port 3004 to listen for incoming commands. [Source: Phylum] Capabilities: The RAT can execute arbitrary commands and send the output back to the attacker. Despite its minimal functionality, the malware is sophisticated due to its obfuscation techniques and targeted approach. [Source: Phylum] Industry Implications: This discovery highlights the evolving landscape of malware in open-source ecosystems. Attackers are increasingly using clever techniques to create compact, efficient, and stealthy malware. [Source: Phylum] Critical Update Alert: If you self-host Atlassian Confluence Server or Data Center, immediately upgrade to the latest version to fix a remote code execution (RCE) flaw, CVE-2024-21683. The PoC and technical details are already public. (Source: SonicWall) Vulnerability Details: CVE-2024-21683 allows attackers to exploit Confluence via a specially crafted JavaScript language file, with no user interaction required. However, attackers must be logged in and have privileges to add new macro languages. (Source: SonicWall) Technical Insight: The flaw lies in the input validation mechanism of the 'Add a new language' function in the 'Configure Code Macro' section. Insufficient validation allows the injection of malicious Java code. (Source: SonicWall) Exploit Conditions: To exploit, an attacker needs network access to the system, the ability to add new macro languages, and a forged JavaScript file containing malicious Java code. (Source: SonicWall) Proof of Concept: A working PoC is available on GitHub, showcased by security researcher Huong Kieu, highlighting the ease with which this vulnerability can be weaponized. (Source: GitHub) Upgrade Urgency: Given Confluence's critical role in many organizations' knowledge bases, users are strongly advised to upgrade to the latest versions as per the vendor advisory to mitigate potential exploits. (Source: SonicWall) Impact and Mitigation: The vulnerability has a high impact on system confidentiality, integrity, and availability. SonicWall has released IPS signatures (4437 and 4438) to protect against exploitation. (Source: SonicWall) Listener Engagement: Have you upgraded your Confluence instance yet? What's your strategy for handling such critical updates? Share your thoughts with us!

Dans ce long…. épisode, Emmanuel, Guillaume et Arnaud discutent de l'actualité avec Chicori (un runtime WASM en Java), Jakarta Data, Quarkus 3.10, Spring AI, Hibernate 6.5, mais aussi quelques retours aux basiques (timezones, rate limiting, …). Gros focus sur les nouveautés annoncées à Google I/O 2024 et dans l'écosystème IA en général avec les annonces d'OpenAI, Claude, Grok et d'autres. Différents outils sont aussi couverts comme Git, IntelliJ, ASDF, BLD, S3. Et enfin des sujets sur la haute disponibilité de Keycloak, la ré-indexation sans downtime, les challenges des implémentations alternatives, le mode vigilant dans GitHub, Redis et les changements de license, et les investissements de Microsoft et AWS en France dans le cadre du programme #ChooseFrance. N'hésitez pas à nous soumettre vos questions sur https://lescastcodeurs.com/ama nous y répondrons dans les prochains épisodes. Enregistré le 17 mai 2024 Téléchargement de l'épisode LesCastCodeurs-Episode-312.mp3 News Langages Un runtime WASM en Java https://github.com/dylibso/chicory Projet tout nouveau, encore loin de la maturité Mais intéressant à suivre pour exécuter du code WebAssembly dans une application Java le projet n'a pas 15 jours non plus quand même :) Faire tourner des plugins WASM dans la JVM (e.g. plugins) On peut faire des heap dump en cas de OutOfMemoryException en compilation native https://quarkus.io/blog/heapdump-oome-native/ depuis JDK 21 Un exemple avec Quarkus Et le GC epsilon 100 exercices pour se mettre à Rust https://rust-exercises.com/ Librairies Hibernate 6.5 est sorti https://in.relation.to/2024/04/25/orm-650/ cache full pour les entités et leur collections (le défaut est shallow) Java record pour les @IdClass Les filtres peuvent être auto activés par défaut (vs à faire sur chaque session). Les filtres sont pas mal pour gérer par exemple des soft delete Keybased pagination pour éviter les trous de résultant en cas de modification d'entités en parallèle de.une recherche paginée. S.appuie sur une clé unique et ordonnée genre ISBN Une tech preview de Jakarta Data En parlant de Jakarta Data, deux articles sur le sujet https://in.relation.to/2024/04/01/jakarta-data-1/ https://in.relation.to/2024/04/18/jakarta-data-1/ concept de repository pas lié à une entité mais à une relation logique entre les recherches interagit via stateless session et est un bean CDI Code généré bien sur 4 opérateur crud et les requêtes save est up sert Type sage au sens ou le nom des méthodes n'est pas la logique de recherche Annotation et nom des paramètres et c'est type safe via un annotation processor ou string dans @Query qui est type safe aussi via le processeur discute plus de type safety et pagination Quarkus 3.10 avec quelques nouveautés https://quarkus.io/blog/quarkus-3-10-0-released/ flyway 10 arrive avec support natif Hibernate search supporte le standalone POJO mapper notamment pour elastic search (pas que ORM) Modification des propriétés Quarkus.package automatiquement remplacées par quarkus update et Quarkus 3.9 a fait son grand renommage réactif https://quarkus.io/blog/quarkus-3-9-1-released/ Clarifier que les extensions réactive n'imposent pas des apis réactives et seulement leur cœur implémenté en réactif ou offre optionellement des apis reacrive Les gens pensaient à tors que les réactives imposaient le modèle de programmation la encore quarkus update à la rescousse Un article sur l'api structured output pour Spring AI https://spring.io/blog/2024/05/09/spring-ai-structured-output un article descriptif sur quand cette api est utilisée Et les détails de son usage Comment passer une TimeZone dans spring boot et ce que cela impacte en terme de composants https://www.baeldung.com/spring-boot-set-default-timezone du basique mais toujours utile Task ou app Programmatiquement Sur certains lifecycles de Spring Infrastructure Un article et la vidéo de Devoxx France sur la haute disponibilité de Keycloak, comment c'est implémenté https://www.keycloak.org/2024/05/keycloak-at-devoxx-france-2024-recap l'infra d'identité est une infra clé Donc gérer la haute disponibilité est critique C'est un article qui pointe sur une vidéo de Devoxx France et la doc de keycloak sur comment tout cela est implémenté Cloud Comment se ruiner avec des buckets S3 https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 Amazon fait payer pour les requêtes non autorisées Il suffit de connaître le nom d'un bucket pour faire payer son propriétaire Amazon travaille pour fournir une solution / un fix. il est tombé par hasard sur un nom de bucket utilisé « pour de faux » par un outil open source populaire Bien rajouter un suffixe à ses buckets peut réduire le risque Mais pas l'éliminer un fix a été livré par amazon https://aws.amazon.com/about-aws/whats-new/2024/05/amazon-s3-no-charge-http-error-codes/ Data et Intelligence Artificielle Guillaume résume GoogleIO https://x.com/techcrunch/status/1790504691945898300?s=61&t=WImtt07yTQMhhoNPN6lYEw AI overview plus besoin d'aller sur les sites Google I/O 2024 Google I/O 2024 résumé en vidéo de 10 minutes https://www.youtube.com/watch?v=WsEQjeZoEng et en 100 bullet points https://blog.google/technology/ai/google-io-2024-100-announcements/ Message de Sundar Pichai https://blog.google/inside-google/message-ceo/google-io-2024-keynote-sundar-pichai/#creating-the-future Project Astra, un assistant universel, sur smartphone avec qui on peut avoir une conversation normale et à qui montrer avec la caméra ce qui nous entoure https://www.theverge.com/2024/5/14/24156296/google-ai-gemini-astra-assistant-live-io Nouveau modèle Gemini 1.5 Flash, quasi aussi performant que le nouveau Gemini 1.5 Pro, mais beaucoup plus rapide (premiers tokens dans la seconde) et aussi moins cher https://blog.google/technology/developers/gemini-gemma-developer-updates-may-2024/ Gemini 1.5 Pro est Gemini 1.5 Flash sont disponibles avec une fenêtre de contexte d'un million de tokens, mais il y a une liste d'attente pour tester une fenêtre de 2 millions de tokens https://aistudio.google.com/app/waitlist/97595554 https://cloud.google.com/earlyaccess/cloud-ai?e=48754805&hl=en PaliGemma un nouveau modèle de vision ouvert dans la famille Gemma (pour faire du Q&A du sous-titrage) et preview de Gemma 2, avec une version à 27 milliards de paramètres https://developers.googleblog.com/en/gemma-family-and-toolkit-expansion-io-2024/ Gemini disponible dans les IDEs : Android Studio, IDX, Firebase, Colab, VSCode, Cloud and Intellj Gemini AI Studio enfin disponible en Europe Gemini supporte le parallel function calling et l'extraction de frame dans les vidéos Trillium, la 6ème version des TPU (Tensor Processing Unit), les processeurs spécifiques ML dans Google Cloud, 5 fois plus puissant que la génération précédente et 67% plus efficace en énergie https://cloud.google.com/blog/products/compute/introducing-trillium-6th-gen-tpus Le projet NotebookLM rajoute une fonctionnalité de Audio Overview qui permet de discuter avec son corpus de documents avec une conversation vocale https://notebooklm.google.com/ On peut appliquer le “grounding” avec Google Search pour l'API Gemini, pour que le modèle Gemini puisse chercher des informations complémentaires dans Google Search https://cloud.google.com/blog/products/ai-machine-learning/vertex-ai-io-announcements Annonce de Imagen 3, la future version de du modèle de génération d'images Imagen qui améliore la qualité et possède un très bon support du texte dans les images (objectif de disponibilité à l'été) https://blog.google/technology/ai/google-generative-ai-veo-imagen-3/#Imagen-3 https://deepmind.google/technologies/imagen-3/ DeepMind annonce Veo, un nouveau modèle de génération de vidéo très convaincant qui peut faire des vidéos en 1080p de 60s, mais en combinant plusieurs prompts successifs, il peut générer des vidéos plus longues qui s'enchainent https://deepmind.google/technologies/veo/ VideoFX, ImageFX et MusicFX, des expérimentations de Google AI intégrant Imagen 3 et Veo (pas encore disponibles en Europe) https://blog.google/technology/ai/google-labs-video-fx-generative-ai/ Gemini Advanced https://blog.google/products/gemini/google-gemini-update-may-2024/#context-window Les utilisateurs de Gemini Advanced (l'application web) utilisent Gemini 1.5 Pro avec la fenêtre de contexte de 1 million de tokens, la possibilité de charger des documents de Google Drive, et bientôt la possibilité de générer des graphiques. Gemini Advanced rajoute aussi la capacité de générer des itinéraires de voyage (avec intégration de Google Flights, etc) Fonctionnalité Gemini Live pour avoir une conversation vocale naturelle avec Gemini https://blog.google/products/gemini/google-gemini-update-may-2024/#gemini-live Gem : des plugins pour Gemini Advanced pour créer ses propres assistants personnalisés https://blog.google/products/gemini/google-gemini-update-may-2024/#personalize-gems Ask Photos, on peut poser à Google Photos des questions plus complexes comme “quelle est ma plaque d'immatriculation” et Photos devine que parmi toutes les photos de voitures lequelle est certainement la nôtre et extrait le numéro de plaque https://blog.google/products/photos/ask-photos-google-io-2024/ Même dans Google Messages vous pourrez échanger avec Gemini Google Search https://blog.google/products/search/generative-ai-google-search-may-2024/ Rajout d'un modèle Gemini spécial search intégré qui permet à Google Search de répondre aux questions de la barre de recherche avec une raisonnement multi-étapes, en étant capable de faire de la planification, en mode multimodal (texte, image, vidéo, audio) Planning de repas et de voyage, supporté dans Gemini, va arriver aussi dans Search Gemini 1.5 Pro est disponible dans le panneau latéral de Gmail, Docs, Sheets, Drive https://blog.google/products/workspace/google-gemini-workspace-may-2024-updates/ SynthID va même fonctionner pour du texte https://deepmind.google/discover/blog/watermarking-ai-generated-text-and-video-with-synthid/ Gemini Nano bientôt disponible dans les prochaines version de Chrome, pour utiliser le LLM directement dans le navigateur Android Seconde béta d'Android 15 https://android-developers.googleblog.com/2024/05/the-second-beta-of-android-15.html Private space pour garder des apps secures avec un niveau d'authentification supplémentaire Google collabore avec Samsung et Qualcomm sur la réalité augmentée dans Android https://developers.googleblog.com/en/google-ar-at-io-2024-new-geospatial-ar-features-and-more/ Project Gameface arrive sur Android (pour diriger Android avec les yeux, avec les expressions du visage, pour l'accessibilité) https://developers.googleblog.com/en/project-gameface-launches-on-android/ Gemini Nano va passer en multimodal, pas juste du texte Circle to search étendu à 100 millions de téléphones supplémentaires supportant Nano et va permettre de poser des questions, par exemple pour l'aide aux devoirs des enfants https://blog.google/products/android/google-ai-android-update-io-2024/#circle-to-search Detect phone scam on device with Gemini Nano Talkback, l'application pour l'accessibilité dans Android, va tirer parti de la multimodalité de Gemini Nano Bientôt de la génération d'image qu'on pourra intégrer dans ses mails, ses messages Wear OS https://android-developers.googleblog.com/2024/05/whats-new-in-wear-os-io-24.html Travail sur l'économie d'énergie pour faire durer les montres plus longtemps avant la prochaine recharge. Par exemple, 20% de consommation en moins lorsqu'on court un marathon ! Plus de type de données pour les activités physiques Project IDX accessible sans liste d'attente https://developers.googleblog.com/en/start-building-with-project-idx-today/ Firebase annonce 3 nouveaux produits https://developers.googleblog.com/en/whats-new-in-firebase-io-24/ Data Connect, un backend-as-a-service avec PostgreSQL https://firebase.google.com/products/data-connect App Hosting, hosting d'application Next et Angular https://firebase.google.com/products/app-hosting Genkit, a GenAI framework for app developers https://firebase.google.com/products/genkit Dart 3.4 avec support de Wasm comme target de compilation https://medium.com/dartlang/dart-3-4-bd8d23b4462a OpenAI lance son nouveau modèle: gpt-4o http://openai.com/index/hello-gpt-4o/ https://x.com/openaidevs/status/1790083108831899854?s=46&t=GLj1NFxZoCFCjw2oYpiJpw Audio, vision et reconnaissance de texte en realtime Plus rapide et 50% moins cher que son prédécesseur 4-turbo https://claude.ai/ est disponible en europe Claude, le modèle est créé par Anthropic: Claude est un assistant IA basé sur un grand modèle de langage entraîné selon des principes éthiques stricts. Il accorde une grande importance à l'honnêteté, l'impartialité et le respect de l'être humain. Son raisonnement repose sur une compréhension profonde des concepts plutôt que sur de simples associations statistiques. Il cherche activement à corriger les éventuels biais ou erreurs. Claude est polyvalent et peut s'adapter à différents styles de communication et niveaux de complexité selon le contexte. Il maîtrise de nombreux domaines académiques et scientifiques. Il est capable d'introspection sur ses propres processus de pensée et ses limitations. La vie privée et la confidentialité sont des priorités pour lui. Claude continue d'apprendre et de s'améliorer grâce aux interactions avec les humains. Son but est d'être un assistant fiable, éthique et bienveillant. quelqu'un sait comment ils font pour raisonner et pas juste LLM statistiquer? Comment ils prouvent cela ? C'est du code à part? Grok le modèle de X/Twitter/Musk est aussi dispo en Europe https://x.com/x/status/1790917272355172401?s=46&t=GLj1NFxZoCFCjw2oYpiJpw un truc unique c'est qu'il utilise les tweet comme reference sur ce qu'il dit. Par exemple demande les meilleurs Java Champions et c'est sur les tweet recents , probablement une sorte de RAG ou une sorte de fine tuning sur les derniers tweets, je ne sais pas L'algorithm des modeles de diffusion expliqués https://x.com/emmanuelbernard/status/1787565568020619650 deux articles, un general et lisible l'autre plus abscon mais avec certains details interessants sur le downsizing étapes ajout de bruit à des images (learning) pour après appliquer le process opposé le reverse diffusion process On prédit le bruit à enlever, on l'enlève et on repère le processus. Et tout cela est influencé par le prompt. Reindexation sans downtime des données de documentation de Quarkus, en quarkus bien sûr https://quarkus.io/blog/search-indexing-rollover/ utilise hibernate search Utilisé Elasticsearch / opensearch Article qui explique une des approches pour reindexer sans downtime via index alias Outillage Un article qui parle de l'outil de build bld, peu connu, qui permet d'écrire ses builds simplement dans une classe Java https://sombriks.com/blog/0070-build-with-bld-and-why-it-matters/ IntelliJ 2024.1 est sorti https://blog.jetbrains.com/idea/2024/05/what-s-new-in-intellij-idea-ultimate-2024-1/ complétion de ligne entière (deep learning) Assistant AI amélioré Spring Boot support amélioré sur bean completion et génération de diagramme Support de dev containers simplifié Amélioration support quarkus avec notamment icône dev ui et config des tests Support OpenRewrite Server wiremock et plein d'autres choses En version beta public, Homebrew permet de vérifier la provenance des packages (bottles) https://blog.trailofbits.com/2024/05/14/a-peek-into-build-provenance-for-homebrew/ Basé sur le système “build provenance” de sigstore https://docs.sigstore.dev/verifying/attestation/#validate-in-toto-attestations qui repose sur les attestations in-toto https://in-toto.io/ Mettez à jour git en version 2.45.1 pour fixer des failles de sécurité https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/ CVE-2024-32002 (Critique, Windows & macOS) : Les repos Git avec des sous-modules peuvent tromper Git pour lui faire exécuter un hook (élément de script) à partir du répertoire .git/ pendant une opération de clonage, permettant l'exécution de code à distance (Remote Code Execution). CVE-2024-32004 (Important, machines multi-utilisateurs) : Un attaquant peut concevoir un repo local qui exécute du code arbitraire lors du clonage. CVE-2024-32465 (Important, toutes les configurations) : Le clonage à partir de fichiers .zip contenant des repos Git peut contourner les protections, et potentiellement exécuter des hooks malveillants. CVE-2024-32020 (Faible, machines multi-utilisateurs) : Les clones locaux sur le même disque peuvent permettre à des utilisateurs non approuvés de modifier des fichiers liés physiquement (hard link) dans la base de données des objets du repo cloné. CVE-2024-32021 (Faible, machines multi-utilisateurs) : Le clonage d'un repo local avec des liens symboliques (symlinks) peut entraîner la création de liens physiques vers des fichiers arbitraires dans le répertoire objects/. Architecture Visualisation des algorithmes de rate limitation https://smudge.ai/blog/ratelimit-algorithms Méthodologies Le problème de l'implémentation alternative https://pointersgonewild.com/2024/04/20/the-alternative-implementation-problem/ Article par un développeur qui a développé des Just-in-Time compiler pour différents langages Remarqué que développer une implémentation alternative d'un langage (par exemple) n'a jamais vraiment rencontré le succès Les gens préfèrent l'original à une alternative qui est dépendante de / a peine à suivre l'implémentation d'origine Pour son cas, sur le JIT, il a travaillé sur un JIT intégré directement dans CRuby (plutôt que faire son implémentation alternative comme TruffleRuby), et sont JIT est intégré maintenant dedans directement Plus facile de rejoindre / s'intégrer au projet plutôt que d'être une alternative pour laquelle il faut convaincre les gens de l'adopter Le mode vigilant dans GitHub https://x.com/emmanuelbernard/status/1790026210619068435 c'est la suite du blog wsur la signature des commits que j'ai fait ul y a quelques temps https://emmanuelbernard.com/blog/2023/11/27/git-signing-ssh/ Maintenant, GitHub rajoute de plus en plus d'infos si les signatures ne matchent pas ou ne sont pas présentes Loi, société et organisation Une perspective sur Redis et les changements de license par un devrel AWS OpenSearch https://www.infoworld.com/article/3715247/the-end-of-vendor-backed-open-source.html les sociétés regardent l'impact légal des licenses source available pour elles même en usage interne Ça casse l'écosystème de spécialisations au dessus du produit (logz.io au dessus d'elastic démarré avant le changement de license) Redis top 10 contribs à AWS et Alibaba er Huawei et 3 redis. Donc c'est pas redis qui contribue tout. La plupart des ingénieurs de redislab ne bossent pas sur redis OSS, mais sur cloud et entreprise Peut être la fin des single vendor oss Il n'y a que les cloud providers qui peuvent fournir du OSS sans affecter leur structure du coût C'est un ex AWS en fait. Maintenant indépendant Microsoft va investir 4 milliards en France (datacenters et IA) https://news.microsoft.com/fr-fr/2024/05/13/microsoft-announces-the-largest-investment-to-date-in-france-to-accelerate-the-adoption-of-ai-skilling-and-innovation/ Il ne sont pas les seuls dans le cadre du programme #chooseFrance https://www.info.gouv.fr/actualite/choose-france-un-record-de-15-milliards-deuros-dinvestissements-etrangers Mais cela n'est pas sans laisser de questions sur l'avenir de notre activité avec les US qui externalisent désormais leur silicon valley https://www.cybernetica.fr/la-france-laboratoire-de-la-silicon-valley-2-0/ Outils de l'épisode ASDF un gestionnaire de version multi-runtime https://asdf-vm.com Arnaud l'avait recommandé mais je restais sur rvm apres des deboires, je suis passé a asdf, qui fonctionne mais pour le jdk j'utilise sdkman pour les javaistes ca parrait plus poussé Conférences Les videos de Devoxx France sont en ligne https://www.youtube.com/playlist?list=PLTbQvx84FrARars1vXos7mlPdvYJmsEoK La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 16-17 mai 2024 : Newcrafts Paris - Paris (France) 22 mai 2024 : OpenInfra Day France - Palaiseau (France) 22-25 mai 2024 : Viva Tech - Paris (France) 24 mai 2024 : AFUP Day Nancy - Nancy (France) 24 mai 2024 : AFUP Day Poitiers - Poitiers (France) 24 mai 2024 : AFUP Day Lille - Lille (France) 24 mai 2024 : AFUP Day Lyon - Lyon (France) 28-29 mai 2024 : Symfony Live Paris - Paris (France) 1 juin 2024 : PolyCloud - Montpellier (France) 6 juin 2024 : WAX 2024 - Aix-en-Provence (France) 6-7 juin 2024 : DevFest Lille - Lille (France) 6-7 juin 2024 : Alpes Craft - Grenoble (France) 7 juin 2024 : Fork it! Community - Rouen (France) 11 juin 2024 : Cloud Toulouse - Toulouse (France) 11-12 juin 2024 : OW2con - Paris (France) 11-12 juin 2024 : PGDay Lille - Lille (France) 12-14 juin 2024 : Rencontres R - Vannes (France) 13-14 juin 2024 : Agile Tour Toulouse - Toulouse (France) 14 juin 2024 : DevQuest - Niort (France) 18 juin 2024 : Mobilis In Mobile 2024 - Nantes (France) 18 juin 2024 : BSides Strasbourg 2024 - Strasbourg (France) 18 juin 2024 : Tech & Wine 2024 - Lyon (France) 19-20 juin 2024 : AI_dev: Open Source GenAI & ML Summit Europe - Paris (France) 19-21 juin 2024 : Devoxx Poland - Krakow (Poland) 26-28 juin 2024 : Breizhcamp 2024 - Rennes (France) 27 juin 2024 : DotJS - Paris (France) 27-28 juin 2024 : Agi Lille - Lille (France) 4-5 juillet 2024 : Sunny Tech - Montpellier (France) 8-10 juillet 2024 : Riviera DEV - Sophia Antipolis (France) 6 septembre 2024 : JUG Summer Camp - La Rochelle (France) 6-7 septembre 2024 : Agile Pays Basque - Bidart (France) 17 septembre 2024 : We Love Speed - Nantes (France) 19-20 septembre 2024 : API Platform Conference - Lille (France) & Online 25-26 septembre 2024 : PyData Paris - Paris (France) 26 septembre 2024 : Agile Tour Sophia-Antipolis 2024 - Biot (France) 2-4 octobre 2024 : Devoxx Morocco - Marrakech (Morocco) 7-11 octobre 2024 : Devoxx Belgium - Antwerp (Belgium) 10 octobre 2024 : Cloud Nord - Lille (France) 10-11 octobre 2024 : Volcamp - Clermont-Ferrand (France) 10-11 octobre 2024 : Forum PHP - Marne-la-Vallée (France) 11-12 octobre 2024 : SecSea2k24 - La Ciotat (France) 16 octobre 2024 : DotPy - Paris (France) 17-18 octobre 2024 : DevFest Nantes - Nantes (France) 17-18 octobre 2024 : DotAI - Paris (France) 30-31 octobre 2024 : Agile Tour Nantais 2024 - Nantes (France) 30-31 octobre 2024 : Agile Tour Bordeaux 2024 - Bordeaux (France) 31 octobre 2024-3 novembre 2024 : PyCon.FR - Strasbourg (France) 6 novembre 2024 : Master Dev De France - Paris (France) 7 novembre 2024 : DevFest Toulouse - Toulouse (France) 8 novembre 2024 : BDX I/O - Bordeaux (France) 13-14 novembre 2024 : Agile Tour Rennes 2024 - Rennes (France) 21 novembre 2024 : DevFest Strasbourg - Strasbourg (France) 28 novembre 2024 : Who Run The Tech ? - Rennes (France) 3-5 décembre 2024 : APIdays Paris - Paris (France) 4-5 décembre 2024 : Open Source Experience - Paris (France) 22-25 janvier 2025 : SnowCamp 2025 - Grenoble (France) 16-18 avril 2025 : Devoxx France - Paris (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

Top labs use various forms of "safety training" on models before their release to make sure they don't do nasty stuff - but how robust is that? How can we ensure that the weights of powerful AIs don't get leaked or stolen? And what can AI even do these days? In this episode, I speak with Jeffrey Ladish about security and AI. Patreon: patreon.com/axrpodcast Ko-fi: ko-fi.com/axrpodcast Topics we discuss, and timestamps: 0:00:38 - Fine-tuning away safety training 0:13:50 - Dangers of open LLMs vs internet search 0:19:52 - What we learn by undoing safety filters 0:27:34 - What can you do with jailbroken AI? 0:35:28 - Security of AI model weights 0:49:21 - Securing against attackers vs AI exfiltration 1:08:43 - The state of computer security 1:23:08 - How AI labs could be more secure 1:33:13 - What does Palisade do? 1:44:40 - AI phishing 1:53:32 - More on Palisade's work 1:59:56 - Red lines in AI development 2:09:56 - Making AI legible 2:14:08 - Following Jeffrey's research   The transcript: axrp.net/episode/2024/04/30/episode-30-ai-security-jeffrey-ladish.html Palisade Research: palisaderesearch.org Jeffrey's Twitter/X account: twitter.com/JeffLadish   Main papers we discussed: - LoRA Fine-tuning Efficiently Undoes Safety Training in Llama 2-Chat 70B: arxiv.org/abs/2310.20624 - BadLLaMa: Cheaply Removing Safety Fine-tuning From LLaMa 2-Chat 13B: arxiv.org/abs/2311.00117 - Securing Artificial Intelligence Model Weights: rand.org/pubs/working_papers/WRA2849-1.html   Other links: - Llama 2: Open Foundation and Fine-Tuned Chat Models: https://arxiv.org/abs/2307.09288 - Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To!: https://arxiv.org/abs/2310.03693 - Shadow Alignment: The Ease of Subverting Safely-Aligned Language Models: https://arxiv.org/abs/2310.02949 - On the Societal Impact of Open Foundation Models (Stanford paper on marginal harms from open-weight models): https://crfm.stanford.edu/open-fms/ - The Operational Risks of AI in Large-Scale Biological Attacks (RAND): https://www.rand.org/pubs/research_reports/RRA2977-2.html - Preventing model exfiltration with upload limits: https://www.alignmentforum.org/posts/rf66R4YsrCHgWx9RG/preventing-model-exfiltration-with-upload-limits - A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html - In-browser transformer inference: https://aiserv.cloud/ - Anatomy of a rental phishing scam: https://jeffreyladish.com/anatomy-of-a-rental-phishing-scam/ - Causal Scrubbing: a method for rigorously testing interpretability hypotheses: https://www.alignmentforum.org/posts/JvZhhzycHu2Yd57RN/causal-scrubbing-a-method-for-rigorously-testing   Episode art by Hamish Doodles: hamishdoodles.com

We're breaking down the attack: how it works, how it was hidden, and why time was running out for the attacker.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.Support LINUX UnpluggedLinks:

Geofeed https://isc.sans.edu/forums/diary/Whois%20%22geofeed%22%20Data/30766/ Apple Updates https://support.apple.com/en-us/HT201222 Apple Bug https://gofetch.fail/ GitHub Copilot AutoFix https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/ Fortinet PoC https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/ Ivanti Standalone Sentry https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US

Geofeed https://isc.sans.edu/forums/diary/Whois%20%22geofeed%22%20Data/30766/ Apple Updates https://support.apple.com/en-us/HT201222 Apple Bug https://gofetch.fail/ GitHub Copilot AutoFix https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/ Fortinet PoC https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/ Ivanti Standalone Sentry https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US

[Referências do Episódio] CVE-2024-21378 — Remote Code Execution in Microsoft Outlook - https://www.netspi.com/blog/technical/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/  Microsoft Outlook Remote Code Execution Vulnerability - CVE-2024-21378 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21378  MASSIVE CYBERATTACKS HIT FRENCH GOVERNMENT AGENCIES - https://securityaffairs.com/160374/hacking/massive-cyberattacks-hit-french-government-agencies.html  French state services hit by 'intense' cyberattack, PM's office says - https://www.lemonde.fr/en/pixels/article/2024/03/11/french-state-services-hit-by-intense-cyberattack-pm-s-office-says_6608164_13.html  Guerra da Ucrânia muda comércio mundial de armas - https://www.dw.com/pt-br/guerra-da-ucr%C3%A2nia-muda-com%C3%A9rcio-mundial-de-armas/a-68487575  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Welcome to the latest episode of Storm⚡️Watch, where we delve into the most recent cybersecurity events and trends.  We are also joined by our friends at Trinity Cyber.  In this episode, we're excited to announce the arrival of TAGSMAS! This is a special event where we celebrate the power of tags in cybersecurity and how they can help us better understand and respond to threats. We start the show with the team over at Trinity Cyber, with an in-depth discussion about what they do and how they and GreyNoise partner to keep organizations (and humans) safe. The episode continues with a security bulletin from New Relic, who recently identified unauthorized access to their staging environment. This environment provides insights into customer usage and certain logs, but does not store customer telemetry and application data. The unauthorized access was due to stolen credentials and social engineering related to a New Relic employee account. The unauthorized actor used the stolen credentials to view certain customer data within the staging environment. Customers confirmed to be affected by this incident have been notified and given recommended next steps. Importantly, there is no evidence of lateral movement from the staging environment to customer accounts in the separate production environment or to New Relic's production infrastructure. Next, we discuss a phishing campaign targeting WordPress users. The campaign tricks victims into installing a malicious backdoor plugin on their site. The phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user's site with an identifier of CVE-2023-45124, which is not currently a valid CVE. The email prompts the victim to download a “Patch” plugin and install it. If the victim downloads the plugin and installs it on their WordPress site, the plugin is installed with a slug of wpress-security-wordpress and adds a malicious administrator user with the username wpsecuritypatch. The malicious plugin also includes functionality to ensure that this user remains hidden.  In our shameless self-promotion segment, we highlight some of our recent work at GreyNoise Labs. We've been busy analyzing and documenting various cybersecurity threats and trends, and we're excited to share our findings with you. Be sure to check out our latest posts on the GreyNoise blog and sign up for our Noiseletter to stay up-to-date with our latest research. We also discuss some recent vulnerabilities, including a Google Skia Integer Overflow Vulnerability (CVE-2023-6345), an ownCloud graphapi Information Disclosure Vulnerability (CVE-2023-49103), and two Apple Multiple Products WebKit vulnerabilities (CVE-2023-42917 and CVE-2023-42916). These vulnerabilities highlight the ongoing need for robust cybersecurity measures and the importance of staying informed about the latest threats. Finally, we discuss a recent CISA alert about the Iranian military organization IRGC. IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies. The authoring agencies urge all organizations, especially critical infrastructure organizations, to apply the recommendations listed in the Mitigations section of this advisory to mitigate risk of compromise from these IRGC-affiliated cyber actors. Thank you for joining us for this episode of Storm⚡️Watch. We look forward to bringing you more insights into the world of cybersecurity in our next episode. Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>    

On Security Now, Leo Laporte and Steve Gibson talk about two new vulnerabilities that were discovered in cURL, one rated as high severity allowing remote code execution and the other low severity affecting the library only. For the full episode, go to: https://twit.tv/sn/945 Hosts: Leo Laporte and Steve Gibson You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

On Security Now, Leo Laporte and Steve Gibson talk about two new vulnerabilities that were discovered in cURL, one rated as high severity allowing remote code execution and the other low severity affecting the library only. For the full episode, go to: https://twit.tv/sn/945 Hosts: Leo Laporte and Steve Gibson You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

On Security Now, Steve Gibson and Leo Laporte discuss how Exim servers contain critical remote code execution vulnerabilities that were irresponsibly disclosed by the vendor, leaving millions of servers exposed. For the full episode, visit twit.tv/sn/942 #Exim #Security #0-day Hosts: Leo Laporte and Steve Gibson You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

On Security Now, Steve Gibson and Leo Laporte discuss how Exim servers contain critical remote code execution vulnerabilities that were irresponsibly disclosed by the vendor, leaving millions of servers exposed. For the full episode, visit twit.tv/sn/942 #Exim #Security #0-day Hosts: Leo Laporte and Steve Gibson You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

Join us for a fictional tale of two security leaders—Sarah and Roger—and their contrasting approaches to zero-day crisis management.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

Join us for a fictional tale of two security leaders—Sarah and Roger—and their contrasting approaches to zero-day crisis management.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

GuLoader or BatLoader/Modiloader infection fro Remcos RAT https://isc.sans.edu/diary/GuLoader-%20or%20DBatLoader%20ModiLoader-style%20infection%20for%20Remcos%20RAT/29990 CVE-2023-26258 Remote Code Execution in Arcserve UDP Backup https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/ Sysmon Update https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36 Drone Security and Fault Injection Attacks https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html

GuLoader or BatLoader/Modiloader infection fro Remcos RAT https://isc.sans.edu/diary/GuLoader-%20or%20DBatLoader%20ModiLoader-style%20infection%20for%20Remcos%20RAT/29990 CVE-2023-26258 Remote Code Execution in Arcserve UDP Backup https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/ Sysmon Update https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36 Drone Security and Fault Injection Attacks https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html

Guest: Frankie ThomasOn ITSPmagazine  

Guest: Frankie ThomasOn ITSPmagazine  

The Vulkan papers offer a glimpse into Mr. Putin's cyber war room. The 3CXDesktopApp vulnerability and supply chain risk. A cross site scripting flaw in Azure Service Fabric Explorer can lead to remote code execution. Rob Boyce from Accenture Security on threats toEV charging stations. Our guest is Steve Benton from Anomali Threat Research, sharing a ‘less is more' approach to cybersecurity. And AlienFox targets misconfigured servers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/62 Selected reading. A Look Inside Putin's Secret Plans for Cyber-Warfare (Spiegel) Secret trove offers rare look into Russian cyberwar ambitions (Washington Post)  7 takeaways from the Vulkan Files investigation (Washington Post) ‘Vulkan files' leak reveals Putin's global and domestic cyberwarfare tactics (the Guardian) Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan (Mandiant) 3CX DesktopApp Security Alert - Mandiant Appointed to Investigate (3CX) Information on Attacks Involving 3CX Desktop App (Trend Micro) 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component  (SecurityWeek) There's a new supply chain attack targeting customers of a phone system with 12 million users (TechCrunch) Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) (Orca Security) Dissecting AlienFox | The Cloud Spammer's Swiss Army Knife (SentinelOne)

CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint Cybersecurity Advisory to provide IT infrastructure defenders with TTPs, IOCs, and methods to detect and protect against recent exploitation against Microsoft Internet Information Services web servers. AA23-074A Alert, Technical Details, and Mitigations AA23-074A STIX XML MAR-10413062-1.v1 Telerik Vulnerability in U.S. Government IIS Server Telerik: Exploiting .NET JavaScriptSerializer Deserialization (CVE-2019-18935) ACSC Advisory 2020-004 Bishop Fox CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI Volexity Threat Research: XE Group GitHub: Proof-of-Concept Exploit for CVE-2019-18935 Microsoft: Configure Logging in IIS GitHub: CVE-2019-18935 No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint Cybersecurity Advisory to provide IT infrastructure defenders with TTPs, IOCs, and methods to detect and protect against recent exploitation against Microsoft Internet Information Services web servers. AA23-074A Alert, Technical Details, and Mitigations AA23-074A STIX XML MAR-10413062-1.v1 Telerik Vulnerability in U.S. Government IIS Server Telerik: Exploiting .NET JavaScriptSerializer Deserialization (CVE-2019-18935) ACSC Advisory 2020-004 Bishop Fox CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI Volexity Threat Research: XE Group GitHub: Proof-of-Concept Exploit for CVE-2019-18935 Microsoft: Configure Logging in IIS GitHub: CVE-2019-18935 No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

The Security Squawk podcast discusses the recent surge of ransomware attacks and their impact on cybersecurity. The hosts talk about the clop ransomware group's breach of 130 organizations using a zero-day vulnerability in the Go Anywhere MFT secure file transfer tool, highlighting the risks associated with file transfer tools that are installed on servers managed by companies and exposed to the internet without proper patching and firewall configurations. The conversation also discusses a recent supply chain breach involving GoAnywhere MFT software, with up to 10-13% of servers compromised, and expresses concern over the vulnerability of these companies and the potential disconnect between security professionals and management. The article discusses multiple instances of cyber attacks on companies, including Pepsi Bottling Ventures, which was hit with malware that stole employees' personal information, and Nether Manufacturing, which was hit with ransomware. The article also mentions a new ransomware called Mortal Kombat that is targeting systems in the US and highlights the importance of proper security measures and not clicking on suspicious emails or files. The news segment reports on a series of ransomware attacks in the United States, including on a school, a city, a police network, and a property appraisal website. The lack of cybersecurity maturity in some organizations is noted, and the need for companies to undertake third-party assessments of their network is emphasized.

Exchange OWASSRF Exploited for Remote Code Execution https://isc.sans.edu/forums/diary/Exchange%20OWASSRF%20Exploited%20for%20Remote%20Code%20Execution/29374/ ksmbd Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-22-1690/ LastPass Incident Update https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Exchange OWASSRF Exploited for Remote Code Execution https://isc.sans.edu/forums/diary/Exchange%20OWASSRF%20Exploited%20for%20Remote%20Code%20Execution/29374/ ksmbd Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-22-1690/ LastPass Incident Update https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

OpenSSL patches two vulnerabilities. CISA and election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. Business email compromise and gift cards. Tim Starks from the Washington Posts' Cybersecurity 202 has the latest on election security. A visit to the CyberWire's Women in Cyber Security event. And consequences for Raccoon Stealer from the war in Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/211 Selected reading. OpenSSL patched today. (CyberWire) OpenSSL Releases Security Update (CISA)  OpenSSL releases fixes for two ‘high' severity vulnerabilities (The Record by Recorded Future) OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway! (Naked Security) Threat Advisory: High Severity OpenSSL Vulnerabilities (Cisco Talos Blog) OpenSSL Vulnerability Patch Released (Sectigo® Official) Clearing the Fog Over the New OpenSSL Vulnerabilities (Rezilion) OpenSSL vulnerability CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) Check Point Research Update (Check Point Software) Undisclosed OpenSSL vulnerability: Free scripts for target scoping (Lightspin) Discussions of CISA's part in elections and the JCDC. (CyberWire) U.S. Treasury thwarted attack by Russian hacker group last month-official (Reuters)  XDR data reveals threat trends. (CyberWire) What happens to a gift card given to a scammer? (CyberWire) How Russia's war in Ukraine helped the FBI crack one of the biggest cybercrime cases in years (MarketWatch)

### La rubrique de l'indien* CVE-2021-44521 – Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution -> https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/### Cloud* AWS devriendrait-il gentil? -> https://www.elastic.co/blog/elastic-and-amazon-reach-agreement-on-trademark-infringement-lawsuit* AWS devriendrait-il gentil? -> https://venturebeat.com/2022/03/15/mongodb-and-aws-go-deep-to-help-customers-move-to-the-cloud/### Cloud Native* Kubernetes is complex because you want complex things -> https://home.robusta.dev/blog/kubernetes-is-complex-because-you-want-complex-things/* Programming languages: Go just received its biggest update ever -> https://www.zdnet.com/article/programming-languages-go-just-received-its-biggest-update-ever/* Introducing the Next Generation of K8ssandra! -> https://k8ssandra.io/blog/announcements/release/introducing-the-next-generation-of-k8ssandra/### Machine Learning* Accelerating Edge AI -> https://www.mythic-ai.com/### GDPR for ever* Google Analytics et la CNIL : le décryptage de Converteo -> https://converteo.com/blog/google-analytics-et-la-cnil-le-decryptage-de-converteo/### Search engines & databases* Fugue and DuckDB: Fast SQL Code in Python -> https://towardsdatascience.com/fugue-and-duckdb-fast-sql-code-in-python-e2e2dfc0f8eb* DuckDB with Hannes Muleisen - Software Engineering Daily -> https://softwareengineeringdaily.com/2022/03/18/duckdb-with-hannes-muleisen/* 10 Quick SQL Tips After Writing Daily in SQL for 3 Years -> https://towardsdatascience.com/10-quick-sql-tips-after-writing-daily-in-sql-for-3-years-37bdba0637d0### Tip of the "Week"* Sha256 Algorithm Explained -> https://sha256algorithm.com/### Orateurs* Vincent : [@vhe74](https://twitter.com/vhe74), [Affini-Tech](https://trkit.io/s/BDHSPOAFFINI) et [Datatask](https://trkit.io/s/BDHSPODTSK)* Jérôme : [@jxerome](https://twitter.com/jxerome) et [Zeenea](https://www.zeenea.com)* Alexander : [@alexanderdeja](https://twitter.com/alexanderDeja)### SponsorsCette publication est sponsorisée par [Affini-Tech](https://trkit.io/s/BDHSPOAFFINI) et [CerenIT](https://trkit.io/s/BDHSPOCERE).[CerenIT](https://trkit.io/s/BDHSPOCERE) vous accompagne pour concevoir, industrialiser ou automatiser vos plateformes mais aussi pour faire parler vos données temporelles. Ecrivez nous à contact@cerenit.fr et retrouvez-nous aussi sur [Time Series France](https://trkit.io/s/BDHSPOTSFR).Affini-Tech vous accompagne dans tous vos projets Cloud et Data, pour Imaginer, Expérimenter et Executer vos services ! [Affini-Tech](https://trkit.io/s/BDHSPOAFFINI), La plateforme [Datatask](https://trkit.io/s/BDHSPODTSK) pour accélérer vos services Data et IA.On recrute ! Venez cruncher de la data avec nous ! Ecrivez nous à recrutement@affini-tech.com Le générique a été composé et réalisé par Maxence Lecointe.

In today's podcast we cover four crucial cyber and technology topics, including: 1.VMware flaw being exploited by criminals 2.Rarible flaw allowed theft of users NFTs 3.Microsoft takes down Zloader 4.OldGremlin ransomware targets Russian mining company I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/pwning-wd-nas-netgear-routers-and-overflowing-kernel-pages.html Plenty of exploit strategy talk this week with vulnerabilities and complete exploits targeting a NAS, a router, and a Linux Kernel module with a page-level overflow. [00:00:26] Spot the Vuln - Normalized Regex [00:01:52] Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121) [00:07:10] Defeating the Netgear R6700v3 [00:18:36] Exploit esp6 modules in Linux kernel [CVE-2022-27666] [00:27:17] Racing against the clock -- hitting a tiny kernel race window The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/facebook-exploits-pfsense-rce-and-mysqljs-sqli.html A few interesting issues you this week, a JS race condition in some auth related code for Facebook, some fake prepared queries, and a RCE through sed commands (in pfSense) [00:00:56] Remote Code Execution in pfSense (2.5.2 and earlier) [00:06:13] Finding an Authorization Bypass on my Own Website [00:17:43] More secure Facebook Canvas Part 2: More Account Takeovers [00:32:43] The perils of the “real” client IP The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

Ukrainian tech companies https://www.fastcompany.com/90725211/ukraine-tech-companies Grammarly, Readdle, MacPaw, many indie developers, and contracting/outsourcing outfits People around the world are booking Airbnbs in Ukraine. They don't plan to check in https://www.cnn.com/travel/article/ukraine-airbnb-donations-cec/index.html Nvidia Confirms Company Data Was Stolen in Hack https://www.pcmag.com/news/nvidia-confirms-company-data-was-stolen-in-hack https://techcrunch.com/2022/03/01/nvidia-hackers-leak-ransomware/ DARVO: https://en.wikipedia.org/wiki/DARVO $50/month to plug a mystery box into your home network: https://twitter.com/jackrhysider/status/1498780187776933888 The Register survey on zero-trust https://www.theregister.com/2022/03/03/reg_reader_survey_zero_trust_results/ EU, US close to replacing defunct Privacy Shield II https://www.theregister.com/2022/03/02/new_hope_for_privacy_shield/ A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html Apple “Peek Performance” event https://www.tomsguide.com/news/apple-event Recommendations Dominic Notes From The Burning Age, by Claire North https://text.npr.org/1018496548 Zack Wordle - https://www.nytimes.com/games/wordle/index.html Worldle - https://worldle.teuteuf.fr Airportle - https://airportle.scottscheapflights.com Follow the show on Twitter @Roll4Enterprise or on our LinkedIn page. Theme music by Renato Podestà. Please send us suggestions for topics and/or guests for future episodes!

1+ Million WordPress sites affected by vulnerabilities that could lead to remote code execution attackshttps://www.searchenginejournal.com/wordpress-vulnerability-in-essential-addons-for-elementor/436179/Webcology named as one of the 15 top SEO podcastshttps://ahrefs.com/blog/best-seo-podcasts/New Google Partners Program: After nearly two years, the new Partners program requirements have taken effect and Google will notify all Partners of their current status.https://www.seroundtable.com/new-google-partners-program-32867.htmlFacebook lost users for first time in a decade. Stock declined by 22%Support this podcast at — https://redcircle.com/webcology/exclusive-contentAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

Remote Code Execution in log4j2 https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/ Log4j Zero Day https://www.lunasec.io/docs/blog/log4j-zero-day/ Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/ Log4Shell Vendor Bulletins https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

Hikvision Security Cameras Potentially Exposed to Remote Code Execution https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/ Detecting PAM Backdoors https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/ Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem https://dl.acm.org/doi/pdf/10.1145/3460120.3484768 CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/

More Weirdness on TCP Port 26 https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/ Microsoft Pulls Servicing Stack Update https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/ Network Monitoring Company Centreon Compromised https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf SHAREit Flaw Could Lead to Remote Code Execution https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html VSCode NPM Extension RCE https://github.com/jackadamson/CVE-2021-26700