Squire1039

Vulnerabilities:

CVE-2023-52160 (wpa_supplicant) and CVE-2023-52161 (Intel's iNet Wireless Daemon) allow attackers to:

• Trick users into joining fake Wi-Fi networks: Attackers can create malicious clones of legitimate networks and steal user data.
• Gain unauthorized access to secure Wi-Fi networks: Attackers can join password-protected networks without needing the password, putting devices and data at risk.

Affected devices:

• CVE-2023-52160: Android devices using wpa_supplicant versions 2.10 and prior (requires specific configuration).
• CVE-2023-52161: Linux devices using iNet Wireless Daemon versions 2.12 and lower (any network using a Linux access point).

Mitigation:

• Update your Linux distribution and ChromeOS (version 118 or later).
• Android fix not yet available, but manually configure CA certificate for any saved enterprise networks as a temporary workaround.

Exploitation:

• Attacker needs SSID and physical proximity for CVE-2023-52160.
• CVE-2023-52161 requires no special knowledge, affecting any vulnerable network.

Links:

• Research article: https://www.top10vpn.com/research/wifi-vulnerabilities/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52160
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52161

Target: Businesses using Email Service Providers (ESPs) like SendGrid to send email campaigns, and the receivers of the emails

Method:

• Gain access to an ESP account: This could be through hijacking a legitimate account or other means.
• Send phishing emails through the ESP: These emails pose as legitimate messages from the ESP, urging users to update security settings (e.g., enable 2FA).
• Use spoofed links: The links in the email appear to point to the ESP's domain, bypassing usual phishing red flags.
• Redirect to fake login page: Clicking the link leads to a website resembling the ESP's login page, designed to steal user credentials.

Why it's dangerous:

• Increased trust: Users are more likely to open emails appearing to come from a familiar ESP.
• Bypassing safeguards: Spoofed links and redirection make it harder to detect the scam.

Models pose for photos next to a vehicle at the 40th Thailand International Motor Expo 2023, held at the Impact Challenger halls, Muang Thong Thani, Nonthaburi, in November last year. (Photo: Pattarapong Chatpattarasill)

From: https://www.bangkokpost.com/business/motoring/2746039

Scientists at Princeton University have developed an AI model that can predict and prevent plasma instabilities, a major hurdle in achieving practical fusion energy.

Key points:

• Problem: Plasma escaping containment in donut-shaped tokamak reactors disrupts fusion reactions and damages equipment.
• Solution: AI model predicts instabilities 300 milliseconds before they happen, allowing for adjustments to keep plasma contained.
• Significance: This is the first time AI has been used to proactively prevent tearing instabilities in fusion experiments.
• Future: Researchers hope to refine the model for other reactors and optimize fusion reactions.

Key Points:

• 1Password, a password management software company, has acquired Kolide, an endpoint security platform.
• This move expands 1Password's security offerings beyond passwords, addressing the challenges of securing devices in a hybrid work environment.
• Kolide's platform uses real-time device health checks to grant or block access to company applications, preventing unauthorized access attempts.
• The acquisition strengthens 1Password's position in the growing endpoint security market
• This is 1Password's third acquisition in recent years

Additional Details:

• Kolide boasts customers like Databricks, Robinhood, and Discord.
• This acquisition follows 1Password's successful 2023, exceeding $250 million in annual recurring revenue and a multibillion-dollar valuation.
• 1Password plans to add 250 jobs this year

“1Password has focused on giving businesses the tools they need to make it easy for employees to keep their passwords secure,” Shiner added. “Kolide extends this ability further to make it easy for employees to keep their devices secure.

Summary:

• The February 2024 update for Windows 11 and 10 is causing issues for some users, causing the taskbar to disappear or malfunction.
• This affects both Windows 10 KB5034763 and Windows 11 KB5034765 updates.
• Symptoms include missing Windows icons, pinned apps not loading, delays in login, and the complete disappearance of the taskbar.
• Uninstalling the update is possible but not recommended due to security fixes included.
• Restarting File Explorer, DISM, SFC, and even registry tweaks haven't solved the issue consistently.
• Some users report success with reinstalling the update or creating a new user account, but these solutions may not work for everyone.
• Microsoft is aware of the issue and investigating.

Summary

This research, conducted by Microsoft and OpenAI, focuses on how nation-state actors and cybercriminals are using large language models (LLMs) in their attacks.

Key findings:

• Threat actors are exploring LLMs for various tasks: gathering intelligence, developing tools, creating phishing emails, evading detection, and social engineering.
• No major attacks using LLMs were observed: However, early-stage attempts suggest potential future threats.
• Several nation-state actors were identified using LLMs: Including Russia, North Korea, Iran, and China.
• Microsoft and OpenAI are taking action: Disabling accounts associated with malicious activity and improving LLM safeguards.

Specific examples:

• Russia (Forest Blizzard): Used LLMs to research satellite and radar technologies, and for basic scripting tasks.
• North Korea (Emerald Sleet): Used LLMs for research on experts and think tanks related to North Korea, phishing email content, and understanding vulnerabilities.
• Iran (Crimson Sandstorm): Used LLMs for social engineering emails, code snippets, and evading detection techniques.
• China (Charcoal Typhoon): Used LLMs for tool development, scripting, social engineering, and understanding cybersecurity tools.
• China (Salmon Typhoon): Used LLMs for exploratory information gathering on various topics, including intelligence agencies, individuals, and cybersecurity matters.

Additional points:

• The research identified eight LLM-themed TTPs (Tactics, Techniques, and Procedures) for the MITRE ATT&CK® framework to track malicious LLM use.

Highlights:

• Rakuten Drive offers free 10GB storage and unlimited file transfers, unlike competitors.
• Integrates with Microsoft 365 for document viewing and editing.
• Targets both individuals and businesses with separate plans.
• Paid "PRO" version increases storage to 1TB, allows bigger file uploads, and extends transfer link expiration.
• Future integration with Rakuten's loyalty program planned.

Interest Points

• DNA analysis confirms hepatitis B as major cause of death, not lead poisoning.
• Drinking and genetic factors likely contributed to liver disease.
• Prior lead poisoning study used woman's hair previously attributed to Beethoven
• Hearing loss and gut problems remain unexplained.
• DNA suggests potential extramarital activity in paternal lineage between the conception of Hendrik van Beethoven in Kampenhout, Belgium in c.1572 and the conception of Ludwig van Beethoven seven generations later in 1770, in Bonn, Germany.

Key points:

• FTC has won numerous cases against deceptive practices, like fake apartment listings and online reviews.
• Fines levied against companies like Epic, Microsoft, and Amazon for privacy violations and exploiting children.
• Tackling anti-competitive mergers like Nvidia-ARM and private equity rollups.
• Pushing for Right to Repair, Click to Cancel, and combating deceptive UI ("dark patterns").
• Collaborating with DOJ on new merger guidelines and reviving dormant laws.
• Increased enforcement activity deters anti-competitive behavior across sectors.

Overall message:

• Contrary to negative portrayals, the FTC is actively pursuing and winning cases against corporate abuses.
• Their actions have broader positive impacts beyond individual wins, deterring harmful behavior and inspiring global action.

Comments

I guess "secure" doesn't mean what it means. Maybe secure, open, audited, and transparent would be better.

Key Points:

• U.S. Internet, an internet service provider with a secure email service offering, exposed years of internal and customer emails online.
• The leak included emails dating back to 2008, affecting thousands of customers and employees, including government agencies.
• The cause was a misconfigured security setting, reportedly due to a mistake by a former employee.
• The company has not disclosed the duration of the leak or how many users were affected.
• Security experts criticize the lack of transparency and urge regulators to investigate.

Additional Information:

• The leak include internal emails of every U.S. Internet and subsidiary USI Wireless employees.
• Hackers exploited a U.S. Internet service to redirect users to malicious websites.
• U.S. Internet hasn't responded to inquiries about the incident or implemented public disclosures.

Overall:

This data breach highlights the importance of robust security measures and transparency in protecting sensitive information. The large-scale exposure of emails raises concerns about potential damage to individuals and organizations, while the company's response is seen as inadequate by experts. Further investigation and stricter regulations may be necessary to address such security failures.