Handler on Duty: Didier Stevens
Threat Level: green
Podcast Detail
Honeypot Lesons; TeamViewer Compromise; Fortra File Catalyst Vuln/PoC; GitLab Update; Vanna.AI RCE;
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://chrt.fm/track/2748D7/https://traffic.libsyn.com/securitypodcast/9040.mp3
My Next Class
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Interested in Internet Storm Center stickers? Check here if there are still some available for today.
What Setting Live Traps For Cybercriminals Taught Me About Security
https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038
TeamViewer Compromise
https://www.teamviewer.com/en-us/resources/trust-center/statement/
Fortra File Catalyst Vulnerability and PoC
https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
https://www.tenable.com/security/research/tra-2024-25
GitLab Critical Update
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/
https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038
TeamViewer Compromise
https://www.teamviewer.com/en-us/resources/trust-center/statement/
Fortra File Catalyst Vulnerability and PoC
https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
https://www.tenable.com/security/research/tra-2024-25
GitLab Critical Update
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/
Discussion
Yesterday I had an attack on my new website https://worterbedeutung.de/ , but thanks to your tips I resolved the issues quickly
Posted by hominus on Fri Jul 05 2024, 09:55
New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Network Monitoring and Threat Detection In-Depth | Baltimore | Mar 3rd - Mar 8th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Apr 13th - Apr 18th 2025 |