Brief

Brief #40: APT Hacks US Pharmacies, Apple Shortcuts Flaw

US pharmacies hit by nation-state cyberattack, Apple Shortcuts vulnerability, Microsoft's PyRIT for AI security, SSH-Snake exploited, LockBit disrupted.

6 min read
mandos brief week 8 of 2024, nikoloz kokhreidze

Hey there,

Happy Sunday!

I was thinking about how I could create more value for you.

I would like to experiment with the new, expanded format covering a larger area of cybersecurity. Going forward I will share with you not only news but also security tools, cybersecurity startups, and other content I discover during the week.

Let me know in the comments if you prefer this format.

Now let's dive in:

🚨 This Week in Cybersecurity

Nation-State Hackers Disrupt US Pharmacies Through Cyberattack on Change Healthcare

Apple Shortcuts Vulnerability Exposes Sensitive Information

Microsoft Launches PyRIT: A Framework for Red Teaming Generative AI Systems

Cybercriminals Exploit Open-Source SSH-Snake for Advanced Network Intrusions

LockBit Ransomware Disruption and Bounty Efforts

🔬 Security Tools

CredMaster - An advanced password spraying tool, improving upon CredKing, featuring IP address rotation via FireProx APIs for anonymity and to avoid throttling.

Linkedin2username - OSINT tool for generating username lists for companies on LinkedIn.

Koadic - COM Command & Control JScript RAT for post-exploitation scenarios.

Mandos Brief GPT

Analyze any cybersecurity topic 100 times faster by focusing on key takeaways and zero noise.

Try it out!

🚀 Startup Watch

BugProve has unveiled an on-premise firmware analysis and vulnerability management platform tailored for the Internet of Things (IoT). The platform is designed to automate the detection of vulnerabilities in firmware, providing an essential tool for securing IoT devices.

Dapple Security, has raised $2.3 million in a pre-seed funding round. The company is pioneering a passwordless solution using biometrics to prevent cyber attacks, offering a unique approach that allows the creation of revocable, reproducible digital credentials without storing biometric data.

CrowdStrike and AWS have teamed up to launch a Cybersecurity Startup Accelerator for EMEA startups. The program selected 22 startups from a vast pool of applicants to receive mentorship, technical expertise, partnership opportunities, and potential funding.

📡 From Cyberspace

Researchers have demonstrated that large language models (LLMs) in particular Chat GPT 4 can autonomously hack websites by performing complex tasks without prior knowledge of vulnerabilities.

Cisco is offering free training and certifications for those looking to learn cybersecurity.

Signal finally added usernames to their platform, adding extra layer of privacy.

Apple introduces post-quantum encryption for iMessage.

⭐️ 3 Ways I Can Help You

  1. Work with me. I love helping people! Let's discuss your challenges, career, or ask me anything about cybersecurity in 25 minutes.
  2. Explore solutions with me. Need cybersecurity strategy and execution for your startup or scale-up? Let's achieve tangible outcomes together.
  3. Looking for something different? Reach out.

That's a wrap for this week!

Enjoying the read? Share it with your connections who'd love it too.

Best,

Nikoloz

Share This Post

Check out these related posts

Brief #77: PAN-OS Vulnerability, Google's AI Finds SQLite Bug, AWS Cert Tops Pay List

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #76: 19M Records Exposed, AI Generates 25% of Code, CrowdStrike Lawsuit

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read

Brief #75: Fortinet Zero-Day, Agentic AI Risks, Growring Strategic Influence of CISOs

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 9 min read