Brief #40: APT Hacks US Pharmacies, Apple Shortcuts Flaw

US pharmacies hit by nation-state cyberattack, Apple Shortcuts vulnerability, Microsoft's PyRIT for AI security, SSH-Snake exploited, LockBit disrupted.

‚ÄĘ 6 min read
mandos brief week 8 of 2024, nikoloz kokhreidze

Hey there,

Happy Sunday!

I was thinking about how I could create more value for you.

I would like to experiment with the new, expanded format covering a larger area of cybersecurity. Going forward I will share with you not only news but also security tools, cybersecurity startups, and other content I discover during the week.

Let me know in the comments if you prefer this format.

Now let's dive in:

ūüö® This Week in Cybersecurity

Nation-State Hackers Disrupt US Pharmacies Through Cyberattack on Change Healthcare

Apple Shortcuts Vulnerability Exposes Sensitive Information

Microsoft Launches PyRIT: A Framework for Red Teaming Generative AI Systems

Cybercriminals Exploit Open-Source SSH-Snake for Advanced Network Intrusions

LockBit Ransomware Disruption and Bounty Efforts

ūüĒ¨ Security Tools

CredMaster - An advanced password spraying tool, improving upon CredKing, featuring IP address rotation via FireProx APIs for anonymity and to avoid throttling.

Linkedin2username - OSINT tool for generating username lists for companies on LinkedIn.

Koadic - COM Command & Control JScript RAT for post-exploitation scenarios.

Mandos Brief GPT

Analyze any cybersecurity topic 100 times faster by focusing on key takeaways and zero noise.

Try it out!

ūüöÄ Startup Watch

BugProve has unveiled an on-premise firmware analysis and vulnerability management platform tailored for the Internet of Things (IoT). The platform is designed to automate the detection of vulnerabilities in firmware, providing an essential tool for securing IoT devices.

Dapple Security, has raised $2.3 million in a pre-seed funding round. The company is pioneering a passwordless solution using biometrics to prevent cyber attacks, offering a unique approach that allows the creation of revocable, reproducible digital credentials without storing biometric data.

CrowdStrike and AWS have teamed up to launch a Cybersecurity Startup Accelerator for EMEA startups. The program selected 22 startups from a vast pool of applicants to receive mentorship, technical expertise, partnership opportunities, and potential funding.

ūüď° From Cyberspace

Researchers have demonstrated that large language models (LLMs) in particular Chat GPT 4 can autonomously hack websites by performing complex tasks without prior knowledge of vulnerabilities.

Cisco is offering free training and certifications for those looking to learn cybersecurity.

Signal finally added usernames to their platform, adding extra layer of privacy.

Apple introduces post-quantum encryption for iMessage.

‚≠źÔłŹ 3 Ways I Can Help You

  1. Work with me. I love helping people! Let's discuss your challenges, career, or ask me anything about cybersecurity in 25 minutes.
  2. Explore solutions with me. Need cybersecurity strategy and execution for your startup or scale-up? Let's achieve tangible outcomes together.
  3. Looking for something different? Reach out.

That's a wrap for this week!

Enjoying the read? Share it with your connections who'd love it too.



Share This Post

Check out these related posts

Brief #51: VPN Decloaking Attack, Azure Health Bot Vulnerabilities, CISO Dissatisfaction, and Incident Response Challenges

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 8 min read

Brief #50: Postman API Credential Leaks, DHS AI Threat Guidelines, Effective Risk Communication, Cybersecurity Analyst Insights

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 8 min read

Brief #49: Palo Alto XDR Exploit, GPT-4 Vulnerability Exploitation, CISO Insights, and Top Cybersecurity Courses

  • Nikoloz Kokhreidze
by Nikoloz Kokhreidze | | 7 min read