News
Hi folks,
I hope you're all having a great Friday! And are looking forward to a great weekend :-)
It's busy-busy on my end, we're working on moving house and good gawd that's a lot of work. But it's always nice to sit back and read through the latest news, and see what jumps out to me. Here's hoping you enjoy the result :-)
Have a good one!
Apple fixes zero-day exploited in 'extremely sophisticated' attacks
Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and sophisticated attacks. The attack apparently disables USB Restricted Mode, which is a feature where USB data connections are blocked when the device has been locked for over an hour.
Massive brute force attack uses 2.8 million IPs to target VPN devices
That's an impressive scale to perform brute force password attacks on. The Shadowserver Foundation says that it's been going on since last month.
whoAMI attacks tricks you into using malicious AMI's
It's possible to publish an AMI with the same AMI ID as another, just with a different owner ID, but not everyone checks the owner ID. Especially scripts or Terraform code, set to "most_recent=true", will pick the most recently published AMI with the right AMI ID. It might be good to check your infrastructure to see if you use the right AMI's, and to make use of the new "Allowed AMI's" allowlist feature.
New hack uses prompt injection to corrupt Gemini’s long-term memory
Indirect prompting is when, for example, the article you're asking the AI to summarize contains a malicious instruction that triggers it to do something you didn't want. This can lead to direct, or delayed actions, like sending an email with sensitive content to an attacker. Or, apparantly, manipulate the "long-term memory" of the AI to set some context that it will use in all subsequent conversations, leading to all sorts of malicious control over what you do or read in the future. Fascinating stuff.
DOGE as a national cyberattack - Schneier on Security
When Bruce Schneier talks, one tends to listen. He writes about how the recent DOGE actions are extremely concerning from an infosec perspective.
Quick links
- US health system notifies 882,000 patients of August 2023 breach: link.
- Salt Typhoon remains active, hits more telecom networks via Cisco routers: link.
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws: link.
- Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster: link.
- Trump picks Sean Cairncross for national cyber director: link.
1Password for developers: secrets, SSH keys, and more
I don't think most developers realise how valuable 1Password can be. It doesn't just hold passwords, it also hold your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)