Notice: FY2024 is available on GumRoad.
Highlights
🛡️ False Security: Common tools ineffective.
💳 26M Devices: Bank cards leaked.
🤖 OpenAI Safety: Iterative deployment.
🏢 NTT Breach: 18,000 companies hit.
🔑 LastPass Hack: $150M crypto theft.
Deep Dive:
🛡️ A False Sense Of Security: 18 tools Forbes
Antivirus failed for advanced actacks.
“Security Through Obscurity” is weak.
SMS 2FA is vulnerable to SIM swapping.
Password rotation leads to unsafe storage.
Reactive tools miss zero-day attacks.
Heads-up: Regularly audit your security stack.
Related: Google removes SMS 2FA.
💳 26 Mil. Devices: Bank Cards to Dark Web Forbes
26 million devices compromised in 23-24.
2 million unique bank cards leaked.
1 in 14 infections leads to card theft.
Redline malware accounts for 34% infections.
RisePro saw surge from 1.4% to 23%.
Heads-up: FACTORY DATA reset.
🤖 ChatGPT safety and alignment OpenAI
AGI is iterative “ a series of systems of increasing usefulness”.
Safety is science “mitigate the negative AI impacts”.
Failure: Misuse, Misalignment, Disruption.
Defense: Stack intervention create safety redundancy.
Advance safety: Collaboration effort.
Heads-up: Follow our newsletter to have the latest news.
🏢 Data breach hits 18k companies BleepingComputer
17,891 corporate customers affected.
Order Information Distribution Systems.
Exposed name, representative’s contact and info.
Breach discovered February 5, 2025.
12-hr DDoS attack on January 2, 2025.
May 2020: Hundreds of customers info stolen.
Heads-up: Ensure incident response plans are up-to-date and tested regularly.
🔑 Crypto hack to LastPass security breach Krebs On Security
$150 million crypto theft from Ripple Co-founder.
213 million XRP tokens stolen.
$250 million total losses from LastPass breach.
$4.2 million XRP frozen by Binance.
2.7 billion XRP held in Larsen's addresses.
Heads-up: Increase Security awareness and training.
FOLLOW-UP
⚠️ Microsoft outage and more The registers Mar 03
Outlook is out-aged until today for iOS.
Storm-0408 SecurityWeek
Report: target illegal online streaming.
Malvertising redirectors led to Microsoft-owned platforms.
Stole Github permissions and compromised systems.
Run keys and added a shortcut in the Startup.
Identified and revoked 12 different certificates.
Silk Typhoon Micrsoft Security
Stole API keys to have accesses.
Customers/tenants of the initially compromised company.
Targeted devices via an admin account.
ZERO DAY exploitation.
✉️ PayPal Scam Forbes Mar 03
Use Docusign for phishing.
From service.paypal@gmail.com.
API bypasses email security.
Stole login credentials.
Docusign closes accounts in 24 hours.
Report unauthorized payments to PayPal.
Share this post