Category: hacks
A security use case for ChatGPT: Email Scam Robo Judge
I have been noodling around with ChatGPT recently and have found a nice little use case that I hope someone with more coding skills and…
Leaking company secrets via generative AIs like ChatGPT
For a third party, knowing what people from company X are asking of ChatGPT (or any other generative AI) could be quite interesting and profitable…
Hunting for secrets on GitHub
We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.
LinkedIn and LOLBINs
Yet another example of how LinkedIn can be abused by the bad guys… a phishing campaign which used job titles scraped from user profiles to…
It could happen to anyone…
The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is…
The elusive USB drive attack
Stories of hackers attacking companies by dropping malware infected USB flash drives in the firm’s parking lot are a standard infosec cautionary tale – don’t…
Living off the land – EFS Ransomware
Attackers have responded to improved security against malware in Windows environments by “living off the land” (LOTL) – using the tools already present in the…
Aging reports – new ammo for attackers
Another reminder that attackers are getting more sophisticated and taking the time to learn about their victims and their business processes before launching their phishing…
Juice Jacking – meh!
Lately, I have been seeing a number of posts and articles warning us all not to use publicly available USB charging points due to the…
Snail mail hacking
Some of the most effective hacks don’t require the attacker to touch your computer. This article from Flashpoint provides some insight into how criminals are…