The Hackle Box
112 FOLLOWERS
The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information security industry involving hacking techniques, vulnerabilities, exploits, and more.
The Hackle Box
3w ago
The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss AI-written malware, XZ Utils, and attackers targeting hospital IT help desks.
Links:
XZ Utils scare
https://www.darkreading.com/application-security/xz-utils-scare-exposes-hard-truths-in-software-security
Change Healthcare hit with cyber extortion (again)
https://www.infosecurity-magazine.com/news/change-healthcare-double-cyber/
Health Department warns attackers targeting IT help desks https://www.bleepingcompu ..read more
The Hackle Box
1M ago
The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss security risks in ChatGPT plugins, a major flaw in Google's Gemini AI, typosquatting, and a worldwide vishing epidemic.
Links:
ChatGPT Plugin Security
https://www.infosecurity-magazine.com/news/security-risks-chatgpt-plugins/
Gemini AI Vulnerability
https://www.darkreading.com/cyber-risk/google-gemini-vulnerable-to-content-manipulation-researchers-say
Worldwide Vishing Epidemic
https://www.darkreading.com/endpoint-se ..read more
The Hackle Box
3M ago
The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss compromised job boards where millions of resumes were stolen, AnyDesk's actions post-hack, an exploited SSRF flaw in Ivanti, and more.
Links:
Millions of resumes stolen via exploited job boards https://thehackernews.com/2024/02/hackers-exploit-job-boards-in-apac.html
AnyDesk resets passwords/revokes certificates after hack https://techcrunch.com/2024/02/05/remote-access-giant-anydesk-resets-passwords-and-revokes-certif ..read more
The Hackle Box
3M ago
Oscar, Eric, and Pinky are back with another session of the Hackle Box—a monthly conversation between the information security experts about new and noteworthy exploits.
Discussed this month
Do's and don'ts of SIEM implementation
The recent Dragos incident
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-dragos-discloses-cybersecurity-incident-extortion-attempt/
Please follow us on social!
Facebook: https://www.facebook.com/frsecure/
Twitter: https://twitter.com/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frs ..read more
The Hackle Box
4M ago
The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss the reduced cybersecurity funding observed in 2023 as well as new vulnerabilities, patches, and more.
Links:
Cybersecurity Funding Reduced
https://www.securityweek.com/cybersecurity-funding-dropped-40-in-2023-analysis/
Critical Flaws in Windows Kerberos and Hyper-V
https://securityweek.com/microsoft-ships-urgent-fixes-for-critical-flaws-in-windows-kerberos-hyper-v/
Pikabot Malware
https://www.darkreading.com/cyberatt ..read more
The Hackle Box
4M ago
The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss common social engineering attacks carried out around the holidays when key team members are out of the office or organizations are shut down for seasonal breaks.
Links
Social Engineering
https://thehackernews.com/2023/12/hacking-human-mind-exploiting.html
Cisco IOS XE Vuln Exploitation
https://www.securityweek.com/exploitation-of-recent-cisco-ios-xe-vulnerabilities-spikes/
Sierra:21 Attacks
https://thehackernews.com/2 ..read more
The Hackle Box
4M ago
The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time around, they discuss recent vulnerabilities in Confluence and Apache ActiveMQ.
Follow us on social!
Facebook: https://www.facebook.com/frsecure/
Twitter: https://twitter.com/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure/
About FRSecure - https://frsecure.com/
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our tea ..read more
The Hackle Box
4M ago
The guys are back for a special, Friday the 13th episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time around, we're getting in the spooky spirit and telling scary stories from real-life IR cases. ?
Please like, subscribe, and follow us on social!
Facebook: https://www.facebook.com/frsecure/
Twitter: https://twitter.com/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure ..read more
The Hackle Box
4M ago
Oscar and Pinky are back for this month's session of the Hackle Box—a monthly conversation between the information security experts about new and noteworthy exploits.
DISCUSSED THIS MONTH:
Scattered Spider (MGM attack)
https://hackdojo.io/articles/E59P05LKQ/-scattered-spider-behind-mgm-cyberattack-targets-casinos
Caesers confirms ransomware
https://hackdojo.io/articles/73WL5VP9N/caesars-confirms-ransomware-hack-stolen-loyalty-program-database
MGM hackers branching out
https://hackdojo.io/articles/AEWED5DK7/mgm-hackers-broadening-targets-monetization-strategies
UNC3944 Smishing Ransomware
h ..read more
The Hackle Box
4M ago
Eric and Pinky are back with another session of the Hackle Box—a monthly conversation between the information security experts about new and noteworthy exploits.
Discussed this month
DEFCON Recap
EvilProxy campaign
https://www.techrepublic.com/article/evilproxy-phishing-attack/
QR Codes used for credential theft
https://www.darkreading.com/attacks-breaches/qr-code-phishing-campaign-targets-top-u-s-energy-company
AI stealing passwords, listening to keystrokes
https://www.darkreading.com/attacks-breaches/ai-model-can-replicate-password-listening-to-keystrokes
Follow us on s ..read more