Contacts
Info
The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information...
show more
The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information security industry involving hacking techniques, vulnerabilities, exploits, and more.
show less
13 NOV 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.Â
This month, Oscar and the crew focus on SolarWinds cyber attack and the resulting charges from the SEC, guidance from OWASP on AI Security, and CISCO's security patch.
Links: "Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbGdlRjFMYldRVnFJV1pmUUl2ZU1LVnBZaFNHUXxBQ3Jtc0ttMWJRdk5WUERGYk52Ui1qMTJPUjVwYnJreGh4YlZtRVg2WmN4emlUZHNjOXc5YkVIOE1ZNHB1czl0U1d0aHlmQklqZG1PTkRXdVUtT3FuSG1pVTcwU3pNdWdTdW90bE1kQzNTM1hrMU4xd3R1M0YyZw&q=https%3A%2F%2Fthehackernews.com%2F2024%2F11%2Fgoogle-cloud-to-enforce-multi-factor.html&v=CMpMdSqN2qg
"SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0NNSXZVb0c5TnpIXzZ6SWN1c3VZVmY2LUItZ3xBQ3Jtc0ttY2NuaHRlNTdRNFM5QVdJZWE1cUtzR3h5V2lLMWlLTlNKa1hVLVZFa1ZwaUNLTTk4T3lKRVJQRXVVeGcyMWwxTkJmMDYwRUp1TWUzd1JSX2wxRXZJYkx4Y3ZLMjFCd0YzMDM1ZWtUeWZrVjA4bmk1bw&q=https%3A%2F%2Fthehackernews.com%2F2024%2F10%2Fsec-charges-4-companies-over-misleading.html%3Fm%3D1&v=CMpMdSqN2qg
"OWASP Releases AI Security Guidance" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3ZoV1oxN2x3RWs2a1Z2eFBYaTNjTkFkblhRZ3xBQ3Jtc0tteVBBQ3dEX1RZTFlHdlNwcVlibTBVaHlmcS1LSV96SzN2LUIyUTRFaDlIT3F0TmxmanlmdXVQa096OHB5Q01URERwSjRSNHBHS0FYZmZtR2hJVVJFMld0YXJkcXRJVEZRMkFrVnh0SXlRZWpQalEwZw&q=https%3A%2F%2Fwww.darkreading.com%2Fapplication-security%2Fowasp-releases-ai-security-guidance&v=CMpMdSqN2qg
"Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1hWQl9SdGdoejJGU2pWUVk2VXN5QXR0QnE0UXxBQ3Jtc0tsOGtNN2FwREhEaEpmdUdIZVB5MnNrcktuMGNJbnhJcTZ2SXlZdG5WYzdMS3VvUWJIcGd1blVadExIcGtyR21fcWEyWkFHMHJ5eEVFVzJfLTRvZEhZSVVuM1g4WW54UWVLT0hYZ3NCTmgwTUdVTnpURQ&q=https%3A%2F%2Fthehackernews.com%2F2024%2F11%2Fcisco-releases-patch-for-critical-urwb.html&v=CMpMdSqN2qg
Please like, subscribe, and follow us on social!Â
Facebook: https://www.facebook.com/frsecure/events/?_rdr
Twitter: https://x.com/FRSecure?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure
About FRSecure: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHBxdzdTTXhLWHRMUHJRSVBvc2xrUHBHRFFvd3xBQ3Jtc0ttZUFmbFdKVk9MZnBqQlI5eHVQZ2ZYVXVtWC1aSENkX09GajJuYUcweEtoOGVRVkJTZ0VKQjRtOTRJMi02MmxUMG5NU1BqQTJ5SG0tYi1GWDBuaHFyU1VGY0h6Nk1penhuUjYxRnlXTXpBRWRiZERYQQ&q=https%3A%2F%2Ffrsecure.com%2F%C2%A0&v=CMpMdSqN2qg
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
28 OCT 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.Â
This month, the hosts talk about personal preparation for emergency events like natural disasters, the DDOS attacks of Internet Archive, newest CISA warnings, and Zero Day Alert for Ivanti exploitation. They also open up to the live audience for questions!
Links: "Internet Archive Hacked, Data Breach Impacts 31 Million Users" https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/
"CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches" https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html
"Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited" https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html
"N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware" https://thehackernews.com/2024/10/n-korean-hackers-use-fake-interviews-to.html
Please like, subscribe, and follow us on social!Â
Facebook: https://www.facebook.com/frsecure/Â
Twitter: https://twitter.com/frsecure/Â
Instagram: https://www.instagram.com/frsecureofficial/ Â
LinkedIn: https://www.linkedin.com/company/frsecure/Â
About FRSecure:Â https://frsecure.com/Â
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
16 SEP 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
With Oscar out traveling, Pinky and Eric lead the discussion this month. Together, they discuss: A worm-driven USB attack strategy, Microsoft's disclosure of four zero-days in their September update, and the Scattered Spider ransomware group's sophisticated smishing and vishing campaigns on cloud services. They also open up to the live audience for questions!
Links:Â
Mustang Panda Feeds Worm-Driven USB Attack Strategy
https://www.darkreading.com/cyberattacks-data-breaches/mustang-panda-worm-driven-usb-attack
Microsoft Discloses 4 Zero-Days in September Update
https://www.darkreading.com/application-security/microsoft-discloses-4-zero-days-in-september-update
Socially Savvy Scattered Spider Traps Cloud Admins in Web
https://www.darkreading.com/cloud-security/socially-savvy-scattered-spider-traps-cloud-admins-in-web
Please like, subscribe, and follow us on social!
About FRSecure
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1hmeGY2UnRZb1hmdUl5YTdjMmRybm1YbzhOQXxBQ3Jtc0trR3JlbEZvR1B0R2IyRmFBYzJvVUl0Sk1jMUxWLTZ3ellOREIyTHJDaGJ2UkhaZzZ1c3hEdzlvUFRkRnlEemd6Qld1dWhEVV9BSUFrMTJkM2hGR0FoLVkzellJa0F6M3hvZ0UxeXNDbHhjc3VCOEJFQQ&q=https%3A%2F%2Ffrsecure.com%2F%C2%A0&v=dbmw0R2dQZQ
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
16 JUL 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.Â
This time, they discuss Midnight Blizzard, a zero-click Outlook vulnerability, and CISA's takedown of Ivanti Systems.
Links:Â
Network Segmentation Saved TeamViewer From APT29 Attack https://www.darkreading.com/cyberattacks-data-breaches/teamviewer-network-segmentation-apt29-attack
Zero-Click Outlook RCE Vulnerability - Project Hyphae
https://projecthyphae.com/threat/zero-click-outlook-rce-vulnerability/Â
CISA Takedown of Ivanti Systems Is a Wake-up Call
https://www.darkreading.com/vulnerabilities-threats/cisa-takedown-ivanti-systems-is-wake-up-call
Please like, subscribe, and follow us on social!Â
Facebook: https://www.facebook.com/frsecure/Â
Twitter: https://twitter.com/frsecure/Â
Instagram: https://www.instagram.com/frsecureofficial/ Â
LinkedIn: https://www.linkedin.com/company/frsecure/Â
About FRSecure
https://frsecure.com/Â
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
13 MAY 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.Â
This time, they discuss critical Citrix flaws, fake journalists stealing data, Microsoft holding execs accountable for security, police trolling a ransomware gang, and more.
Links:Â
Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway
https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html
Apt42 Pose As Journalists, Harvest Credentials, Access Cloud Data
https://attackfeed.com/apt42-hackers-pose-as-journalists-to-harvest-credentials-and-access-cloud-data-infothehackernews-com-the-hacker-news/
Microsoft Will Hold Execs Accountable for Cybersecurity
https://www.darkreading.com/cloud-security/feds-microsoft-clean-up-cloud-security-act
Burnout Is Pushing Workers to Use AI—Even If Their Boss Doesn’t Know
https://www.wired.com/story/ai-workers-burnout-microsoft-linkedin/
Police Resurrect LockBit's Site and Troll the Ransomware Gang | TechCrunch
https://techcrunch.com/2024/05/06/police-resurrect-lockbits-site-and-troll-the-ransomware-gang/
US Indicts LockBit Ransomware Ringleader, Offers $10 Million Reward
https://www.theverge.com/2024/5/7/24151493/us-lockbit-ransomware-ringleader-indictment-reward
Please like, subscribe, and follow us on social!Â
Facebook: https://www.facebook.com/frsecure/Â
Twitter: https://twitter.com/frsecure/Â
Instagram: https://www.instagram.com/frsecureofficial/ Â
LinkedIn: https://www.linkedin.com/company/frsecure/Â
About FRSecure https://frsecure.com/Â
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs.Â
These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
16 APR 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss AI-written malware, XZ Utils, and attackers targeting hospital IT help desks.
Links:
XZ Utils scareÂ
https://www.darkreading.com/application-security/xz-utils-scare-exposes-hard-truths-in-software-security
Change Healthcare hit with cyber extortion (again)
https://www.infosecurity-magazine.com/news/change-healthcare-double-cyber/
Health Department warns attackers targeting IT help desks https://www.bleepingcomputer.com/news/security/us-health-dept-warns-hospitals-of-hackers-targeting-it-help-desks/
Malicious PowerShell script appears to be AI-writtenÂ
https://www.bleepingcomputer.com/news/security/malicious-powershell-script-pushing-malware-looks-ai-written/
Please follow us on social!
Facebook: https://www.facebook.com/frsecure/
Twitter: https://twitter.com/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure/Â
About FRSecure https://frsecure.com/
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs.
These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
19 MAR 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss security risks in ChatGPT plugins, a major flaw in Google's Gemini AI, typosquatting, and a worldwide vishing epidemic.
Links:
ChatGPT Plugin Security
https://www.infosecurity-magazine.com/news/security-risks-chatgpt-plugins/
Gemini AI Vulnerability
https://www.darkreading.com/cyber-risk/google-gemini-vulnerable-to-content-manipulation-researchers-say
Worldwide Vishing Epidemic
https://www.darkreading.com/endpoint-security/sophisticated-vishing-campaigns-take-world-by-storm
Typosquatting
https://www.darkreading.com/threat-intelligence/typosquatting-wave-shows-no-signs-of-abating
Please like, subscribe, and follow us on social!
Facebook: https://www.facebook.com/frsecure/
Twitter: https://twitter.com/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure/
About FRSecure https://frsecure.com/
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs.
These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
12 FEB 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss compromised job boards where millions of resumes were stolen, AnyDesk's actions post-hack, an exploited SSRF flaw in Ivanti, and more.
Links:
Millions of resumes stolen via exploited job boards https://thehackernews.com/2024/02/hackers-exploit-job-boards-in-apac.html
AnyDesk resets passwords/revokes certificates after hack https://techcrunch.com/2024/02/05/remote-access-giant-anydesk-resets-passwords-and-revokes-certificates-after-hack/
SSRF flaw in Ivanti exploited https://thehackernews.com/2024/02/recently-disclosed-ssrf-flaw-in-ivanti.html
Fortinet reissues critical FortiSIEM vulnerabilities https://www.theregister.com/2024/02/06/fortinet_fortisiem_vulns/
Please like, subscribe, and follow us on social!
Facebook: https://www.facebook.com/frsecure/
Twitter: https://twitter.com/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure/
About FRSecure https://frsecure.com/
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs.
These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
19 JAN 2024 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss the reduced cybersecurity funding observed in 2023 as well as new vulnerabilities, patches, and more.
Links:
Cybersecurity Funding Reduced
https://www.securityweek.com/cybersecurity-funding-dropped-40-in-2023-analysis/
Critical Flaws in Windows Kerberos and Hyper-V
https://securityweek.com/microsoft-ships-urgent-fixes-for-critical-flaws-in-windows-kerberos-hyper-v/
Pikabot Malware
https://www.darkreading.com/cyberattacks-data-breaches/pikabot-malware-qakbot-replacement-black-basta-attacks
Decryptor for Black Basta and Babuk's Tortilla Ransomware https://thehackernews.com/2024/01/free-decryptor-released-for-black-basta.html
Please like, subscribe, and follow us on social!
Facebook: https://www.facebook.com/frsecure/
Twitter: https://twitter.com/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure/
About FRSecure https://frsecure.com/
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs.
These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
12 DEC 2023 · The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.
This time, they discuss common social engineering attacks carried out around the holidays when key team members are out of the office or organizations are shut down for seasonal breaks.
Links
Social Engineering
https://thehackernews.com/2023/12/hacking-human-mind-exploiting.html
Cisco IOS XE Vuln Exploitation
https://www.securityweek.com/exploitation-of-recent-cisco-ios-xe-vulnerabilities-spikes/
Sierra:21 Attacks
https://thehackernews.com/2023/12/sierra21-flaws-in-sierra-wireless.html
Atlassian
https://www.darkreading.com/application-security/patch-now-critical-atlassian-bugs-endanger-enterprise-apps
Please follow us on social!
Facebook: https://www.facebook.com/frsecure/
Twitter: https://twitter.com/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure/
About FRSecure
https://frsecure.com/
FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs.
These fundamentals are lacking in our industry, and while progress is being made, we can’t do it alone. Whether you’re wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.
The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information...
show more
The Hackle Box is a monthly cyber threat intel discussion where Oscar Minks and members of FRSecure's technical services team (Team Ambush) break down the latest trends in the information security industry involving hacking techniques, vulnerabilities, exploits, and more.
show less
Information
| Author | The InfoSec Mission |
| Organization | InfoSec Missionaries |
| Categories | Technology |
| Website | frsecure.com |
| hacklebox@frsecure.com |
Copyright 2024 - Spreaker Inc. an iHeartMedia Company
