KrofekSecurity

Google’s Transition to Memory-Safe Languages: Enhancing Android Security Google’s transition to memory-safe languages, especially Rust, has significantly improved Android security. Over six years, the percentage of memory-safe vulnerabilities in Android dropped from 76% to 24%. This shift is a key part of Google’s secure-by-design approach. What is a Memory-Safe Language? Memory-safe languages are designed to…

Discovery of Splinter: A New Threat in Cybersecurity Cybersecurity researchers recently discovered a new post-exploitation tool, Splinter. This tool has been flagged for its potential to infiltrate systems. Palo Alto Networks Unit 42 found the program residing on multiple customers' devices. "It has a standard set of features commonly found in penetration testing tools," said…

Firefox's New Feature Raises Privacy Concerns Vienna-based privacy non-profit, noyb (None Of Your Business), has filed a complaint with the Austrian Data Protection Authority (DPA) against Firefox maker Mozilla. The center of the controversy is a new feature called Privacy Preserving Attribution (PPA), which Mozilla introduced without explicitly seeking users' consent. Understanding Privacy Preserving Attribution…

How to Spot Phishing Links: Key Indicators by Security Experts Phishing attacks are becoming more advanced and harder to detect. However, there are still telltale signs that can help you spot them before it’s too late. Here are key indicators that security experts use to identify phishing links: Check Suspicious URLs Phishing URLs are often…

A Now-Patched Security Vulnerability in OpenAI’s ChatGPT App for macOS Introduction A significant security vulnerability in OpenAI’s ChatGPT app for macOS has recently been patched. This flaw could have potentially allowed attackers to insert long-term persistent spyware into the AI tool’s memory. Known as SpAIware, this technique had the potential to facilitate continuous data exfiltration,…

Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads, and enhancing efficiency. However, despite three generations of SOAR technology and 10 years of advancements, SOAR hasn’t fully delivered on its potential, leaving SOCs still grappling with many of the same issues. Evolution…

## Understanding the SpAIware Vulnerability in ChatGPT for macOS A recently patched security vulnerability in OpenAI’s ChatGPT app for macOS could have allowed attackers to plant long-term persistent spyware into the AI tool’s memory. This technique, known as SpAIware, posed a significant threat, enabling continuous data exfiltration from any information typed or responses received by…

## Introduction to Phishing Campaigns in Transportation and Logistics Transportation and logistics companies in North America are now the focus of a new phishing campaign delivering various types of malware, including information stealers and remote access trojans (RATs). This activity, identified by Proofpoint, exploits compromised legitimate email accounts from transportation and shipping firms to insert…

## CISA Highlights Critical Ivanti vTM Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently identified a significant security flaw in Ivanti Virtual Traffic Manager (vTM). This flaw has been included in CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. ### What is CVE-2024-7593? **CVE-2024-7593** is the vulnerability in question,…