Pollyfill Vuln, AI Hack, SpaceX Deal, FREE Cheat Sheet & More

Author

InfoSec Sam
June 30, 2024

This week's newsletter

Recent News

Polyfill Hole 

A supply chain attack on a popular JavaScript library Polyfill has compromised over 100,000 websites. Attackers injected malicious code, potentially affecting millions of users by stealing sensitive information and executing unauthorised actions.

Not to be confused with Polyfilla, the popular multi-purpose filler material that fills holes rather than creating them!

Blizzard Warning

Microsoft has notified additional customers of email theft linked to the expanding Midnight Blizzard hack. This sophisticated cyberattack targets email accounts, exploiting security weaknesses to access sensitive information.

The incident highlights the growing threat of state-sponsored cyber espionage and the need for robust email security measures.

Entrust to Distrust

Google has revoked trust for Entrust after discovering six significant security lapses. Entrust is one of the many certificate authorities (CA) used by Chrome to verify that the websites end users visit are trustworthy.

Entrust certificates will no longer be trusted in Google products, prompting those using Entrust to seek an alternative.

Skeleton Key

Microsoft has unveiled a new AI jailbreak technique called 'Skeleton Key.' This method allows attackers to bypass security restrictions on AI models, enabling unauthorized access and potentially harmful manipulations.

The discovery highlights significant vulnerabilities in AI systems and underscores the urgent need for enhanced security measures to protect against such exploits.

Other News

  • Bad Apple - EU accuses Apple of breaching new laws on App Store due to squeezing out rival marketplaces and could face a fine of up to 10% of it’s global revenue.

  • Faster Charger - Car manufacturer Nyobolt has produced an electric car battery that charges 10-80% in under 5 minutes!

  • Ground M(ISS)ion - SpaceX has been awarded a $843MM contract to bring down the ISS at end of its life by pushing it into the Pacific Ocean.

Career Development

How to design secure systems

Designing secure systems requires consideration of many controls which can be overwhelming for new cybersecurity professionals.

To help with this I have found this extremely useful cheat sheet. Take a copy of this, save it on your phone, study it, and you’ll be designing highly secure systems in no time.

Check out the cheat sheet and more useful links below:

Subscribe to keep reading

This content is free, but you must be subscribed to InfoSecSam's Newsletter to continue reading.

I consent to receive newsletters via email. Terms of use and Privacy policy.

Already a subscriber?Sign in.Not now