intelligence gathering

An authentication bypass vulnerability in GitHub Enterprise Server (GHES) when using SAML single sign-on with optional cryptographic assertions can be exploited by an attacker to spoof a SAML response to configure and gain site administrator privileges. This allows an attacker to gain unauthorized access to an instance without prior authentication.

Artificial Intelligence Security Research released Inspect, an open-source testing platform designed to assess the safety and performance of AI models.Inspect detects the core knowledge, reasoning and autonomy of AI models, fostering the development of the global AI community, and Inspect becomes a cornerstone of AI security research.

According to The Guardian, Google Cloud Services recently suffered a major, never-before-seen misconfiguration incident that resulted in the deletion of a cloud subscription account for Australia's UniSuper fund and a week-long disruption in service.
UniSuper is a not-for-profit pension fund that manages a massive $125 billion with over half a million investors.
Although UniSuper made data backups in two cloud regions of Google Cloud, this major incident was caused by account deletions, resulting in the loss of both backups at the same time, which did not provide protection.
It was good that UniSuper had data backed up with other storage providers as well, which minimized the damage caused by this incident and accelerated the process of UniSuper's recovery of data on Google Cloud.

A critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks PAN-OS software has been actively exploited by the hacker group UTA0218 in an attack campaign codenamed "Operation Midnight Eclipse". The vulnerability allows attackers to plant a Python backdoor program, gain system privileges, and perform lateral movement and data theft on the victim's network. Affected devices include PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the GlobalProtect gateway and device telemetry enabled.Palo Alto Networks has issued a security advisory with a remediation patch, and recommends users update as soon as possible.

How to detect and stop suspicious activity before it evolves into a more serious threat. For example, by using OSINT (Open Source Intelligence) technology and network traffic monitoring, organizations can stay one step ahead of attackers and protect their networks and sensitive data from devastating cyberattacks.

An injection vulnerability exists in the open source software grafana, where an attacker can use a post request to the /api/ds/query api, and then they can modify the "rawSql" file to execute a malicious sql string, resulting in a blind time-based sql injection vulnerability that poses the threat of a database compromise.

Up to 100 malicious artificial intelligence (AI)/machine learning (ML) models have been found in the Hugging Face platform.

The LockBit ransomware-as-a-service (RaaS) operation is the "leading" ransomware threat globally in 2022, with the highest number of targets.

Fortinet has released a FortiOS SSL VPN high-risk security vulnerability (Vulnerability CVE: CVE-2024-21762) that may have been exploited in the wild.

More than 60 zero-day vulnerabilities (0day) that have been made public since 2016 are associated with commercial spyware vendors for government agencies, and vulnerabilities exist in products from a number of companies, including Apple, Adobe, Google, and others, where they have been used for attack purposes including targeting journalists and political dissidents. The report notes that a large number of vulnerabilities are actively exploited in 2023.