Weekly in Security 202225

2022-06-20 to 2022-06-27

2 min read - 248 words


Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-06-20 to 2022-06-27.

News and Articles

Challenging Initial Access Model

Traditionally, in a phishing campaign the success condition is the callback. Then we know, the user clicked a thingy. The article proposes a phishing for persistence. So, instead of the immediate callback a delayed reaction should be utilized. This situation creates a delay between action and outcome. Does this break alert logic?


Berlin Mayor Franziska Giffey spoke for 15 minutes with a man posing as Kyiv Mayor Vitali Klitschko

Alexa dead grandma audio deepfake

Child’s grandma comes out of the speaker to read a tale. The system can learn to imitate someone’s voice from just one minute of recorded audio.

Malicious Python packages

Sonatype discovered multiple Python packages exfiltrate your secrets — AWS credentials and environment variables. Additionally, quite a few CVEs popped up in NVD with a reference to the malicious request package.