This post covers 2022-06-20 to 2022-06-27.
News and Articles#
Challenging Initial Access Model#
Traditionally, in a phishing campaign the success condition is the callback. Then we know, the user clicked a thingy. The article proposes a phishing for persistence. So, instead of the immediate callback a delayed reaction should be utilized. This situation creates a delay between action and outcome. Does this break alert logic?
Deepfake-Klitschko#
Berlin Mayor Franziska Giffey spoke for 15 minutes with a man posing as Kyiv Mayor Vitali Klitschko
- Senatskanzlei Berlin on Twitter
- Senatskanzlei Berlin on Twitter
- Vitali Klitschko fake tricks Berlin mayor in video call | News | DW | 24.06.2022
- Giffey fällt auf “Deepfake-Klitschko” herein
Alexa dead grandma audio deepfake#
Child’s grandma comes out of the speaker to read a tale. The system can learn to imitate someone’s voice from just one minute of recorded audio.
Malicious Python packages#
Sonatype discovered multiple Python packages exfiltrate your secrets — AWS credentials and environment variables.
Additionally, quite a few CVEs popped up in NVD with a reference to the malicious request package.