- GitHub repositories are used to Extract PII using information stealer called RisePro (Link)
- Security flaws identified by SALT Security in ChatGPT (Link)
- First, being ChatGPT allowing vulnerable / malicious plugin to be installed
- Second, 0 – click account takeover on plugin’s there by taking control of the account.
- Third, Similar to #2 , But manipulating OAuth Redirect.
- RCE on windows node within Kubernetes cluster (Link)
- Prompt Leakage, Jailbreak and Indirect Injection in Google Gemini , LLM Threats (Link)
- Midnight Blizzard had its hand on Microsoft source code and unauthorized access (Link)
- Did United Health’s Change Healthcare unit pay $22 Million to Blackcat and AlphV (Link)
- francetravail (governmental agency which registers unemployed people) reported data breach of 43 Million people (Link) . Claims there were no “Passwords and bank details are not affected by this malicious cyber act. There is therefore no risk to compensation.“
- Microsoft Copilot for Security is generally available on April 1, 2024, with new capabilities (Link) and news was release on 13th March .
- Europe approved AI ACT (Link)
Azure security updates
- Application Gateway WAF v2 Configuration gets retired (Link)
- General availability: Application Gateway for Containers
- Azure Application Gateway now supports TLS and TCP protocols (Not can be used for non-HTTP application) (Link)
Cyber Security Shots 
Leave a comment