Taylor Swift Terror Plot Foiled, Android Security Update, & AI Security Talks

AI Security Talks from Las Vegas

Author

Ben
September 04, 2024

Hello, fellow hackers! In this week’s issue of HackerReport, we're diving into the latest data breach reports, major software update advisories, AI security training, and malware analysis with phishing emails.

What’s Inside

  1. Shake It Off, ISIS: CIA Foils Taylor Swift Concert Terror Plot

  2. Trump Family Hacked in Crypto Scam Scheme

  3. Android Security Update September 2024

  4. AI Security Showdown in Vegas: Hacker Summer Camp 2024

  5. Unmasking Malware in Phishing Scams

  6. Cybersecurity Investment Picks of the Day

Cybersecurity News This Week

1. Shake It Off, ISIS: CIA Foils Taylor Swift Concert Terror Plot

And more news in the Swifty Department….

  • CIA Intervention: The CIA helped thwart an ISIS-inspired plot against Taylor Swift's concert in Vienna, saving tens of thousands of lives.

  • Arrests Made: Three teenagers, including a radicalized 19-year-old, were arrested for planning a mass attack with explosives and knives.

  • Swift's Response: Taylor Swift thanked authorities for preventing tragedy, stating they were grieving concerts, not lives.

🎵 Can’t stop, won’t stop the Swiftyverse. 🎵 

2. Trump Family Hacked in Crypto Scam Scheme

  • Lara and Tiffany Trump’s social media accounts were hacked to promote a fake cryptocurrency giveaway associated with World Liberty Financial.

  • The hackers falsely claimed Donald Trump was launching a cryptocurrency called "TrumpCoin," linking it to a fraudulent website.

  • X quickly removed the scam posts and restored the accounts, with no other Trump family members reported affected.

✖️ If it's not on Twitter, is it really a secret? ✖️ 

3. 🐛 Android Security Update September 2024

  • The September 2024 security update is likely the last for Android 14, rolling out to all supported Google Pixel devices.

  • The update addresses critical vulnerabilities, including the removal of the vulnerable Verizon Store Demo app.

  • Improvements include enhanced Wi-Fi performance for the Pixel 9 series.

  • Android 15 is set to launch in October 2024, with the source code now live on AOSP.

  • The update includes patches for multiple high-severity CVEs and proprietary Qualcomm vulnerabilities.

  • Users can check for the update in the settings menu, with a full rollout expected over the next couple of weeks.

😎 Update your android now! 😎 

4. 🗞️ AI Security Showdown in Vegas: Hacker Summer Camp 2024 Decoded

Every summer, Las Vegas becomes the playground for hackers as they descend upon the city, armed with Pelican cases, laptops, and enough gear to hack the planet. The trifecta of BSides, Black Hat, and DEFCON security conferences is where cybersecurity pros, enthusiasts, and curious onlookers converge for a week of hacking, learning, and partying (ravs o-plenty).

Clint Gibler, who operates the newsletter "tl;dr sec," graciously put together a list of AI training presented at these conferences. Thanks, Clint!

Check out the highlights:

  • 60+ AI-focused talks from BSidesLV, Black Hat, and DEF CON summarized, covering attacks, defenses, and emerging trends in AI security.

  • Key topics include securing AI systems, novel attack techniques on AI platforms and assistants, and integrating AI into cybersecurity workflows.

  • Highlights range from NVIDIA's AI red team insights to groundbreaking research on LLM vulnerabilities and automated offensive AI tools.

“The world that has been pulled over your eyes to blind you from the truth…” 🫢 

🥚HackerReport Easter Egg 🥚

  • One of the best hacker movies of all time, based on various rankings and popular opinion, is often considered to be "WarGames" (1983).

    • Plot Overview: A young computer whiz accidentally hacks into a U.S. military supercomputer, mistaking it for a game, which nearly leads to World War III. Starring Matthew Broderick, Ally Sheedy, John Wood, and Dabney Coleman.

    • Cultural Impact: The film popularized the concept of hacking in popular culture and raised awareness about the potential dangers of computer technology.

    • Legacy: "WarGames" is frequently cited as a classic in the hacker genre, influencing both films and real-life discussions about cybersecurity and ethical hacking.

    »Check out the full movie here «

Security Crash Course: Advanced Users

5. ☠️Unmasking Malware in Phishing Scams☠️ 

What is Malware Analysis for Phishing Emails?

Malware analysis for phishing emails involves analyzing suspicious emails to identify any malicious content, such as malware attachments or harmful links. Think of it as CSI for your email, but with more caffeine and fewer dramatic sunglasses removals.

Why is It Important?

  • Prevent Cyber Attacks: Just like a good security team, malware analysis helps identify and thwart cyber threats before they wreak havoc.

  • Understand Attacker Tactics: By analyzing phishing attempts, organizations can learn the tricks of the trade used by cybercriminals and deploy additional controls to prevent attacks.

  • Faster Incident Response: The quicker you can pinpoint a threat, the faster you can shut it down—like a fire drill, but for your data.

  • Protect Sensitive Information: Ultimately, it’s all about keeping your sensitive information safe, whether it’s passwords, or credit card info.

How is It Done?

  1. Email Header Analysis: Start by examining the sender information and routing details (or using your favorite AI Tool to help parse the header). It’s like reading the fine print on a sketchy contract—less boring and way more important.

  2. URL Dissection: Investigate any links within the email.

  3. Attachment Forensics: Scan suspicious files using tools like Any.run, JoeSecurity, or VirusTotal.

  4. Content Scrutiny: Evaluate the email body for red flags and social engineering tactics.

  5. Behavior Watching: Follow/detonate suspicious links and files in isolated environments to analyze the behavior using tools like Any.run, JoeSecurity, or spin up your own using CAPEV2.

  6. Network Traffic Snooping: Monitor communications if malware is executed.

6. 📖 Cybersecurity Investment Picks of the Day

Palo Alto Networks (PANW) - Liberal Approach

With the fed rate cut on the horizon in September, one may speculate Palo Alto Networks (PANW) may continue to grow. PANW has been expanding its offerings beyond traditional firewalls into cloud security and AI-driven threat detection, positioning it well for future growth in the evolving cybersecurity market. Its consistent performance and adaptability to new threats make it an attractive option for investors looking for upside potential in the cybersecurity sector.

Stock Summary:

  • Analysts' consensus long-term EPS growth estimate is 23.7%.

  • A leader in cloud security solutions, adapting well to the changing cybersecurity landscape.

  • Has shown strong financial performance and consistent growth.

  • Hasn't faced any recent major software issues that have made headlines (ehem Crowdstrike).

First Trust NASDAQ CEA Cybersecurity ETF (CIBR) - Conservative Approach

For those conservative investors, CIBR is a popular cybersecurity-focused exchange-traded fund that tracks the Nasdaq CTA Cybersecurity Index. Launched in 2015, it has $6.89 billion in assets under management and holds 30 stocks of companies engaged in the cybersecurity industry.

ETF Summary:

  • Largest cybersecurity ETF with $6.6 billion in assets under management.

  • Holds 30 stocks in the cybersecurity industry.

  • Expense ratio of 0.6%.

  • The cybersecurity industry is seen as a secular growth industry that could grow 10x by 2030.

❤️ Thank you for reading this issue of HackerReport brought to you by ZeroVulnSM, Your Personal Cybersecurity TeamTM. ❤️

Until our next issue, stay safe online!

  • Need help with your security? Contact ZeroVuln or book an appointment directly. Learn more about our services at www.zerovuln.ai.

  • Have a topic or product you'd like us to review? Want to share your feedback or give us some love? Drop us an email at [email protected]. We’d love to hear from you!

  • Do you have an idea for a newsletter and you love the platform we use? You’re in luck! Get a free 30-day trial + 20% OFF for 3 months. Sign up here.

  • Please help us reduce data breaches and grow our newsletter! Send this subscribe link to your friends, family, and/or co-workers.