Security Weekly NewsSubscribe
Vulnerability Management, AI/ML, Threat Management

Bad Romance, Kimsuky, Red Mike, Ivanti, Nvidia, C code, Postgre, Aaran Leyland… – SWN #451

Tunnel of Love, Kimsuky, Red Mike, Ivanti, Nvidia, C code, Postgre, Aaran Leyland, and More, on this edition of the Security Weekly News.

Full episode and show notes

Announcements

  • Security Weekly listeners save $100 on their RSAC Conference 2025 Full Conference Pass! RSA Conference will take place April 28 to May 1 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac25 and use the code 5U5SECWEEKLY! We hope to see you there!

Hosts

Professor at Roger Williams University
  1. 1. DPRK hackers dupe targets into typing PowerShell commands as admin
  2. 2. China’s RedMike hackers taking aim at telcos via flaws in Cisco gear
  3. 3. Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure
  4. 4. Critical Nvidia flaw could menace AI systems
  5. 5. US govt wants developers to stop coding ‘unforgivable’ bugs
  6. 6. Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation
  7. 7. University of Surrey develops AI tool to tackle knife crime
  8. 8. Warning: Tunnel of Love Leads to Scams
Cyber security lead EMEA at Defence
  1. 1. The Explosion of Hardware-Hacking Devices

    By: Paul Asadoorian February 7, 2025

    Resources & Further Reading

    Arduino Maestro – A GPT tuned for Arduino development (one of the better ones that I’ve tried and works great, especially for debugging help).

    M5Stick-Launcher – An application launcher for several different ESP32 platforms. Once this firmware is flashed on the device,e you can load firmware at boot time from an SD card or over the air.

    https://github.com/witnessmenow/ESP32-Cheap-Yellow-Display – General information about the CYD, including where to buy, the different hardware variations, and flashing firmware.

    https://github.com/hevnsnt/CYD_ESP32-AirTag-Scanner – The original firmware that was developed for the Shmoocon 2025 talk.

    https://github.com/pasadoorian/CYD-BLE-Tools – This is my fork of the code above, several features were added. This is still in development and should be considered experimental. (Note: this code borrows heavily from https://github.com/bmorcelli/M5Stick-Launcher).

Related

Its Not Really A 0-Day – PSW #866

This week: Compliance, localization, blah blah, the Greatest Cybersecurity Myth Ever Told, trolling Microsoft with a video, Github actions give birth to a supply chain attack, prioritizing security research, I'm tired of 0-Days that are not 0-Days, sticking your head in the sand and believing everything is fine, I'm excited about AI crawlers, but s...
Redlining the Smart Contract Top 10 – Shashank . – ASW #322

The crypto world is rife with smart contracts that have been outsmarted by attackers, with consequences in the millions of dollars (and more!). Shashank shares his research into scanning contracts for flaws, how the classes of contract flaws have changed in the last few years, and how optimistic we can be about the future of this space. Segment Re...

You can skip this ad in 5 seconds