Super(conductive) Graphene, Yandex Leak, No Fly Lists, & Thinkpad Servers – PSW #771
In the Security News for this week: defending against cleaning services, catastrophic mutating events and the future, myths and misconceptions, finding vulnerabilities in logs (And not log4j), SSRF leads to RCE with a PoC, SQLi with XSS bypasses WAF FTW, thinkpad as a server, RPC directory traversal for the win, just directory traversal for the win, Paul gets a Flipper Zero and how he thinkgs he's some sort of hero, sh1mmer your chromebook, and superconductive magic angle graphene!
Announcements
You can now find us on Instagram! Follow us for highlight reels, giveaway announcements, and more at SecWeekly.
Hosts

- 1. A Catastrophic Mutating Event Will Strike the World in 2 Years, Report Says
I don't generally look to Popular Mechanics for articles on Cybersecurity, but who am I to judge? The article cites a presentation at the recent World Economic Forum (WEF) highlighting the WEF Global Security Outlook Report 2023, which asserts that “93 percent of cyber leaders, and 86 percent of cyber business leaders, believe that the geopolitical instability makes a catastrophic cyber event likely in the next two years." Given the state of our industry, I'm not sure we prevent this from occurring, so what should be our strategy?
- 2. Cybersecurity Myths and Misconceptions
Spaf is very excited about his latest book release - so go grab a copy today!
In Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, three cybersecurity pioneers don't just deliver the first comprehensive collection of falsehoods that derail security from the frontlines to the boardroom; they offer expert practical advice for avoiding or overcoming each myth.

- 1. Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover
- 2. Outrageous Stories From Three Cyber Incident Responders
- 3. Google Fi says hackers accessed customers’ information
- 4. DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000
- 5. US Marines Defeat DARPA Robot by Hiding Under a Cardboard Box

- 1. The generative AI revolution has begun—how did we get here?
AI has made progress at an incredible pace. Why? Because of a new class of AI models that are more flexible and powerful than anything that has come before: foundation models. The main drivers of this success are programmable GPUs, large training data sets, and a model from Google called "the transformer." Inputs are reduced to a matrix of numbers so large data inputs can be efficiently processed.
- 2. New US ransomware strategy prioritizes victims but could make it harder to catch cybercriminals
The FBI's new strategy prioritizes helping victims of cybercrime over gathering evidence for prosecution. The FBI had extraordinary access for six months to the computer infrastructure of a Russian-speaking ransomware group known as Hive, and passed keys to victims so they could decrypt their systems and thwart $130 million in ransom payments.
- 3. Study: Superconductivity switches on and off in ‘magic-angle’ graphene
Graphene is an atom-thin material made from carbon atoms that are linked in a hexagonal pattern resembling chicken wire. Two sheets of graphene stacked together and rotated by the magic angle of 1.1 degrees create a new material with an amazing property: superconductivity that can be turned on and off with an electric pulse, much like a light switch.
The discovery could lead to ultrafast, energy-efficient superconducting transistors for neuromorphic devices—electronics designed to operate in a way similar to the rapid on/off firing of neurons in the human brain.
- 4. Massive Yandex code leak reveals Russian search engine’s ranking factors
Nearly 45GB of source code files, allegedly stolen by a former employee, have revealed the underpinnings of Russian tech giant Yandex's many apps and services. This exposes the internal workings of Yandex and also Google, since Yandex purportedly employs several ex-Google employees.

- 1. Ukraine Humanitarian Aid Village | Ukraine Humanitarian Aid Village
The Ukraine humanitarian aid village was established with the purpose of providing a safe, nurturing shelter, and refuge for individuals fleeing violence and hardship from the war in Ukraine. Here, those who come to our humanitarian village can find a stable new home that provides 3 nutritious hot meals a day, medical care, education, and safety from harm. Many of the women and children in our facility have grown together and formed strong bonds of friendships, turning this village into a safe haven in an otherwise tumultuous environment.
Your donations will ensure that these residents receive the love, support, vital care, and safe environment they require to survive and thrive. It will help to provide nutrition assistance; trauma-informed care; warm clothing; educational resources; quality winter-proof housing; mental health services; security; and play therapy tools for young children. By supporting us through your donations, you’ll be giving us the means to continue to make a positive impact and save lives in Ukraine.