Amazon’s AI Coding Assistant Compromised by Malicious Prompt!

In a chilling reminder of AI’s growing attack surface, a malicious prompt was quietly inserted into Amazon’s Q coding assistant via a pull request and told to wipe the user’s file system and AWS cloud resources. The rogue code instructed the AI to “clean a system to a near-factory state,” including running destructive AWS CLI commands.

Amazon has since removed the malicious version and released an update, but it's a good reminder that AI coding tools are only as secure as their supply chain and prompt filtering. Vet your extensions. Lock down access. And never assume “AI knows better.”

Read the details: https://www.tomshardware.com/tech-industry/cyber-security/hacker-injects-malicious-potentially-disk-wiping-prompt-into-amazons-ai-coding-assistant-with-a-simple-pull-request-told-your-goal-is-to-clean-a-system-to-a-near-factory-state-and-delete-file-system-and-cloud-resources

Leaked and Loaded: DOGE’s API Key Crisis

One leaked API key exposed 52 private LLMs and potentially sensitive systems across SpaceX, Twitter, and even the U.S. Treasury.

In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down the DOGE/XAI API key leak. They share how it happened, why key management is a growing threat, and what you should do to protect your organization from similar risks.

Watch the video: https://youtu.be/Lnn225XlIc4

Listen to the podcast: https://www.chatcyberside.com/e/api-key-catastrophe-when-secrets-get-leaked/

How do attackers go from file shares to full domain admin access without ever stealing a password? In this real-world case study, we'll share how a single misconfiguration opened the door to a full network compromise, and how our #pentest team exploited hidden file shares (with that sneaky $ at the end) to uncover sensitive data most IT teams don’t realize is exposed.

We'll share:
• How attackers exploit hidden file shares
• Why misconfigured Windows Deployment Services are a major risk
• The exact relay attack path that led to domain dominance
• What red flags to look for in your environment

Watch: https://youtu.be/78L2Zz2Ttbs

Your UPS might be a silent security risk.

Watch our new video to see how a standard uninterruptible power supply (UPS) became the gateway to hacking a real bank.

We walk you through:

How UPS devices connect to networks—and why that matters
The danger of default credentials on embedded systems
How spoofed email servers let attackers steal domain credentials
The exact steps that led to full network compromise

Watch now! https://youtu.be/Ru5RR9COqYw

New mass scanning activity may be the first step in another MOVEit attack.

Hackers are actively scanning the internet for exposed MOVEit systems—hundreds of unique IPs every day—suggesting the early stages of coordinated exploitation.

Threat intel firm GreyNoise warns this is the same pattern seen weeks before past mass attacks. Known MOVEit vulnerabilities, such as CVE-2023-34362 and CVE-2023-36934, are already being tested in the wild.

If your MOVEit Transfer instance is online and unmonitored, you may already be on an attacker’s target list.

Now’s the time to:
• Patch all known MOVEit vulnerabilities
• Limit public-facing access
• Monitor for scan activity and open ports
• Block IPs identified by threat intelligence feeds
• Harden file transfer environments and deploy honeypots if needed

Scanning isn’t random—it’s reconnaissance. Act now before scanning turns into breach.

Read the article for details: https://www.cuinfosecurity.com/scans-probing-for-moveit-systems-may-be-precursor-to-attacks-a-28832

More information on printer security, since they are often a cybersecurity blind spot!

Last week, we shared a warning about the unpatchable Brother printer vulnerability (CVE-2024-51978) that puts millions of devices at risk. If you haven’t updated your default admin passwords, do it now.

Since there was a lot of interest in this topic, we're sharing our classic, but still very relevant, on-demand webinar, "How I met your printer": https://youtu.be/b6d6RO2AFgw

@tompohl shares real-world techniques attackers use to exploit printers for initial access and lateral movement—exactly what we see in our penetration tests all the time.

If you haven’t tested your print infrastructure, now’s the time. Need help? Our pentest team can assess your network and highlight hidden vulnerabilities.

#Cybersecurity #CISO #PrinterSecurity #PenetrationTesting #LMGSecurity #NetworkSecurity #Infosec #ITsecurity
#penetrationtesting #pentest #pentesting

Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.

748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.

Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your network

Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.

Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.

Need help testing your network for exploitable print devices? Contact us and our pentest team can help!

Read the Dark Reading article for more details on the Brother Printers vulnerability: https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug

A single misstep in AD CS can hand attackers the keys to your entire domain—no passwords needed.

If your team installed Active Directory Certificate Services more than six months ago, your organization could be at risk.

Watch our new 4-minute video to see how a default setting enables low-privilege users to escalate all the way to domain admin and what you can do to reduce your risk. https://youtu.be/S59dNEPnJ4M

“You think it’s just a light bulb—but it’s not off. It’s watching, listening… maybe even hacking.”

LMG Security’s @tompohl revealed how $20 smart outlets and light bulbs can be exploited for WiFi cracking, evil twin attacks, and stealth monitoring—turning everyday gadgets into real-world threats.

In our latest blog, we’ll share:

How attackers can exploit everyday IoT gadgets to breach your organization
Advice on how to lock down your smart tech
Tips on segmentation, firmware auditing, and red teaming

Read the blog: https://www.lmgsecurity.com/i-have-the-power-iot-security-challenges-hidden-in-smart-bulbs-and-outlets/

How do hackers break into your network? Find out from the pros who do it every day!

In this week’s Cyberside Chats, @tompohl, head of penetration testing at LMG Security, joins @sherridavidoff to reveal how his team gains domain admin access in over 90% of tests.

From outdated Active Directory settings to risky legacy protocols, this episode is packed with real-world insights to help you reduce your organization’s risk. We’ll share:

The hidden vulnerabilities attackers love
Tips to harden your infrastructure
What penetration testers see that most defenders miss

Watch the full episode: https://youtu.be/VEeWkVBDDP8
Prefer audio? Listen to the podcast: https://www.chatcyberside.com/e/unveiling-the-secrets-of-penetration-testing/?token=6b16f323d00f32474ccfe6a7952ec47a

AI-powered features are the new attack surface! Check out our new blog in which LMG Security’s Senior Penetration Tester Emily Gosney @baybedoll shares real-world strategies for testing AI-driven web apps against the latest prompt injection threats.

From content smuggling to prompt splitting, attackers are using natural language to manipulate AI systems. Learn the top techniques—and why your web app pen test must include prompt injection testing to defend against today’s AI-driven threats.

Read now: https://www.lmgsecurity.com/are-your-ai-backed-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/

Think your network is locked down? Think again.

Register for our May 28th Cyberside Chats Live episode featuring special guest @tompohl, LMG Security’s Head of Penetration Testing, and discover the most common security gaps attackers exploit.

Tom will share how his team routinely gains domain admin access in over 90% of their engagements—and how you can stop real attackers from doing the same. He’ll break down the weak points they target, from insecure default Active Directory settings to overlooked misconfigurations—even in mature environments.

Register now: https://www.lmgsecurity.com/event/cyberside-chats-live-may-2025/

Dive into our new technical blog, No Exploits Needed: Using Cisco’s Own Features to Extract Credentials, for a behind-the-scenes look at how default settings can lead to a data breach.

In this post, Penetration Testing Team Manager @tompohl shares how he extracted a Cisco router’s entire running configuration—no credentials required—during a recent penetration test and offers tips for hardening your security. https://www.lmgsecurity.com/no-exploits-needed-using-ciscos-own-features-to-extract-credentials/

For our #Utah friends, the Early Bird Discount for our June 10th live Penetration Testing for IT Pros class ends in 2 days!

Join us in Salt Lake City for a full-day, hands-on class that teaches you how to pentest and secure your organization.

Taught by expert instructors @tompohl and @MDurrin, this hands-on training includes lab work and real-world scenarios so you can learn to find your security gaps before attackers do!

Date: Tuesday, June 10, 2025

Location: Salt Lake City, UT

Early Bird Price: $850 until May 2 ($950 after)

Seats are limited—register today: https://www.lmgsecurity.com/event/penetration-testing-for-it-pros-slc-25/

Are You Ready for Red Team Penetration Testing?

In our latest blog, penetration testing expert @tompohl shares how to choose the best test for your organization's cybersecurity maturity stage. We'll cover the difference between penetration testing and red team penetration testing, how to determine if your company is ready for a red team assessment, and tips for planning your test that will maximize your ROI!

Read More: https://www.lmgsecurity.com/are-you-ready-for-red-team-penetration-testing/

Could your organization be compromised in just one weekend? It can happen fast! In our latest blog, Penetration Testing Manager @tompohl walks you through a step-by-step cyberattack scenario showing how a zero-day vulnerability led to total system compromise.

Read our blog to learn how attackers weaponize public exploits, scan for exposed systems, and quickly gain admin access, as well as 10 expert strategies to protect your organization before the next zero-day hits. https://www.lmgsecurity.com/a-real-world-cyber-attack-simulation-how-a-hacker-can-breach-your-organization-in-one-weekend/

Ethical Hacking für Fortgeschrittene – sich selbst hacken, bevor es andere tun

In fünf Terminen lernen Admins und IT-Security-Verantwortliche ab dem 28. April, ihre eigenen Systeme zu hacken, um sich vor Angreifern effektiv zu schützen.

https://www.heise.de/news/Ethical-Hacking-fuer-Fortgeschrittene-sich-selbst-hacken-bevor-es-andere-tun-10292984.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Are Your Web Apps an Open Door for Hackers?

Imagine spending months perfecting your web app, only to find it leaking data like a sieve. Scary, right? That’s exactly what happens when common security flaws go unchecked.

In LMG Security’s latest blog, @tompohl shares jaw-dropping real-world web application security attack case studies from the field, including:

Command Injection Jackpot – A hidden file upload flaw led to full server control.
API Admin Takeover – An overlooked endpoint allowed attackers to create Super Admin accounts.
Heap Dump Disaster – A debugging tool exposed Active Directory credentials and user tokens
.
Read the full blog to learn how hackers target web apps and how to lock them down: https://www.lmgsecurity.com/common-web-application-security-attacks-real-world-lessons-from-the-field/

#Cybersecurity #Security #ITsecurity
#WebAppSecurity #APISecurity #PenTesting #CISO #WebApp #WebApplication #pentest #penetrationtesting #Infosec #DFIR

Last Call: Proaktive IT-Security mit Pentesting: Ethical Hacking für Admins

In fünf Terminen lernen Admins und IT-Security-Verantwortliche ab dem 10.02., wie sie mit Ethical Hacking Systeme absichern und Schwachstellen aufdecken.

https://www.heise.de/news/Last-Call-Proaktive-IT-Security-mit-Pentesting-Ethical-Hacking-fuer-Admins-10265009.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Proaktive IT-Security mit Pentesting: Ethical Hacking für Admins

In fünf Terminen lernen Admins und IT-Security-Verantwortliche ab dem 10.02., wie sie mit Ethical Hacking Systeme absichern und Schwachstellen aufdecken.

https://www.heise.de/news/Proaktive-IT-Security-mit-Pentesting-Ethical-Hacking-fuer-Admins-10246220.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon