Attacks & Vulnerabilities
|
Revival Hijack Supply-Chain Attack Threatens 22k PyPi Packages (2 minute read)
JFrog has detected a new attack, dubbed Revival Hijack, where attackers register a package under the name of a previously deleted package. 22k packages are vulnerable to this attack because PyPi makes package names available immediately upon deletion. JFrog took action to mitigate this vulnerability by registering packages under the name of more popular vulnerable projects.
|
|
A Security Analysis of Azure DevOps Job Execution (15 minute read)
Azure DevOps is a key tool in CI/CD practices - particularly its Azure Pipelines feature for automating code building and testing. This post explores the server-side processes when pipelines are triggered, focusing on potential security risks and the importance of protecting against unauthorized access and data breaches in modern development workflows.
|
Threat Modeling Automation: Opportunities, Challenges, and the Role of AI (8 minute read)
Traditional threat modeling struggles with scalability due to needing dedicated security resources as well as engineering resources to understand both the security aspects and application components. Recent innovations in the threat modeling process are meant to integrate threat modeling throughout the SDLC as well as offering tools for diagramming or threat models as code. With the advent of LLMs, it could be possible to generate threat models directly from source code. Current efforts such as STRIDE GPT can generate threat models from a natural language description.
|
Avoiding Security Incidents Due to Request Coalescing (4 minute read)
Web caching is often utilized to speed up costly calculations or decrease response times by maintaining a copy of data closer to users. Request coalescing is when Amazon CloudFront is used as a CDN and sees requests for the same cache key come in simultaneously and the CDN waits for the first response to be cached and then uses the cached copy for the following responses. Wiz found an unexpected behavior where Amazon CloudFront was ignoring the Cache-Control: no-cache header and sending sensitive cached content to users via request coalescing. To prevent this behavior, users must configure the managed cache policy CachingDisabled for those cache keys or set the minimum TTL for the cache behavior to 0 AND configure the origin to send the Cache-Control: no-cache header.
|
|
Wush (GitHub Repo)
Wush is a command line tool that allows for transferring files and opening shells over peer-to-peer WireGuard connections. It is built on top of Tailscale's tsnet package and utilizes Tailscale's public DERP relays, but does not require a Tailscale account.
|
Acuvity (Product Launch)
Acuvity helps adopt AI platforms through a governance platform to detect and monitor employee interactions and helps companies develop secure in-house AI Applications.
|
SUASS (GitHub Repo)
The Secure ur Ass By Learning Cybersecurity repository is a comprehensive resource for cybersecurity professionals, students, beginners, and anyone interested in the field of cybersecurity. It contains a wide range of cybersecurity study materials to help students enhance their knowledge and skills.
|
|
Announcing AWS KMS ECDH Support (5 minute read)
AWS has announced support in KMS for asymmetric keys using ECDH. Each party generates a key using the same key spec and selects KEY_AGGREEMENT for the usage. The parties then retrieve and exchange their public key from KMS. Each party can then utilize the other party's public key and their KEY_AGREEMENT key to call the new DeriveSharedSecret API to derive an asymmetric key that can be utilized for secure communication. This post provides a walkthrough for a sample use case of end-to-end encryption using the new DeriveSharedSecret API.
|
AWS Network Firewall Introduces GeoIP Filtering (2 minute read)
AWS Network Firewall has introduced GeoIP-based filtering for ingress to and egress from a VPC. GeoIP filtering allows for the creation of firewall rules that target a country as opposed to previously where users needed to maintain an IP list for each country.
|
|
Love TLDR? Tell your friends and get rewards!
|
Share your referral link below with friends to get free TLDR swag!
|
|
Track your referrals here.
|
Want to advertise in TLDR? π°
|
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
|
|