Attacks & Vulnerabilities
|
New RAMBO attack steals data using RAM in air-gapped computers (3 minute read)
A new attack called RAMBO can steal data from highly secure air-gapped computers by using electromagnetic radiation emitted from the computer's RAM. This attack allows data transfer rates of up to 1,000 bits per second, making it suitable for stealing small amounts of data like text, keystrokes, and small files. Mitigation strategies such as zone restrictions and RAM jamming can help defend against the RAMBO attack, but they come with additional complexities.
|
Lowe's Employees Phished via Google Ads (3 minute read)
Malwarebytes detected a phishing campaign targeting Lowe's employees by masquerading as the Lowe's benefits portal. The attackers registered domains to common typos of MyLowesLife and bought Google Ads to have them show up in search results for MyLowesLife. The bogus domains were then used to steal login credentials from employees.
|
Car rental company Avis discloses a data breach (2 minute read)
Avis, a car rental company, experienced a data breach in August that compromised customers' personal information. The breach occurred between August 3 and August 6 but was discovered on August 14. Avis is advising impacted customers to monitor their accounts for fraudulent activities and is offering free credit monitoring services.
|
|
What you should know about PHP code security (8 minute read)
This blog dives into PHP security. Due to its popularity and wide usage, PHP is often a target for hackers and malicious entities. Security vulnerabilities can creep in due to various reasons, such as poor coding practices, lack of sanitization of user inputs, and outdated versions.
|
Learning Rust for fun and backdoo-rs (10 minute read)
Rust, a modern systems programming language that offers C/C++ performance without their pitfalls, is growing in popularity. This author shares their journey of learning Rust in 2024, highlighting the abundance of learning resources available and his personal recommendations.
|
|
Redflags (Product Launch)
Redflags is a platform designed to increase secure behavior through the concept of ‘nudging'. By nudging users, they practice ‘good' behavior beyond simply acknowledging poor behavior and bad intent.
|
|
Hard Truths your CISO won't tell you (6 minute read)
Slides from Travis McPeak's off the record BlackHat campfire talk. McPeak shares some unfortunate realities of security in a business context, security organizations, and security practices. He closes with a set of good news such as the community being strong, the industry maturing, and that developers are looking to work with security.
|
What's the Worst Place to Leave Your Secrets? (10 minute read)
A researcher deployed canary tokens to a variety of different locations to measure how quickly attackers would find them and attempt to use them on AWS. Tokens deployed to package managers (npm and PyPi) and GitHub were accessed within minutes whereas Pastebin, a web server, and a Docker container took longer. Tokens deployed to GitLab, BitBucket, S3, GCP Cloud Storage, and a (weak) password-protected Pastebin were never accessed, suggesting that attackers are not actively monitoring these resources.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
| Track your referrals here. |
|
Want to advertise in TLDR? 📰
|
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
|
|