Email Details

Bypass WhatsApp View Once 👀, Malware targets crypto phrase images 🖼️,Flipper Zero 1.0 🦈

WhatsApp introduced “View Once” pictures as a way to prevent users from sharing private pictures. Security researchers have found ways to bypass it 

TLDR

Together With

TLDR Information Security 2024-09-11

Shrink Your Cloud Attack Surface by 90% in a Few Days (Sponsor)

Did you know less than 10% of cloud identities with sensitive cloud permissions actually use them? Sonrai's Cloud Permissions Firewall tackles this head-on, by quickly identifying and quarantining these “zombies” lurking in your AWS environment!

Within days, Cloud Permissions Firewall:

  • Restricts unused sensitive permissions and services
  • Quarantines unused identities
  • Restricts access to specific cloud regions

The best part? Zero disruption to DevOps, and if a quarantined “Zombie” needs to be used later on, simply wake them up with a permissions request through chat tools like Slack. Making requests and approvals quick and painless.

Start your 14-day free trial at sonrai.co/zombie-identities and experience effortless, continuous AWS cloud security.

🔓

Attacks & Vulnerabilities

Payment Gateway Data Breach Affects 1.7 Million Credit Card Owners (2 minute read)

Payment gateway provider SlimCD has disclosed a breach affecting 1.7M individuals. SlimCD reported that in June it detected that a threat actor had breached its network nearly a year previously in August 2023 and took steps to block the access. Stolen information included full names, physical addresses, credit card numbers, and expiration dates, but not CVV numbers.
Bug Lets Anyone Bypass WhatsApp's “View Once” Privacy Feature (3 minute read)

WhatsApp introduced “View Once” pictures as a way to prevent other users from sharing private pictures. Security researchers have found ways to bypass these protections on WhatsApp web. WhatsApp has stated that it is aware of the issue and is rolling out a fix.
SpyAgent Android Malware Steals your Crypto Recovery Phrases from Images (3 minute read)

McAfee detected a new Android malware campaign that uses OCR to steal crypto recovery phrases. The malware also contains the capability to spread via SMS and capture OTPs sent via SMS. McAfee was able to trace back the malware and managed to access the admin panel of the malware operators.
🧠

Strategies & Tactics

Red Reaper: Building an AI Espionage Agent (10 minute read)

Inspired by the I-Soon leaks, these authors decided to build an AI espionage agent called Red Reaper. Red Reaper consists of 3 data science layers and a basic Flask UI. The first layer seeks to identify entities that deal with LAW in the sample email dataset and assign a confidence score to each one. The next layer builds a Neo4j graph and performs some analysis on the graph to identify key communication clusters and individuals. Generative AI is introduced in the last layer to refine the analysis and identify information that could be relevant for espionage, extortion, blackmail, or other criminal activity.
Sanitize your C++ containers: ASan annotations step-by-step (15 minute read)

This post discusses how to use AddressSanitizer(ASan) to detect memory errors in C++ code. Adding ASan annotations to libc++ containers like std::string and std::deque aids in bug detection. The post walks through various examples and code snippets that use ASan to aid in finding memory bugs in C++ code.
Deploying Rust in Existing Firmware Codebases (10 minute read)

This blog post explains how to gradually introduce Rust into existing firmware codebases for improved security. Drop-in Rust replacements for C code can enhance security with minimal effort. By following an incremental approach and addressing specific challenges, you can seamlessly integrate Rust into your firmware development process.
🧑‍💻

Launches & Tools

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE, and AKS (8 minute read)

Orca has released a new tool for testing managed Kubernetes environments. The Kubernetes Testing Environment uses Terraform to deploy a configurable staging environment and runs a configurable set of scans against it. It provides dashboards to visualize the scan results.
Frida 16.5.0 Released (4 minute read)

Frida 16.5.0 contains new features like hardware breakpoints and watchpoints to help locate code accessing specific memory data more easily. The release also brings support for Windows on ARM and other improvements, making Frida even more versatile for developers. This article presents a demo using these new APIs in a game like DOOM, showing how to find and monitor memory locations dynamically.
hookchain (GitHub Repo)

hookchain aims to provide a new perspective on EDR Evasion. Through a precise combination of IAT Hooking techniques, dynamic SSN resolution, and indirect system calls, hookchain redirects the execution flow of Windows subsystems in a way that remains invisible to the vigilant eyes of EDRs that only act on Ntdll.dll without requiring changes to the source code of the applications and malware involved.
🎁

Miscellaneous

Making Sense of the Application Security Product Market (17 minute read)

The AppSec product market is undergoing rapid change as new tooling such as CSPMs and API security tools shift the way teams interact with traditional tools like WAFs and DASTs. ASPMs are arriving to bridge the UI/UX and contextual gaps that exist in AppSec tools across the SDLC but struggle with requiring more integration points than CSPMs. GenAI is emerging as a useful tool that aids in triaging alerts, but it is still lacking in maturity.
Bug Left Some Windows PCs Dangerously Unpatched (3 minute read)

Microsoft has released updates to fix 79 security vulnerabilities in Windows, including an unpatched bug affecting some Windows 10 PCs. One critical bug, CVE-2024-43491, caused the rollback of fixes for certain Windows 10 systems. Two zero-day flaws affecting Microsoft Publisher and Office, CVE-2024-38226 and CVE-2024-38217, were disclosed.
Crimson Palace returns: New Tools, Tactics, and Targets (20 minute read)

The Crimson Palace cyber threat operation has resumed with new tools and tactics to target governments and organizations in South East Asia. This blog post presents various diagrams and timelines showing the details of Crimson Palace's operations. It also discusses the evolution of the malware, as well as efforts to evade detection.

Quick Links

Australia's PM wants social media age restrictions so kids can get offline and have 'real experiences' (3 minute read)

Australia's Prime Minister wants to introduce age restrictions for social media to protect children from harmful content.
Flipper Zero releases Firmware 1.0 after three years of development (2 minute read)

Flipper Zero releases Firmware 1.0 after three years of development, introducing enhanced features like dynamic app loading and improved NFC performance.
The Security Canary Maturity Model (5 minute read)

Canaries are now essential for mature security programs.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!
https://refer.tldr.tech/d8e8dfc2/8
Track your referrals here.

Want to advertise in TLDR? 📰

If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile


If you don't want to receive future editions of TLDR Information Security, please unsubscribe from TLDR Information Security or manage all of your TLDR newsletter subscriptions.

© 2024 Email Dashboard. All rights reserved.