Attacks & Vulnerabilities
|
CMS notifies 946K individuals of third-party data breach (3 minute read)
CMS has reported a data breach affecting over 946,000 Medicare beneficiaries. The breach occurred in May 2023. Hackers exploited a vulnerability in MOVEit software used by WPS, a CMS contractor. Although patched promptly, the vulnerability led to widespread data breaches across multiple sectors before being resolved.
|
New Vo1d malware infects 1.3 million Android TV streaming boxes (2 minute read)
A new malware called Vo1d has infected over 1.3 million Android TV streaming boxes, giving attackers full control. Researchers found the malware in devices across 200 countries, with the highest numbers in Brazil, Morocco, and Pakistan. To protect against this threat, users should update firmware regularly and avoid installing apps from unofficial sources.
|
|
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI (20 minute read)
This blog explains how its authors acquired the expired domain dotmobiregistry.net, formerly used for .MOBI WHOIS queries. They set up a WHOIS server, which received 2.5 million queries from various sources, and discovered that Certificate Authorities were using the server to validate domain ownership for TLS/SSL certificates, potentially compromising the security of the entire .MOBI TLD.
|
Advanced CyberChef Techniques - Defeating Nanocore Obfuscation with Math and Flow Control (7 minute read)
This article walks through the process of deobfuscating a .vbs loader for Nanocore malware. The deobfuscation begins by using a regex to filter out comments in the obfuscated loader. It involves alternatively adding or dividing long decimal numbers with hexadecimal numbers to obtain char codes that are concatenated to form the code. The CyberChef script utilizes reflexes and capture groups to isolate the various components of the obfuscated code followed by Subsections to handle the alternating mathematical operations.
|
Strategies Used by Adversaries to Steal Application Access Tokens (10 minute read)
This blog post is a deep dive into mechanisms for stealing application access tokens and detection and mitigation strategies. It begins by exploring how access tokens are used and provides examples of how to use tools like AADInternals and Peirates along with some examples of how APTs steal tokens. The post then suggests methods for detecting access token compromise in Azure and provides a sample query to run to search for compromise. It provides mitigation techniques such as auditing logs and specific recommendations for ways to restrict web-based content on AWS, GCP, and Azure.
|
|
Spix (Product Launch)
Spix automates advanced attack scenarios, including hallucinations, prompt injections, and off-topic conversations, to help AI security teams identify threats and vulnerabilities before they can be exploited.
|
OpenShield (GitHub Repo)
OpenShield is a transparent proxy that sits between your AI model and the client. It provides rate limiting, content filtering, and keyword filtering for AI models.
|
EDR Artifacts (GitHub Repo)
EDR Artifacts is a catalog of network and host artifacts that are used by various EDR products' response capabilities.
|
|
Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says (3 minute read)
The FBI's annual report reveals that crypto-related cybercrime in the US led to over $5.6 billion in losses last year, with older individuals being targeted the most. Investment scams, promising high returns but stealing money instead, are the main cause of the sharp rise in losses, highlighting the need for reporting such crimes to help combat them. Scammers use trust-building tactics, like fake profits and fake recovery specialists, to deceive victims, emphasizing the need for caution when engaging in cryptocurrency investments.
|
The NSA Launches a New Podcast (2 minute read)
The NSA has announced the launch of its new podcast. Called 'No Such Podcast', the first two episodes will feature declassified stories related to the signals intelligence operations involved in the operation to take down Osama bin Laden. The podcast will run through mid-October, with weekly episodes.
|
Amazon DynamoDB Announces Support for Attribute-Based Access Controls (1 minute read)
Amazon has expanded ABAC support to DynamoDB. This expanded functionality will allow users to configure IAM policies to allow or deny specific conditions when an IAM principal's tags match a DynamoDB table's tags. The feature is in limited preview and access can be requested for accounts in the U.S. East (Virginia and Ohio) and U.S. West (North California) regions.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
|
Track your referrals here.
|
|
Want to advertise in TLDR? 📰
|
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
|
|