Attacks & Vulnerabilities
|
Fake Password Manager Coding Test Used to Hack Python Developers (2 minute read)
The North Korean Lazarus hacking group launched a campaign where it approached Python developers with a coding interview challenge. The candidates were tasked with finding and fixing bugs in a password manager application that pulled in two malicious PyPi packages that executed an obfuscated C2 payload in their __init__.py. Candidates were rushed to complete the assignment due to tight deadlines listed in the README file that may have led to them skipping some security checks.
|
GAZEploit Could Work Out Vision Pro User Passwords from Watching their Avatar (3 minute read)
Researchers have developed a new exploit, dubbed GAZEploit, that uses a neural network to detect Vision Pro users' passwords based on the eye movements reflected in their avatars' faces when the on-screen keyboard is pulled up. The researchers managed to achieve an 85.9% precision rate and 96.8% recall rate in their test of 30 users. Apple has fixed this vulnerability by disabling avatars while the virtual keyboard is pulled up.
|
|
Evil MSI. A Story About Vulnerabilities in MSI Files (9 minute read)
This post provides a primer on finding vulnerabilities in MSI files. It begins with an overview of the MSI file format and details the tables that may be relevant. It then covers ways to enumerate MSI files and common attack vectors such as abandoned credentials, custom actions, and GUI escapes. The post also provides examples of utilizing tools to automate the procedure as well as a tool that they wrote.
|
Offensive AI Agents: A Timeline of My Research (3 minute read)
Jeff Sims, a frontier AI/ML cyber researcher, shares a timeline of his research on offensive AI agents, including BlackMamba, EyeSpy, and Red Reaper. These AI systems demonstrate the potential for adversarial use of AI technology and the need for awareness in the field. Sims' research focuses on developing advanced offensive AI agents capable of self-training and targeting other AI systems.
|
SSH Keystroke Obfuscation Bypass (11 minute read)
OpenSSH 9.5 added keystroke timing obfuscation to prevent traffic analysis attacks. The feature hides keystroke timings and floods chaff packets to obscure real keystrokes. This blog post walks through how analyzing packet sizes can reveal keystrokes and their types, aiding in traffic analysis.
|
|
Introducing Sigmalite. RunReveal's open source sigma rule evaluator for detection (6 minute read)
RunReveal has released Sigmalite, an open-source sigma rule evaluator for detection, under the Apache 2.0 license for stream processing. Sigmalite allows security teams to use sigma rules for detections outside of their SIEM, providing flexibility in log processing and detection. By integrating Sigmalite into its pipeline, RunReveal aims to offer customers the ability to easily create, validate, and run sigma detections for better log management and correlation.
|
Simplify SBOM Management for Developers: Introducing Bomctl (3 minute read)
Bomctl is a new tool within OpenSSF that helps manage Software Bill of Materials (SBOMs) for developers. It aims to simplify handling SBOM documents by providing a command-line interface for retrieving, storing, and manipulating component information. Bomctl supports complex SBOM operations and aims to facilitate integration with existing SBOM tooling ecosystems.
|
bountyhunter (GitHub Repo)
The Bounty Hunter plugin for Caldera enhances emulation by simulating realistic cyberattack chains. Existing tools that automate assessments can be limited and predictable. bountyhunter uses real-world attacker tactics to emulate realistic scenarios.
|
|
Port of Seattle hit by Rhysida ransomware in August attack (2 minute read)
The Port of Seattle was attacked by Rhysida ransomware, causing disruptions to critical systems like reservation check-in and flight delays. The ransomware gang demanded payment, but the Port refused, choosing to restore affected systems instead. Rhysida is known for targeting various industries and has been linked to attacks on healthcare organizations and other high-profile targets.
|
A new path for Kyber on the web (2 minute read)
Google is making changes to Chrome to switch from supporting the Kyber algorithm to the new ML-KEM algorithm for post-quantum key exchange. The switch is necessary due to the standardization of ML-KEM and incompatibility with the previous version of Kyber. Server operators can temporarily support both algorithms to maintain post-quantum security while clients update their implementations.
|
Acquiring Malicious Browser Extension Samples on a Shoestring Budget (10 minute read)
The blog post explains how to acquire and decrypt samples of a malicious browser extension using free resources and simple cryptanalysis techniques. By leveraging services like urlscan, the author was able to identify potentially malicious domains and scripts used by the malware. The analysis revealed active and potentially harmful domains, highlighting the importance of monitoring and detecting malicious activities online.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
| Track your referrals here. |
|
Want to advertise in TLDR? 📰
|
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
|
|