Attacks & Vulnerabilities
|
This Windows PowerShell Phish Has Scary Potential (4 minute read)
This post reports on a new phishing campaign that is targeting GitHub project maintainers with a phishing email that instructs them to click through to a site to view a vulnerability report on their repository. This site then prompts them to copy and paste a command that downloads the Lumma Stealer malware into the Windows Run dialog. While many technical people would likely not fall for this phish, the tactics could be employed in non-technical contexts with more success.
|
Global Infostealer Malware Operation Targets Crypto Users, Gamers (2 minute read)
Recorded Future's Insikt Group is tracking a massive infostealer campaign with over 50 different variants. The campaign is targeting high-value targets in the crypto and gaming communities by spear phishing attacks impersonating job opportunities or collaborations to distribute malware. It is very sophisticated and utilizes a variety of different payloads depending on the OS of the target.
|
Police Broke Tor Anonymity to Arrest Dark Web Users in Major CSAM Bust (4 minute read)
German authorities dismantled a Dark Web platform for child sexual abuse material in 2021 by identifying Tor users, raising concerns about Tor's privacy. The platform, Boystown, had over 400,000 users and hosted severe abuse content, leading to arrests and a significant blow to illegal dark web activity. Experts suggest outdated software and increased scrutiny of Tor nodes played a role, emphasizing the need for users to enhance their browser security.
|
|
Methodology for Incident Response on Generative AI Workloads (5 minute read)
AWS' Incident Response team has released guidance for investigating incidents on Generative AI workloads in AWS. The post begins by discussing the steps that can be taken before an incident to train users, set up logging, and create playbooks. It then details how to investigate each component of a workload such as the infrastructure changes, AI settings changes, access changes, private data changes, and invocation logs. The post concludes with a sample scenario.
|
Scorecarding Security (8 minute read)
Security teams should introduce security scorecards to scale security beyond security champions or dedicated teams. They should also take care to establish partnerships with teams, improve the UX of security scorecards, go beyond vulnerability management, and allow room for risk acceptance. This post presents several case studies of organizations that have implemented and publicly discussed security scorecards.
|
A Journey From sudo iptables To Local Privilege Escalation (11 minute read)
This blog post demonstrates how a low-privileged user on a Linux machine can gain root privileges by manipulating iptables and iptables-save through sudo, potentially leading to local privilege escalation. Leveraging sudo commands with NOPASSWD privileges or combining sudo with tools like tcpdump can allow for executing arbitrary commands as root. By exploiting the functionalities of iptables and iptables-save, an attacker can craft a root entry in /etc/passwd and escalate privileges to root on the system.
|
|
Merklemap-CLI (GitHub Repo)
Merklemap-CLI is a tool to search and enumerate subdomains matching a given query and tail live subdomain discoveries from the Merklemap pipeline.
|
zipslipper (GitHub Repo)
zipslipper is a tool that can create tar/zip archives that try to exploit the zipslip vulnerability.
|
|
Redefining Security Coverage for Python with Framework Native Analysis (4 minute read)
SAST tools often struggle to detect vulnerabilities and follow control flow across complex frameworks or libraries. To address this, Semgrep Pro has added framework-aware analysis, global object tracking, and prebuilt rules for Django, Flask, FastAPI, and other major libraries. Semgrep's testing resulted in an 84% true positive rate on ~1,000 findings across 192 repositories containing ~20M lines of code.
|
The Cloud is Darker and More Full of Terrors (10 minute read)
Chris Farris, an expert on cloud security, writes a scathing condemnation of the state of cloud security. Farris begins the post by detailing many major cloud security incidents from Code Spaces to CrowdStrike. He divides these incidents into those that were caused by blatant customer failures such as not disabling access of terminated employees, not storing backups, and not enabling security features, and those incidents that were caused by blatant cloud provider failures such as Snowflake not enforcing MFA. Farris argues that we must demand more security guardrails and baseline features from cloud providers.
|
AWS Private CA Now Supports SCEP for Mobile Devices (2 minute read)
AWS Private CA has added SCEP support at no additional cost. SCEP is a protocol that is adopted by MDM solutions to obtain digital identities from a CA. This allows organizations that use an MDM provider to utilize their cloud CA for SCEP instead of needing to manage a separate CA for it.
|
|
Love TLDR? Tell your friends and get rewards!
|
Share your referral link below with friends to get free TLDR swag!
|
|
Track your referrals here.
|
Want to advertise in TLDR? 📰
|
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
|
|