Attacks & Vulnerabilities
|
T-Mobile Pays 31.5M in FCC Settlement Over 4 Data Breaches (2 minute read)
The FCC has announced a settlement with T-Mobile over a string of data breaches that impacted customers from 2021 to 2023. Half of the settlement will be used for cybersecurity enhancements and the other half will be paid to the U.S. Treasury as a penalty. T-Mobile has committed to introducing modern security practices such as zero trust and MFA as part of the settlement.
|
Rackspace Internal Monitoring Web Servers Hit With 0-Day (3 minute read)
Rackspace suffered a breach on its internal monitoring dashboard that resulted in the company needing to take it offline briefly. Rackspace has stated that only the monitoring dashboards were affected, not monitoring and alerting systems generally, and that only a limited amount of data was accessed. The attackers monitoring information that was available to the attackers included customer account name and numbers, customer usernames, internally generated device names IDs, name and device info, and encrypted internal device credentials. Rackspace says that the breach was caused by an RCE 0-day in a third party system.
|
AFP News Agency's Content Delivery Systems Hit by Cyberattack (2 minute read)
AFP News Agency's content delivery systems were hit by a cyberattack, disrupting its ability to distribute news to clients. Despite the attack, AFP's news reporting remains uninterrupted, with technical teams working to restore full services and secure compromised credentials. The incident highlights ongoing concerns about cybersecurity in France. Experts are investigating the attack and urging partners to enhance security measures.
|
|
Securing Your Contingent Workers With Zero Trust (11 minute read)
BPOs are often utilized to provide a large group of contractors for outsourcing certain tasks like customer service. Onboarding BPOs can be complicated in a zero-trust environment as zero-trust tools often rely on managed devices, but providing managed hardware to a BPO can prove prohibitively expensive. This post provides a number of options that can be considered. Cloud jump boxes, isolated browsers, managed devices, and managed VMs all provide methods of accessing resources in a way that can still tie into an organization's standard zero-trust procedures. If these solutions are impractical, an organization could consider using posture-based exclusions or implementing exclusions to still allow BPOs to access a limited set of data.
|
Simplifying XSS Detection With Nuclei - A New Approach (4 minute read)
Traditionally, XSS vulnerabilities are difficult to detect with tools like Nuclei as the tester needs to write a complex set of matchers to check if the payload is reflected in the response. Nuclei headless mode allows testers to configure templates to mimic real user actions on a webpage. When combined with the waitdialog action, a template can be instructed to wait for a dialog box and a matcher can be configured to check if the expected message appears in the dialog. This also enhances accuracy as in the traditional method there's no way to ensure that the script was triggered.
|
Securing the software supply chain with the SLSA framework (7 minute read)
This post discusses how the SLSA framework can enhance software supply chain security by providing a standard for verifying the creation process of open-source software artifacts. The standard offers different compliance levels, with Level 3 providing the highest security through rigorous build platform hardening. Adoption of SLSA can help prevent attacks on build and distribution processes, but integrating the framework into package distribution tools is crucial for maximizing its benefits.
|
|
Segugio (GitHub Repo)
Segugio is a DFIR tool that extracts IoCs from malware by tracking the critical steps in the malware detonation process.
|
WhoYouCalling (GitHub Repo)
WhoYouCalling monitors network activity of processes and creates .pcap files automatically. It simplifies process network monitoring by recording TCP/IP activities and DNS requests. The tool can be used to start and monitor executables, generating detailed reports for analysis.
|
Dragos Acquires Network Perception to Boost Visibility (2 minute read)
Dragos has acquired Network Perception, a company specializing in network visibility solutions for OT networks. The acquisition will enhance Dragos' platform by improving network visibility, segmentation, and compliance capabilities. Network Perception's NP-View product helps security teams identify and address risks in OT environments through network topology mapping and firewall rule evaluations.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
| Track your referrals here. |
|
Want to advertise in TLDR? π°
|
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
|
|