Email Details

Zimbra RCE ✉️, Hacking Misconfigured R2 Buckets 🪣, Android Cellular Security📶

Zimbra has disclosed a new RCE vulnerability in its SMTP server. There have been attacks since September 28 attempting to exploit this vulnerability 

TLDR

Together With

TLDR Information Security 2024-10-04

The strategy-to-tactics GRC implementation guide (Sponsor)

The information security landscape is constantly changing, which is why it's important to have a scalable and secure strategy that evolves alongside it. Vanta's GRC implementation guide can provide your organization with a structured, proactive approach to managing its IT security that helps your business meet its goals.

Learn how to implement a scalable GRC framework with this tactical guide. Here's what's inside:

  • Overview of GRC strategy.
  • The three components that make up a GRC framework.
  • The steps needed to implement GRC for your organization. 

Download the guide

🔓

Attacks & Vulnerabilities

Zimbra RCE Vulnerability Under Attack (3 minute read)

Zimbra has disclosed a new RCE vulnerability in its SMTP server. The vulnerability arises from improper sanitation, which can lead to a maliciously crafted CC line being executed as shell commands by the server. Researchers at Proofpoint report that there have been attacks since September 28 attempting to exploit this vulnerability and urge immediate patching.
New Linux Malware ‘Perfctl' Targets Millions by Mimicking System Files (3 minute read)

A new Linux malware called Perfctl is targeting millions worldwide by mimicking system files to avoid detection. This sophisticated malware compromises Linux servers for cryptomining and resource hijacking, using rootkit and evasion techniques to hide its presence. To protect your Linux systems, update regularly, conduct vulnerability assessments, and use security tools like firewalls.
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug (3 minute read)

Over 4,000 Adobe Commerce and Magento e-stores were hacked due to a critical vulnerability, CosmicSting (CVE-2024-34102), which allows attackers to execute arbitrary code. The attacks have impacted major organizations and resulted in the installation of payment skimmers on victim stores. Merchants are urged to update their systems immediately to protect against these exploits.
🧠

Strategies & Tactics

Opaque Predicates and How to Hunt Them (8 minute read)

Opaque predicates are a conditional expression that the programmer knows the answer to but chooses to check anyway. They can be utilized to obscure the control flow for anti-reversing. This post utilizes the MIASM Python library to create an IDA Pro plugin to detect and patch unreachable blocks. The plugin utilizes the Symbolic Execution engine to detect opaque predicates and then patches them with NOPs.
Hacking Misconfigured Cloudflare R2 Buckets: A Complete Guide (6 minute read)

This blog post discusses how to hack Cloudflare R2 buckets to discover sensitive files. Begin by utilizing Google dorking and examining HTTP requests to discover R2 buckets. Exploitation can then be done via abusing missing or improper authorization checks or finding exposed R2.dev buckets.
How to Intercept Data Exfiltrated by Malware via Telegram and Discord (9 minute read)

This blog post explains how to gather information on threat actors, using Telegram API to identify them and attribute malware samples. It demonstrates steps to intercept data exfiltrated by malware through Telegram and Discord, including obtaining bot tokens, chat IDs, and forwarding messages for analysis. The post provides scripts and examples for interacting with Telegram bots and Discord webhooks to monitor and analyze malware activities in real time.
🧑‍💻

Launches & Tools

Find an affordable online degree in information security (Sponsor)

You don't have to put your career on hold to get a high quality education. With 100% online classes, and six 8-week terms a year, SNHU offers the flexibility you need to take the next step. Find your InfoSec degree today (US based students only)
Supernova (GitHub Repo)

Supernova is a tool for advanced encryption and obfuscation of raw shell code.
Ax (GitHub Repo)

Ax is a framework that utilizes packer files to prepare base images to deploy across multiple cloud providers for penetration testing or bug bounty hunting.
Lambda Watchdog (Website)

Lambda Watchdog continuously scans Lambda images for vulnerabilities.
🎁

Miscellaneous

Android 14 Adds New Security Features to Block 2G Exploits and Baseband Attacks (3 minute read)

Google has added new security features to its latest Pixel devices to protect against baseband security attacks. These attacks exploit vulnerabilities in cellular baseband software to compromise device security. The new Android 14 update also includes measures to prevent unauthorized network connections and alert users to potential surveillance threats.
You might want to check your Bank of America account: clients reporting $0 balance (2 minute read)

Bank of America customers nationwide faced an outage with $0 balances in their accounts, causing widespread concern. Over 19,000 people reported the issue, which mainly affected online and mobile banking services. Despite technical problems, Bank of America assures that the issues have been largely resolved.
Differential fuzzing for cryptography (13 minute read)

Differential fuzzing uses multiple implementations to compare outputs for finding bugs like logic errors and incorrect computations, beyond just memory bugs and crashes. LibAFL is a tool that helps with custom input generation for differential fuzzing, allowing for more efficient bug discovery in cryptographic implementations. The quality of input generation and harness design is crucial for a successful fuzzing campaign, highlighting the importance of testing edge cases while restricting the test range to what the target can handle.

Quick Links

Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps (2 minute read)

Cloudflare successfully blocked the largest recorded DDoS attack, which reached 3.8 terabits per second.
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa (2 minute read)

INTERPOL arrested eight people in West Africa for phishing and romance fraud involving Swiss citizens that led to $1.4 million in losses.
Pig Butchering: Fake Trading Apps Target Crypto on Apple, Google Play Stores (3 minute read)

Fake trading apps targeting crypto investors on Apple and Google Play Stores have been discovered.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!
https://refer.tldr.tech/d8e8dfc2/8
Track your referrals here.

Want to advertise in TLDR? 📰

If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile


If you don't want to receive future editions of TLDR Information Security, please unsubscribe from TLDR Information Security or manage all of your TLDR newsletter subscriptions.

© 2024 Email Dashboard. All rights reserved.