Attacks & Vulnerabilities
Yara Threat Detection Lab (6 minute read)
This article covers how to identify file IoCs and create YARA rules to detect malicious activity using tools like yarGen and Arya for generation and testing. Developing YARA skills is critical for security roles to detect and mitigate threats. YARA allows creating customized rules matching an organization's needs to classify malware based on signatures.
KMS Key Policy Privilege Escalation (5 minute read)
This post presents an attack chain that could allow an AWS Administrator to override a KMS key policy that was restricted to only a specific identity. In this attack scenario, one admin can lock down a KMS key to their specific use, but another admin can bypass these restrictions by deleting the first admin’s IAM user, changing the contact on the AWS account, and then opening a ticket with AWS support to recover the key. As no identity will be able to access the key, AWS support will then contact the new phone number to verify the request and facilitate the reset. The post ends with some potential mitigations.
Shellcode evasion using WebAssembly and Rust (5 minute read)
Meterpreter and its helper PEs are easily detected by antivirus programs due to their age and widespread use. This can be overcome by leveraging WebAssembly, a low-level assembly-like language that can be run in web browsers and written in multiple backend languages. This article provides code examples in Rust and explains how to compile Rust to Wasm.
US agency declares AI cloned voice robocalls illegal (3 minute read)
The FCC has officially banned robocalls using AI-generated voices, deeming them "artificial" and illegal under existing laws like the Telephone Consumer Protection Act. While fake AI celebrity calls will likely still plague phones, this makes it clear that such scams violate robocall prohibitions.
Cybercrime duo accused of picking $2.5M from Apple's orchard (4 minute read)
Apple was likely defrauded of a total of $2.6M in gift cards/hardware by hackers Noah Roskin-Frazee and Keith Latteri via an Apple contractor. Though unnamed in the case, the victim matches Apple's description and location. The duo allegedly stole and resold items, cashing in on the theft from Apple and its customer support contractor.
Surge in deepfake “Face Swap” attacks puts remote identity verification at risk (2 minute read)
A new report by biometric firm iProov shows that deepfake "face swap" attacks have increased by 704% from the first to the second half of 2023. Fraudsters are using off-the-shelf tools to create manipulated images and videos, making it easier to create convincing deepfakes. These deepfakes can trick remote identity verification systems into believing that the subject's "liveness" is real.