TLDR Information Security 2024-02-12

Fake LastPass App spotted in Apple App Store 🎭, Supply Chain Vulnerability in Bazel πŸ› οΈ, Infiltrating Attacker Telegram Bots πŸ€–

Attacks & Vulnerabilities

Phishception - SendGrid is Abused to Host Phishing Attacks Impersonating Itself (7 minute read)

Netcraft has spotted a new phishing campaign that uses compromised SendGrid accounts to phish for new accounts by emailing users that their account had a payment error or other similar issues. The email is sent from a SendGrid account and uses SendGrid’s tracking links to mask the destination. Users are directed to a JsPen link that obfuscates a script tag which loads a JS file from Azure Front Door that is an obfuscated clone of the SendGrid login page.

Juniper Support Portal Exposed Customer Device Info (3 minute read)

The support website for Juniper Networks, a networking equipment vendor, was exposing sensitive customer information including device details, warranty status, service contracts, and serial numbers. The data exposure was the result of a recent upgrade to the support portal. Juniper has since fixed the problem and stated that no identifiable or personal customer data was exposed.

Fake LastPass Password Manager Spotted on Apple’s App Store (3 minute read)

A fake clone of LastPass called LassPass was listed on the Apple App Store. Malicious clones like this rarely make it through Apple’s review process. Apple has confirmed that it has since been removed.
Strategies & Tactics

Cycode Discovers a Supply Chain Vulnerability in Bazel (9 minute read)

A blog post from Cycode detailing a supply chain vulnerability that it discovered in Bazel. The post begins with an overview of GitHub Custom Actions and then details how Cycode leveraged a custom action in Bazel to achieve remote code execution. The Bazel project included a custom action that passed the user-controlled issue body directly to a bash shell in the GitHub runner which was vulnerable to command injection.

How We Were Able to Infiltrate Attacker Telegram Bots (5 minute read)

A post from Checkmarx on a technique that it discovered to intercept messages from malicious Telegram bots that attackers utilize for info-stealing operations. Checkmarx's team extracted the bot details from a malicious package. They then utilized the /getUpdates endpoint to retrieve details of a specific message or all messages by looping through message IDs. The post also details two methods for redirecting messages when an attacker utilizes a webhook.

Secure Authentication and Authorisation in React Native (6 minute read)

This article focuses on overlooked authentication and authorization mechanisms in mobile app front ends.
Launches & Tools

StunCheck (GitHub Repo)

StunCheck is a set of tools for scanning, testing, and exploiting STUN and TURN servers.

Jira-Lens (GitHub Repo)

Jira-Lens is a fast and customizable Python-based vulnerability scanner for Jira. Jira-Lens performs 25+ checks for vulnerabilities against target Jira servers.

MetaRadar (GitHub Repo)

This app is a tool for analyzing Bluetooth (BLE) environments. It scans for BLE devices in the background, notifying you if the device you are looking for is near you or if some unknown device has been following you for a long time.

Raspberry Robin Keeps Riding The Wave Of Endless 1-Days (10 minute read)

Raspberry Robin operators are utilizing fresh 1-day exploits for privilege escalation, suggesting the team has access to exploit sellers or in-house development. The rapidly evolving QNAP malware acts as an initial access vector for payloads like ransomware.

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group (6 minute read)

RustDoor is a new backdoor that has been targeting Apple macOS since November 2023, masquerading as a Visual Studio update. It has Intel and Arm versions and unknown initial access. RustDoor is being actively developed. It can gather/upload files and system info to its C2 server.

BGPWatch β€” A comprehensive platform for detecting and diagnosing hijacking incidents (7 minute read)

BGPWatch is a comprehensive platform built by APNIC for detecting and diagnosing hijacking incidents in BGP routing. It allows users to browse, view, and search for hijack events in real time, providing detailed information about each event. BGPWatch offers routing path analysis and subscription services for operators to monitor via email.
Quick Links

Google to pay $350 million to settle shareholders' data privacy lawsuit (3 minute read)

Google has agreed to pay $350 million to settle a shareholder lawsuit related to a 2018 Google+ bug exposing private data associated with as many as 500,000 accounts.

Cyber Security Funding Insights Q4 2023: Soft landing for the economy, a bit bumpier for startups (10 minute read)

$89 billion was invested across approximately 6,400 deals in Q4 2023, the lowest figure in the past five years.

QR Codes - What’s the Real Risk? (3 minute read)

The National Cyber Security Centre has provided an overview of the threats involved in scanning QR codes and prescriptive guidance for evaluating QR code safety.
Curated news πŸ“°, research πŸ§‘β€πŸ”¬, and tools πŸ”’ for information security professionals
Join 300,000 readers for