TLDR Information Security 2024-02-21

The 7th annual Cloud-Native Security and Usage Report identifies how customers globally are developing, using, and securing cloud-native applications and environments.

The report is based on data from thousands of global accounts and millions of containers scanned by Sysdig’s CNAPP. Among other findings, the data reveals:

• Identity and access neglect - the vast majority of permissions, often granted to applications upon implementation, are never used
• Shift left isn’t there yet - most policy failures are found at runtime
• AI packages are more frequently used for data analysis rather than GenAI

Read more on the Sysdig blog or get the full report.

Over 28,000 internet-facing Microsoft Exchange servers are vulnerable to a recent zero-day that enables pass-the-hash attacks. 68,000 additional servers are possibly vulnerable, totaling up to 97,000 possibly exploitable instances. The 9.8 CVSS privilege escalation flaw stems from Exchange 2019 lacking default NTLM relay protections.

ENEA, a Sweden-based telecom security firm, claims that it has reproduced a previously unknown hack disclosed by the NSO Group that uses an "MMS Fingerprint" attack. This term is new to the industry and was not present anywhere online except in the court case. The attack reveals the target device and OS version through an MMS sent to the device without user interaction, engagement, or message opening.

Enforcers from the US and UK disrupted a ransomware group they say has targeted more than 2,000 victims and taken over $120 million in ransom payments. The NCA and FBI have come up with decryption strategies that they believe could help hundreds of victims globally regain access to systems that were attacked by LockBit.

This post breaks down the different types of remediation platforms. The space is divided into remediation platforms, data platforms, and workflow builders. An emerging category of Code Fixer platforms proposes fixes for vulnerabilities.

This blog presents a succinct overview of the top 3 cybersecurity threats facing individuals and organizations alike, empowering readers to bolster their defenses and safeguard against potential attacks.

A helpful breakdown of the various AWS cryptography services. The services are divided into client-side services, which run in a client’s application, and cryptography services that AWS manages, such as KMS. The post includes a summary of each option that breaks down when you might or might not use it.

Magika is a novel AI-powered file type detection tool that relies on recent advancements in deep learning to provide accurate file type detection. Under the hood, Magika employs a custom, highly optimized Keras model that only weighs about 1MB that enables precise file identification within milliseconds, even when running on a single CPU.

Living Off the False Positive (LoFP) is a new autogenerated collection sourced from popular rule sets. The data is categorized along with ATT&CK techniques, rule source, and data source. This repository can be used by red teams to blend in with false positives or blue teams to assess weak spots across their detections.

Reconic is a network scanning and discovery tool designed to empower cybersecurity professionals and bug hunters in mapping, analyzing, and securing digital infrastructures.

How about a SIEM that saves you $$$, offers real-time log & threat detection, while also monitoring your entire infrastructure (AD, inventory, performance, network monitoring and more)? Make the switch to EventSentry. Compliance & validation scripts enhance your security baseline and help you be proactive. Start your 30-day evaluation instantly.

>> Learn more about the EventSentry approach for a better SIEM

Google has announced a new initiative aimed at fostering the use of artificial intelligence in cybersecurity. Google believes that AI is pivotal for digital security as it has the potential to provide defenders with a definitive advantage over attackers and upend the Defender’s Dilemma.

The Bricks WordPress theme has a critical RCE flaw (CVE-2024-25600, 9.8 CVSS) that is actively being exploited. It impacts Bricks v1.9.6 and below, allowing PHP code execution by unauthenticated attackers.

Signal has released the ability for users to sign up with usernames as a method of hiding their phone numbers. It has also hidden phone numbers by default, allowing users to connect without sharing phone numbers, and added controls to control phone number privacy.

Users on Mastodon reported experiencing a massive spam attack in which newly registered accounts were used to spam users in Japanese.

Developed by the OWASP Top 10 for LLM Applications team, this checklist is a valuable resource for leaders in technology, cybersecurity, privacy, compliance, and legal to strategize and secure their AI initiatives effectively.

A collection of SOC Interview Questions maintained by LetsDefend for job seekers to practice.