TLDR Information Security 2024-02-21

Lockbit rewired to expose hackers ๐Ÿ”, Cloud Cryptography Demystified ๐Ÿ’ญ, OWASP Top 10 for LLMs ๐Ÿฆพ

Attacks & Vulnerabilities

Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers (3 minute read)

Over 28,000 internet-facing Microsoft Exchange servers are vulnerable to a recent zero-day that enables pass-the-hash attacks. 68,000 additional servers are possibly vulnerable, totaling up to 97,000 possibly exploitable instances. The 9.8 CVSS privilege escalation flaw stems from Exchange 2019 lacking default NTLM relay protections.

Dusting off Old Fingerprints: NSO Groupโ€™s Unknown MMS Hack (9 minute read)

ENEA, a Sweden-based telecom security firm, claims that it has reproduced a previously unknown hack disclosed by the NSO Group that uses an "MMS Fingerprint" attack. This term is new to the industry and was not present anywhere online except in the court case. The attack reveals the target device and OS version through an MMS sent to the device without user interaction, engagement, or message opening.

Seized ransomware network LockBit rewired to expose hackers to world (2 minute read)

Enforcers from the US and UK disrupted a ransomware group they say has targeted more than 2,000 victims and taken over $120 million in ransom payments. The NCA and FBI have come up with decryption strategies that they believe could help hundreds of victims globally regain access to systems that were attacked by LockBit.
Strategies & Tactics

The Three Types of Remediation Platforms (4 minute read)

This post breaks down the different types of remediation platforms. The space is divided into remediation platforms, data platforms, and workflow builders. An emerging category of Code Fixer platforms proposes fixes for vulnerabilities.

Top 3 Prominent Cybercrimes and their Effective Prevention Strategies - a succinct Overview (6 minute read)

This blog presents a succinct overview of the top 3 cybersecurity threats facing individuals and organizations alike, empowering readers to bolster their defenses and safeguard against potential attacks.

Cloud Cryptography Demystified: AWS (7 minute read)

A helpful breakdown of the various AWS cryptography services. The services are divided into client-side services, which run in a clientโ€™s application, and cryptography services that AWS manages, such as KMS. The post includes a summary of each option that breaks down when you might or might not use it.
Launches & Tools

Magika (GitHub Repo)

Magika is a novel AI-powered file type detection tool that relies on recent advancements in deep learning to provide accurate file type detection. Under the hood, Magika employs a custom, highly optimized Keras model that only weighs about 1MB that enables precise file identification within milliseconds, even when running on a single CPU.

Living Off the False Positive (2 minute read)

Living Off the False Positive (LoFP) is a new autogenerated collection sourced from popular rule sets. The data is categorized along with ATT&CK techniques, rule source, and data source. This repository can be used by red teams to blend in with false positives or blue teams to assess weak spots across their detections.

Reconic (GitHub Repo)

Reconic is a network scanning and discovery tool designed to empower cybersecurity professionals and bug hunters in mapping, analyzing, and securing digital infrastructures.

Google launches AI Cyber Defense to improve cybersecurity (5 minute read)

Google has announced a new initiative aimed at fostering the use of artificial intelligence in cybersecurity. Google believes that AI is pivotal for digital security as it has the potential to provide defenders with a definitive advantage over attackers and upend the Defenderโ€™s Dilemma.

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites (2 minute read)

The Bricks WordPress theme has a critical RCE flaw (CVE-2024-25600, 9.8 CVSS) that is actively being exploited. It impacts Bricks v1.9.6 and below, allowing PHP code execution by unauthenticated attackers.

Keep Your Phone Number Private with Signal Usernames (4 minute read)

Signal has released the ability for users to sign up with usernames as a method of hiding their phone numbers. It has also hidden phone numbers by default, allowing users to connect without sharing phone numbers, and added controls to control phone number privacy.
Quick Links

Mastodon Suffered a Spam Attack (GitHub Discussion)

Users on Mastodon reported experiencing a massive spam attack in which newly registered accounts were used to spam users in Japanese.

OWASP Top 10 for Large Language Model Applications (30 minute read)

Developed by the OWASP Top 10 for LLM Applications team, this checklist is a valuable resource for leaders in technology, cybersecurity, privacy, compliance, and legal to strategize and secure their AI initiatives effectively.

SOC Interview Questions (GitHub Repo)

A collection of SOC Interview Questions maintained by LetsDefend for job seekers to practice.
Curated news ๐Ÿ“ฐ, research ๐Ÿง‘โ€๐Ÿ”ฌ, and tools ๐Ÿ”’ for information security professionals
Join 300,000 readers for