TLDR Information Security 2024-03-29

PyPI, the main Python Package Index repository, temporarily halted new project creation and user registration due to a continuous attack of malicious package uploads designed to infect devices through typosquatting techniques. After a 10-hour suspension, PyPI restored normal operations as it had addressed the security concerns.

Nvidia's ChatRTX AI chatbot was found to have severe security vulnerabilities in versions 0.2 and prior, including cross-site scripting and improper privilege management attacks. Nvidia has addressed these issues in the latest iteration of ChatRTX 0.2.

The multiplatform backdoor, DinodasRAT, has been spotted infecting Linux machines in several attacks in China, Turkey, Taiwan, and Uzbekistan. The malware, also known as XDealer, is an infostealer and backdoor. It establishes persistence by using SystemV or SystemD startup scripts.

Installer Scripts are valuable targets for attackers as they give processes and their children access to areas in the system that are protected by System Integrity Protection. This article details how vulnerabilities have bypassed these protections in the past. It provides an in-depth look at PackageKit, which is designed to eliminate this full class of vulnerabilities.

The MOBOX decentralized lending protocol was attacked on March 14, leading to losses of $750,000. The attack was possible because of a vulnerability in the logic of the contract’s borrow() function that allowed the attacker to burn the pool’s currency which drove up the price while the attacker claimed referral rewards to use for more borrowing. The team recommends that similar lending protocols implement lock-up period restrictions to prevent these attacks.

This research document by Cisco Talos details a complex vulnerability in Ichitaro Word that leads to arbitrary code execution. The exploit achieves a frame pointer overwrite by exploiting an out-of-bounds index, enabling the construction of powerful exploitation primitives for full code execution. This detailed document provides a good walkthrough on how to approach similar reverse engineering problems to find vulnerabilities in software.

A list of OSINT Tools for gathering information and actions forensics.

Tools and scripts for personal use cases and bug bounties

The U.S. government will provide a $10 million reward for information on the ALPHV/BlackCat cybercrime gang's leadership after an affiliate claimed responsibility for the massive ransomware attack on a U.S. health tech giant last month.

AI Package Hallucination exploits LLMs like ChatGPT and Gemini to spread non-existent, potentially malicious packages through recommendations. Extensive testing on the GPT-3.5 Turbo model with 457 questions across 40 subjects in two programming languages revealed a concerning 30% hallucination rate.

Doyensec published a whitepaper on the results of testing Snyk, Dependabot, and Semgrep for SCA. The goal of the test was to find which tool had the highest true positive rate with the lowest false positive rate, while ignoring false negative rate. The test found that Dependabot had the highest true positive rate but also the highest false positive rate while Semgrep had the second highest true positive rate and the lowest false positive rate.

This report highlights the escalating sophistication of adversarial tactics leveraged by threat actors, including social engineering, SEO poisoning, malvertising, and QR code phishing, as well as their exploitation of generative AI for scaled attacks.

Prigozhin's influence on information operations campaigns persists despite his undoing - the infrastructure of these campaigns remains active, posing a potential threat to global security.

Vultr, a cloud provider, recently updated its Terms of Service to include a clause granting perpetual commercial rights over all hosted content.