TLDR Information Security 2024-03-29

PyPI Halted after Typosquatting attacks 🐍, NVidia's ChatRTX urgent patch 🩹, US Offers $10M Bounty for Change Healthcare Hackers πŸ€‘

Attacks & Vulnerabilities

PyPI halted new users and projects while it fended off supply-chain attack (4 minute read)

PyPI, the main Python Package Index repository, temporarily halted new project creation and user registration due to a continuous attack of malicious package uploads designed to infect devices through typosquatting techniques. After a 10-hour suspension, PyPI restored normal operations as it had addressed the security concerns.

Nvidia's new ChatGPT-like AI chatbot falls victim to high-severity security vulnerabilities - urgent ChatRTX patch issued (3 minute read)

Nvidia's ChatRTX AI chatbot was found to have severe security vulnerabilities in versions 0.2 and prior, including cross-site scripting and improper privilege management attacks. Nvidia has addressed these issues in the latest iteration of ChatRTX 0.2.

Linux Version of DinodasRAT Spotted in Cyberattacks (3 minute read)

The multiplatform backdoor, DinodasRAT, has been spotted infecting Linux machines in several attacks in China, Turkey, Taiwan, and Uzbekistan. The malware, also known as XDealer, is an infostealer and backdoor. It establishes persistence by using SystemV or SystemD startup scripts.
Strategies & Tactics

How Apple Mitigates Vulnerabilities in Installer Scripts (22 minute read)

Installer Scripts are valuable targets for attackers as they give processes and their children access to areas in the system that are protected by System Integrity Protection. This article details how vulnerabilities have bypassed these protections in the past. It provides an in-depth look at PackageKit, which is designed to eliminate this full class of vulnerabilities.

Analysis of the MOBOX Security Breach (5 minute read)

The MOBOX decentralized lending protocol was attacked on March 14, leading to losses of $750,000. The attack was possible because of a vulnerability in the logic of the contract’s borrow() function that allowed the attacker to burn the pool’s currency which drove up the price while the attacker claimed referral rewards to use for more borrowing. The team recommends that similar lending protocols implement lock-up period restrictions to prevent these attacks.

Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word (52 minute read)

This research document by Cisco Talos details a complex vulnerability in Ichitaro Word that leads to arbitrary code execution. The exploit achieves a frame pointer overwrite by exploiting an out-of-bounds index, enabling the construction of powerful exploitation primitives for full code execution. This detailed document provides a good walkthrough on how to approach similar reverse engineering problems to find vulnerabilities in software.
Launches & Tools

FBI-tools (GitHub Repo)

A list of OSINT Tools for gathering information and actions forensics.

Arsenal (GitHub Repo)

Tools and scripts for personal use cases and bug bounties

US offers $10M to help catch Change Healthcare hackers (4 minute read)

The U.S. government will provide a $10 million reward for information on the ALPHV/BlackCat cybercrime gang's leadership after an affiliate claimed responsibility for the massive ransomware attack on a U.S. health tech giant last month.

Diving Deeper into AI Package Hallucinations (9 minute read)

AI Package Hallucination exploits LLMs like ChatGPT and Gemini to spread non-existent, potentially malicious packages through recommendations. Extensive testing on the GPT-3.5 Turbo model with 457 questions across 40 subjects in two programming languages revealed a concerning 30% hallucination rate.

A Look at Software Composition Analysis (3 minute read)

Doyensec published a whitepaper on the results of testing Snyk, Dependabot, and Semgrep for SCA. The goal of the test was to find which tool had the highest true positive rate with the lowest false positive rate, while ignoring false negative rate. The test found that Dependabot had the highest true positive rate but also the highest false positive rate while Semgrep had the second highest true positive rate and the lowest false positive rate.
Quick Links

Navigating Cyber 2024 report (15 minute read)

This report highlights the escalating sophistication of adversarial tactics leveraged by threat actors, including social engineering, SEO poisoning, malvertising, and QR code phishing, as well as their exploitation of generative AI for scaled attacks.

Life After Death? IO Campaigns Linked to Notorious Russian Businessman Prigozhin Persist After His Political Downfall and Death (15 minute read)

Prigozhin's influence on information operations campaigns persists despite his undoing - the infrastructure of these campaigns remains active, posing a potential threat to global security.

Vultr’s New Terms of Service Claims Commercial Rights (Mastodon Thread)

Vultr, a cloud provider, recently updated its Terms of Service to include a clause granting perpetual commercial rights over all hosted content.
Curated news πŸ“°, research πŸ§‘β€πŸ”¬, and tools πŸ”’ for information security professionals
Join 300,000 readers for