TLDR Information Security 2024-04-01

Datadog analyzed security posture data from a sample of thousands of organizations that use AWS, Azure, or Google Cloud. Their findings suggest that organizations still face significant challenges around issues such as:

• Managing static, long-lived credentials
• Securely configuring user roles, access, and privileges within cloud resources
• Enforcing best-practice safeguards such as multi-factor authentication (MFA)

Get the full report: State of Cloud Security 📑

A backdoor was found in the xz/liblzma compression library, impacting Linux systems using specific OpenSSH builds. It was submitted by a core developer to the project with years of legitimate contributions. The backdoor was discovered by a user who noticed a new memory leak in the project.

AT&T confirmed a massive data breach impacting over 7.6 million current and 65 million former customers. The leaked information included personal details like names, emails, addresses, phone numbers, social security numbers, dates of birth, and account credentials. The company has reset affected customers' passcodes and is notifying impacted individuals.

Apart from xz, Linux users have another vulnerability with CVE-2024-1086. Linux kernel versions between at least 5.14 and 6.6.14 are susceptible to privilege escalation. The exploit has a success rate of 99.4% on kernel 6.4.16.

This post dives into why investing in infosec is key for B2B SaaS companies as they are trying to sell to enterprises that will want to know how secure they are. These processes are usually long and rigorous and require startups to focus on showing their security acumen.

This blog post discusses the vulnerability management lifecycle in DevSecOps, focusing on three key stages: identification, observability, and management. The goal is to empower engineering teams to prioritize and address security risks within their digital products through technology-driven processes. The post emphasizes the importance of integrating security practices into software development to ensure a secure-by-design approach.

This blog post from Exodus Intel explains a vulnerability (CVE-2024-0582) in io_uring in the Linux kernel related to a use-after-free bug. The vulnerability occurs when an application registers and later unregisters a provided buffer ring with a specific flag, leading to memory issues. The post details the exploitation of this vulnerability and a data-only exploit strategy.

NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks.

Cleanowners is a GitHub Action that helps keep CODEOWNERS files current by removing users who are no longer a part of the organization.

Root is a software supply chain collaboration and transparency platform that helps software consumers understand, prioritize, and mitigate their risks.

Ubuntu is manually reviewing apps in the Snap Store after fake crypto wallet scams. Apps are now checked by engineers before being available for users to download. This change aims to prevent further cryptocurrency thefts and enhance app safety.

The European Union has published draft election security guidelines targeting around two dozen large platforms like Facebook, Google, Instagram, TikTok, YouTube, and X that are regulated under the Digital Services Act. The guidelines aim to mitigate systemic risks such as political deepfakes while safeguarding rights like free speech and privacy.

Researchers from Kaspersky have warned that a Linux variant of the DinodasRAT backdoor is being used in attacks against users in China, Taiwan, Turkey, and Uzbekistan. Researchers discovered that it gathers sensitive data and provides complete control over infected machines. The backdoor uses encryption functions and primarily focuses on gaining access to Linux servers for espionage purposes.

This post talks about hijacking attacks, often involving compromised accounts, that use curiosity to trick people into clicking on malicious links or attachments in emails.

This report found a 56% increase in actively exploited zero-days in 2023 over 2022.

OpenAI's Voice Engine technology, capable of cloning voices with just 15 seconds of audio, has been deemed too risky for widespread release due to misinformation concerns.