TLDR Information Security 2024-04-01

Backdoor in xz leads to SSH Compromise 💀, AT&T Confirms massive data breach ⚠️, EU Election security guidance 🇪🇺

Attacks & Vulnerabilities

Backdoor in xz/liblzma leading to SSH Compromise (4 minute read)

A backdoor was found in the xz/liblzma compression library, impacting Linux systems using specific OpenSSH builds. It was submitted by a core developer to the project with years of legitimate contributions. The backdoor was discovered by a user who noticed a new memory leak in the project.

AT&T confirms data breach and resets millions of customer passcodes (2 minute read)

AT&T confirmed a massive data breach impacting over 7.6 million current and 65 million former customers. The leaked information included personal details like names, emails, addresses, phone numbers, social security numbers, dates of birth, and account credentials. The company has reset affected customers' passcodes and is notifying impacted individuals.

Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching (4 minute read)

Apart from xz, Linux users have another vulnerability with CVE-2024-1086. Linux kernel versions between at least 5.14 and 6.6.14 are susceptible to privilege escalation. The exploit has a success rate of 99.4% on kernel 6.4.16.
Strategies & Tactics

Why small B2B SaaS companies should focus on presales information security (4 minute read)

This post dives into why investing in infosec is key for B2B SaaS companies as they are trying to sell to enterprises that will want to know how secure they are. These processes are usually long and rigorous and require startups to focus on showing their security acumen.

Vulnerability Management Lifecycle in DevSecOps (10 minute read)

This blog post discusses the vulnerability management lifecycle in DevSecOps, focusing on three key stages: identification, observability, and management. The goal is to empower engineering teams to prioritize and address security risks within their digital products through technology-driven processes. The post emphasizes the importance of integrating security practices into software development to ensure a secure-by-design approach.

Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu (16 minute read)

This blog post from Exodus Intel explains a vulnerability (CVE-2024-0582) in io_uring in the Linux kernel related to a use-after-free bug. The vulnerability occurs when an application registers and later unregisters a provided buffer ring with a specific flag, leading to memory issues. The post details the exploitation of this vulnerability and a data-only exploit strategy.
Launches & Tools

NetExec (GitHub Repo)

NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks.

cleanowners (GitHub Repo)

Cleanowners is a GitHub Action that helps keep CODEOWNERS files current by removing users who are no longer a part of the organization.

Root (Product Launch)

Root is a software supply chain collaboration and transparency platform that helps software consumers understand, prioritize, and mitigate their risks.

Ubuntu Will Manually Review Snap Store After Crypto Wallet Scams (3 minute read)

Ubuntu is manually reviewing apps in the Snap Store after fake crypto wallet scams. Apps are now checked by engineers before being available for users to download. This change aims to prevent further cryptocurrency thefts and enhance app safety.

EU publishes election security guidance for social media giants and others in scope of DSA (3 minute read)

The European Union has published draft election security guidelines targeting around two dozen large platforms like Facebook, Google, Instagram, TikTok, YouTube, and X that are regulated under the Digital Services Act. The guidelines aim to mitigate systemic risks such as political deepfakes while safeguarding rights like free speech and privacy.

DinodasRAT Linux variant targets users worldwide (3 minute read)

Researchers from Kaspersky have warned that a Linux variant of the DinodasRAT backdoor is being used in attacks against users in China, Taiwan, Turkey, and Uzbekistan. Researchers discovered that it gathers sensitive data and provides complete control over infected machines. The backdoor uses encryption functions and primarily focuses on gaining access to Linux servers for espionage purposes.
Quick Links

Thread Hijacking: Phishes That Prey on Your Curiosity (4 minute read)

This post talks about hijacking attacks, often involving compromised accounts, that use curiosity to trick people into clicking on malicious links or attachments in emails.

A Year in Review of Zero-Days Exploited In-the-Wild in 2023 (20 minute read)

This report found a 56% increase in actively exploited zero-days in 2023 over 2022.

OpenAI deems its voice cloning tool too risky for general release (3 minute read)

OpenAI's Voice Engine technology, capable of cloning voices with just 15 seconds of audio, has been deemed too risky for widespread release due to misinformation concerns.
Curated news 📰, research 🧑‍🔬, and tools 🔒 for information security professionals
Join 300,000 readers for