TLDR Information Security 2024-04-15

Roku 576K user accounts hacked šŸ“ŗ, Palo Alto Networks Firewall Vulnerability šŸ”„, Lastpass dodges deepfake scam šŸŽ­

Attacks & Vulnerabilities

Canadian retail chain Giant Tiger data breach may have impacted millions of customers (2 minute read)

A hacker breached Canadian retail chain Giant Tiger, exposing 2.8 million customer records with personal information. The compromised data included email addresses, names, phone numbers, and physical addresses, but financial information was not affected. Customers can check if their data was leaked using the HaveIBeenPwned service.

Palo Alto Networks Warns of Exploited Firewall Vulnerability (3 minute read)

Threat actors are exploiting a critical command injection vulnerability (CVE-2024-3400) in Palo Alto Networks firewalls that allows unauthenticated attackers to execute arbitrary code with root privileges. The vulnerability, with a severity score of 10/10, affects the GlobalProtect feature in PAN-OS versions 10.2, 11.0, and 11.1.

Roku says 576,000 user accounts hacked after second security incident (3 minute read)

Roku acknowledged a security breach where hackers gained access to around 576,000 user accounts. This is the second such incident for the streaming device maker, raising concerns about the company's data security measures and the potential exposure of users' personal information.
Strategies & Tactics

Seccomp internals deep dive ā€“ Part 1 (10 minute read)

This blog post explores the internals of seccomp including its architecture, key concepts, and practical applications. The post provides kernel code examples that refer to x86_64 architecture with Linux kernel version 6.7.1. The second part of the post is expected to cover seccomp notifications.

SOC Project with full Automation LAB (4 minute read)

This blog summarizes the architecture of a fully-featured open source SOC lab consisting of powerful technologies used by Fortune 500 companies. Despite being open source, these tools offer comprehensive security incident detection, response, automation, and threat intelligence capabilities.

What we need to take away from the XZ Backdoor (12 minute read)

This article discusses a significant security breach involving the XZ compression tool, used widely in Linux distributions, which was discovered to contain a malicious backdoor. This backdoor specifically targeted distribution builds using GCC and glibc, raising serious concerns about supply chain security. The openSUSE team, upon discovering the threat, acted swiftly to remove the compromised software and rebuild affected packages to ensure system integrity. The scenario emphasizes the need for heightened security measures and more robust community vigilance in open-source projects.
Launches & Tools

hauditor (GitHub Repo)

hauditor is a tool designed to analyze the security headers returned by a web page and report dangerous configurations.

Simbian (Product Launch)

Simbian is an autonomous security platform for enterprises. Humans make all the strategic decisions while AI implements those decisions.

KubeHound (GitHub Repo)

A Kubernetes attack graph tool that enables automated calculation of attack paths between assets in a cluster.

UK flooded with forged stamps despite using barcodes ā€” to prevent just that (5 minute read)

Royal Mail introduced barcoded stamps to enhance security and prevent forgeries, but counterfeit stamps have flooded the UK. Customers face fines for unknowingly using fake stamps purchased at Post Offices. The transition to barcoded stamps raised privacy concerns due to the potential loss of anonymity in mail.

New Technique to Trick Developers Detected in an Open Source Supply Chain Attack (10 minute read)

Attackers are manipulating GitHub search rankings by creating malicious repositories with popular names and topics and using automated updates and fake stars to deceive users. The recent campaign involves a large malware executable that targets cryptocurrency wallets, establishing persistence through a scheduled task.

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts (2 minute read)

A former security engineer at Amazon, Shakeeb Ahmed was sentenced to three years in prison for hacking two cryptocurrency exchanges in July 2022 and stealing over $12.3 million. He pled guilty to computer fraud charges in December 2023 following his arrest in July. Ahmed exploited security flaws to insert fake pricing data and fraudulently generate inflated fees, which he then withdrew.
Quick Links

Chrome Enterprise gets Premium security but you have to pay for it (2 minute read)

Google has introduced Chrome Enterprise Premium, a new version of its browser for organizations that offers advanced security features for a monthly fee per user.

LastPass Dodges Deepfake Scam: CEO Impersonation Attempt Thwarted (2 minute read)

LastPass avoided a security breach in which an employee was targeted with a deepfake scam impersonating the CEO.

FBI warns of massive wave of road toll SMS phishing attacks (2 minute read)

The FBI warns of a large wave of text message scams that trick people into clicking links to pay unpaid tolls.
Curated news šŸ“°, research šŸ§‘ā€šŸ”¬, and tools šŸ”’ for information security professionals
Join 300,000 readers for