π
Attacks & Vulnerabilities
Ivanti warns of critical flaws in its Avalanche MDM solution (2 minute read)
Ivanti fixed 27 vulnerabilities in its Avalanche MDM solution, including critical flaws that allowed remote attackers to execute commands. These security updates are crucial for protecting over 100,000 mobile devices from potential attacks. It is recommended that customers update to the latest Avalanche 6.4.3 version to stay secure.
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt (2 minute read)
Security researchers discovered a takeover attempt targeting the OpenJS Foundation similar to a recent incident with the XZ Utils project. Suspicious emails urged OpenJS to update a JavaScript project and designate new maintainers without proper involvement. Maintainers of open-source projects should be cautious of social engineering attacks targeting their sense of duty and community.
PuTTY SSH Client Flaw Allows Recovery of Cryptographic Private Keys (3 minute read)
A vulnerability in PuTTY 0.68-0.80 could allow attackers with access to 60 cryptographic signatures from a user to compute the private keys offline. These signatures could come from an attacker-controlled SSH server or signed git commits. The vulnerability arises from the way that PuTTY generates ECDSA nonces, which lacks robust cryptographic random number generators on specific Windows versions.
Deploying Tailscale For a Remote Only Company (8 minute read)
This post describes the reasoning and process followed to deploy Tailscale for a fully remote company. It goes over the motivation for this deployment, its advantages, and some tips and potential pitfalls in this setup. The post concludes with some features that were introduced since the original deployment that would have been helpful for future deployments.
Unraveling SIEM Correlation Techniques (5 minute read)
This post provides an overview of SIEM correlation techniques. It begins by defining correlation, introducing the MITRE ATT&CK framework, and presenting an example of a simple correlation rule. The post then continues to work through an example of detecting a Brute Force Okta Login, while combining multiple TTPs and log sources.
π§βπ»
Launches & Tools
cloud-key-rotator (GitHub Repo)
Cloud-Key-Rotator is a program written in Golang that helps manage cloud service account key rotation. Not only does it support many different services, the tool also attempts to verify its actions as much as possible and aborts immediately if it encounters an error.
CVENotifier (GitHub Repo)
CVENotifier is a customizable notifier for CVEs based on keywords. This tool scrapes the CVE feed from vuldb.com, filters it based on keywords, and notifies via Slack about the latest CVEs only for the technology or the products you have listed as keywords.
A quick post on Chen's algorithm (3 minute read)
Cryptographer and Professor Matthew Green addresses the new e-print authored by Yilei Chen, βQuantum Algorithms for Lattice Problems," which could potentially threaten current lattice-based encryption schemes. Despite the significance of this discovery, it may not immediately affect widely used schemes like Kyber or Dilithium. The cryptography community is closely monitoring this development for potential implications for future encryption security.
AWS Took 6 Months to Fix STS Bug - IAM Policy Inadequate (3 minute read)
Stedi discovered a vulnerability in AWS STS that arose from its usage of IAM role trust policies that relied upon resource tags and request tags. AWS first denied the issue, then found that the scope of the problem was larger than initially believed, but still took 6 months to deploy a fix. A major issue is that the AWS IAM Policy Simulator lacks many IAM features, which makes it difficult and time consuming to properly test IAM policies.