TLDR Information Security 2024-05-01

Google's enhanced security measures helped block 2.28 million privacy-violating apps from its Play Store in 2023. The company banned 333,000 bad accounts, rejected nearly 200,000 apps using sensitive permissions, and worked with SDK providers to reduce data access and sharing, impacting over 790,000 apps and improving user privacy.

The FCC reported that Verizon, AT&T, T-Mobile, and Sprint sold data “aggregators” access to their customers' location data. This data was then resold to third-party location-based service providers. The FCC has issued a fine for circumventing the requirement to obtain user consent after the telecommunications providers were alerted of this issue and did not remediate it.

Over 25,000 people had their personal and financial data stolen in a breach at the Philadelphia Inquirer in May 2023. The breach disrupted newspaper operations, but the website remained unaffected. The ransomware group responsible, named Cuba, published stolen files after the newspaper refused to pay a ransom.

Avast tracked a campaign that targeted users in the Asian region with fake recruitment offers. Victims were socially engineered into installing and running a Trojan version of AmazonVNC that utilized a 0-day to install a novel RAT. This RAT had the ability to change file timestamps.

This blog post takes a critical look at an academic paper that received widespread media attention which claimed to have built an LLM Agent that can exploit one-day vulnerabilities. The author points out that the paper included an agent that had Internet access and that the authors of the paper chose CVEs that had very detailed exploits and PoCs available. The post concludes that the paper demonstrated the capabilities of GPT-4 as an intelligent scanner and crawler but based on the data provided didn't demonstrate its ability to rediscover these vulnerabilities or generate novel exploit code.

GraphQL Cop is a Python utility that runs common security tests against GraphQL APIs. It can be incorporated into CI/CD and provides cURL requests for any findings.

Application Inspector is a source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a JSON-based rules engine. It is ideal for scanning components before use or detecting feature-level changes.

Sprinto is a security compliance platform that works with any cloud setup and helps monitor entity-level risks and controls from a single dashboard. It focuses on continuous compliance and healthy operational practices.

Cybersecurity researchers have uncovered multiple malicious campaigns targeting Docker Hub that planted millions of "imageless" containers over the past five years. Over 4 million repositories have been found to be empty except for documentation containing links to phishing or malware sites.

A critical vulnerability has been discovered in the R programming language, widely used for data analysis and AI/ML, that allows arbitrary code execution when deserializing specially crafted RDS and RDX files. The vulnerability exploits R's handling of serialization/deserialization, enabling attackers to embed malicious code in file metadata for execution upon opening the files.

The U.S. Department of Homeland Security has released new guidelines to protect critical infrastructure from AI risks and a report on AI misuse in CBRN threats.

Google has updated its Minimum Viable Secure Product standard, focusing on essential security controls for products and services.

CISA reports that it notified 1,754 Internet-facing devices that they might be vulnerable to ransomware. Of those, 852 were resolved.