TLDR Information Security 2024-05-10

Are you an expert in all things cloud security? Come prove it at Lacework's virtual Capture the Flag Challenge!

⏳ Complete as many challenges as possible in one hour.

🥇 Top 3 scorers will win a Valve Steam Deck.

✅ All game participants will receive a $25 DoorDash gift card to enjoy lunch after the session.

Spots are limited — register today

The University Systems of Georgia, which administers 26 higher education institutions in the state, sent a letter to 800k victims disclosing that it was a victim of several breaches by the Cl0p gang's campaign. The data obtained may include full SSNs, the last four digits of SSNs, dates of birth, bank account numbers, federal tax documents, and driver's licenses. USG reports that the data will likely be published and offered victims 13 months of credit monitoring.

Dell has warned customers of a data breach affecting 49 million people. The stolen information includes customer names, addresses, and purchase details, but not financial data. Customers should be cautious of potential targeted attacks and verify communications from Dell directly.

Private healthcare system Ascension reports that it has taken some systems offline to investigate a suspected cyberattack. Ascension has advised all partners to sever connections to its networks and has retained Mandiant for incident response. Clinical operations have also been impacted due to the attack.

Horizon3.ai's customer story highlights the implementation of autonomous pentesting to advance security in emergency response sectors, particularly 911 call centers. Utilizing its NodeZero platform, Horizon3.ai enables organizations to perform continuous security assessments, identifying vulnerabilities and enhancing defenses against cyber threats.

This blog post discusses how vulnerabilities like "Prompt Leaking" were exploited during an LLM pentest, enabling unauthorized execution of system commands via Python code injection. By manipulating the assistant's responses, attackers were able to extract sensitive information and even execute code, demonstrating the risks of integrating LLMs without proper security measures. Understanding these attack vectors can help prevent unauthorized access and data breaches.

This blog post discusses the use of symbols in Ghidra for reverse engineering tasks. It emphasizes how symbols help clarify disassembled code by providing human-readable identifiers like function names, prototypes, and data types. This aids in transforming obscure assembly code into more understandable formats, similar to high-level programming languages. The post explains how symbols are extracted from binary exports and imports and their significance in making the reverse engineering process more intuitive and efficient.

An SCP to prevent a member account from entering into long-term financial agreements or reservations.

Kubent is a tool to check if a Kubernetes cluster is using deprecated APIs. It can be run in CI/CD pipelines or manually.

BurpScript adds dynamic scripting abilities to Burp Suite, allowing you to write scripts in Python or Javascript to manipulate HTTP requests and responses.

AWS has added the ability to enable Route 53 Resolver DNS Firewall to automatically skip the inspection of domains included in a redirection chain. Prior to this feature, all CNAMEs in a domain redirection chain would have to be explicitly allow-listed.

Fortinet's FortiGuard Labs has discovered that a dangerous malware called zEus stealer is being spread through a Minecraft source pack, targeting Windows users and stealing sensitive data like IP addresses and browser information. The malware cleverly disguises itself as a screensaver file to evade detection and maintains control over infected systems through auto-run entries and a command-and-control script. Users are urged to use MFA, download files from trustworthy sources, and be cautious when downloading custom game mods to protect against threats like zEus.

Zscaler has published a security update following posts on X that an isolated test environment on a server was unintentionally exposed. Zscaler has confirmed that there was no impact or compromise to customer, production, or corporate environments.

Monday.com removed its "Share Update" feature due to phishing attacks because it allowed users to send emails impersonating Monday.com.

The FBI has issued a warning to US retailers about cybercriminals targeting gift card systems through phishing attacks on employees.

TikTok has filed a lengthy lawsuit against the U.S. government arguing that the TikTok ban is unconstitutional and violates users' First Amendment rights.