TLDR Information Security 2024-05-10

Dell Data breach 🖥️, LLM Pentesting 🕵️‍♂️, Zscaler test environment exposed 🔓

🔓
Attacks & Vulnerabilities

University Systems of Georgia Admits MOVEit Attack Hit Data of 800K People (3 minute read)

The University Systems of Georgia, which administers 26 higher education institutions in the state, sent a letter to 800k victims disclosing that it was a victim of several breaches by the Cl0p gang's campaign. The data obtained may include full SSNs, the last four digits of SSNs, dates of birth, bank account numbers, federal tax documents, and driver's licenses. USG reports that the data will likely be published and offered victims 13 months of credit monitoring.

Dell warns of data breach, 49 million customers allegedly affected (2 minute read)

Dell has warned customers of a data breach affecting 49 million people. The stolen information includes customer names, addresses, and purchase details, but not financial data. Customers should be cautious of potential targeted attacks and verify communications from Dell directly.

Ascension Healthcare Takes Systems Offline After Cyberattack (2 minute read)

Private healthcare system Ascension reports that it has taken some systems offline to investigate a suspected cyberattack. Ascension has advised all partners to sever connections to its networks and has retained Mandiant for incident response. Clinical operations have also been impacted due to the attack.
🧠
Strategies & Tactics

Advancing Emergency Response Security with Autonomous Pentesting (6 minute read)

Horizon3.ai's customer story highlights the implementation of autonomous pentesting to advance security in emergency response sectors, particularly 911 call centers. Utilizing its NodeZero platform, Horizon3.ai enables organizations to perform continuous security assessments, identifying vulnerabilities and enhancing defenses against cyber threats.

LLM pentest: Leveraging agent integration for RCE (7 minute read)

This blog post discusses how vulnerabilities like "Prompt Leaking" were exploited during an LLM pentest, enabling unauthorized execution of system commands via Python code injection. By manipulating the assistant's responses, attackers were able to extract sensitive information and even execute code, demonstrating the risks of integrating LLMs without proper security measures. Understanding these attack vectors can help prevent unauthorized access and data breaches.

Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1 (5 minute read)

This blog post discusses the use of symbols in Ghidra for reverse engineering tasks. It emphasizes how symbols help clarify disassembled code by providing human-readable identifiers like function names, prototypes, and data types. This aids in transforming obscure assembly code into more understandable formats, similar to high-level programming languages. The post explains how symbols are extracted from binary exports and imports and their significance in making the reverse engineering process more intuitive and efficient.
🧑‍💻
Launches & Tools

AWS SCP to Deny Financial Agreements and Long-Term Reservations (GitHub Repo)

An SCP to prevent a member account from entering into long-term financial agreements or reservations.

Kube No Trouble (GitHub Repo)

Kubent is a tool to check if a Kubernetes cluster is using deprecated APIs. It can be run in CI/CD pipelines or manually.

BurpScript (GitHub Repo)

BurpScript adds dynamic scripting abilities to Burp Suite, allowing you to write scripts in Python or Javascript to manipulate HTTP requests and responses.
ğŸŽ
Miscellaneous

Amazon Route 53 Resolver DNS Firewall now Supports Domain Redirection (1 minute read)

AWS has added the ability to enable Route 53 Resolver DNS Firewall to automatically skip the inspection of domains included in a redirection chain. Prior to this feature, all CNAMEs in a domain redirection chain would have to be explicitly allow-listed.

Minecraft Source Pack Becomes Gateway for zEus Stealer Distribution (2 minute read)

Fortinet's FortiGuard Labs has discovered that a dangerous malware called zEus stealer is being spread through a Minecraft source pack, targeting Windows users and stealing sensitive data like IP addresses and browser information. The malware cleverly disguises itself as a screensaver file to evade detection and maintains control over infected systems through auto-run entries and a command-and-control script. Users are urged to use MFA, download files from trustworthy sources, and be cautious when downloading custom game mods to protect against threats like zEus.

Zscaler Test Environment Exposed (2 minute read)

Zscaler has published a security update following posts on X that an isolated test environment on a server was unintentionally exposed. Zscaler has confirmed that there was no impact or compromise to customer, production, or corporate environments.
⚡️
Quick Links

Monday.com removes "Share Update" feature abused for phishing attacks (2 minute read)

Monday.com removed its "Share Update" feature due to phishing attacks because it allowed users to send emails impersonating Monday.com.

FBI warns US retailers that hackers are targeting their gift card systems (2 minute read)

The FBI has issued a warning to US retailers about cybercriminals targeting gift card systems through phishing attacks on employees.

TikTok is Suing the U.S. Government to Stop its App Being Banned (1 minute read)

TikTok has filed a lengthy lawsuit against the U.S. government arguing that the TikTok ban is unconstitutional and violates users' First Amendment rights.
Curated news 📰, research 🧑‍🔬, and tools 🔒 for information security professionals
Join 300,000 readers for