TLDR Information Security 2024-05-13

> Orca is leading the way in AI security with the addition of AI Security to its cloud security platform.

> Orca's AI Security detects risks in models and data across all major LLMs — including AI-specific risks such as sensitive data in training datasets. The platform also identifies and maps 50+ packages used to train AI or power inference.

> The latest release complements Orca's previously announced GenAI-powered security features - natural language search, automated remediation, IAM optimization, and anomaly detection.

> To see all the latest features in action, get a demo of Orca.

The Ohio Lottery cyberattack conducted by the DragonForce ransomware group in late 2023 impacted over 500,000 individuals. The hackers claim to have obtained over 1.5 million records of employee and player information, including sensitive data like social security numbers, addresses, winnings, and dates of birth, and have leaked over 90GB of stolen files as backups.

Google has released a security update to fix a use-after-free vulnerability in the component that handles rendering of content in the Chrome browser. Google has stated that exploit code is available. Google Chrome updates automatically for security fixes but users can verify that they are on the latest version in Settings.

A malicious Go binary was hidden in a PyPI package named requests-darwin-lite. The binary was concealed within a large PNG image file, allowing the attacker to target specific macOS systems. Versions of the package containing the malicious binary were removed from PyPI after being detected.

This blog post walks through the process of fuzzing an Android application using AFL++ in Frida mode. It details the process of building the application and writing a test harness. The post then provides a primer on JNI linking and details the process of building a harness for weak JNI linking and strong JNI linking.

Researchers from KPMG Romania have published this in-depth article about how public AMIs are exposing sensitive data. They collected AMIs from all AWS regions, identified owners with many public AMIs, and accessed the contents to discover secrets like access keys and confidential data. The researchers emphasized responsible disclosure and highlighted the need for companies to secure their public AMIs.

This post goes into how curiosity led a pentester to discover a vulnerability that allowed him to track 130,000 cars worldwide. It reminds readers to not download just any random app that uses IoT or GPS as they are wildly insecure.

MS Devblogs Search is a Python script that downloads Microsoft Devblogs articles and searches them. The tool is helpful for learning about Windows development from the perspective of Microsoft developers.

Token Security is a "machine-first" identity security platform that provides visibility and continuous threat exposure management to manage identities. It starts with a list of machines and identifies who can access each machine by integrating into existing infrastructure. It then triages data to extract context, evaluate, and prioritize threat detection

Okta Terrify is a tool to abuse Okta Verify and FastPass. The tool allows an attacker to backdoor an Okta account via a compromised machine.

Six researchers have demonstrated a technique called GhostStripe that can interfere with autonomous vehicles' ability to recognize road signs by exploiting the camera-based computer vision systems and rolling shutters of CMOS sensors used by brands like Tesla and Baidu Apollo.

The CISA has announced a new vulnrichment program to enrich vulnerabilities from the CVE database with additional details from testing. The goal of this project is to alleviate some of the load that has plagued databases like the NVD and led to slowdowns in cataloging new CVEs

Researchers have uncovered two new attack methods called Pathfinder, targeting high-performance Intel CPUs, which enable reconstruction of program control flow history and launching high-resolution Spectre attacks.

This article discusses software vulnerabilities and exploits, analyzing trends and noteworthy vulnerabilities in Q1 2024.

Boeing refused to pay a $200 million ransom demand from the LockBit hacking group after a ransomware attack.

Threat Researchers have found that Scattered Spider group is targeting various companies in finance and insurance with convincing lookalike domains and login pages and advises defenders to monitor lookalike domains and train employees to detect phishing attacks.