TLDR Information Security 2024-05-13

Ohio Lottery breached 🎰, Hacking cards worldwide πŸš—, New Scattered Spider Campaign πŸ•ΈοΈ

πŸ”“
Attacks & Vulnerabilities

Ohio Lottery Data Breach Impacted Over 538,000 Individuals (2 minute read)

The Ohio Lottery cyberattack conducted by the DragonForce ransomware group in late 2023 impacted over 500,000 individuals. The hackers claim to have obtained over 1.5 million records of employee and player information, including sensitive data like social security numbers, addresses, winnings, and dates of birth, and have leaked over 90GB of stolen files as backups.

Google Fixes Fifth Chrome 0-Day Exploited in Attacks this Year (2 minute read)

Google has released a security update to fix a use-after-free vulnerability in the component that handles rendering of content in the Chrome browser. Google has stated that exploit code is available. Google Chrome updates automatically for security fixes but users can verify that they are on the latest version in Settings.

Malicious Go Binary Delivered via Steganography in PyPI (5 minute read)

A malicious Go binary was hidden in a PyPI package named requests-darwin-lite. The binary was concealed within a large PNG image file, allowing the attacker to target specific macOS systems. Versions of the package containing the malicious binary were removed from PyPI after being detected.
🧠
Strategies & Tactics

Android Greybox Fuzzing with AFL++ Frida Mode (8 minute read)

This blog post walks through the process of fuzzing an Android application using AFL++ in Frida mode. It details the process of building the application and writing a test harness. The post then provides a primer on JNI linking and details the process of building a harness for weak JNI linking and strong JNI linking.

AWS CloudQuarry: Digging For Secrets In Public AMIs (35 minute read)

Researchers from KPMG Romania have published this in-depth article about how public AMIs are exposing sensitive data. They collected AMIs from all AWS regions, identified owners with many public AMIs, and accessed the contents to discover secrets like access keys and confidential data. The researchers emphasized responsible disclosure and highlighted the need for companies to secure their public AMIs.

Hacking more than 130,000 cars worldwide in 5 minutes (4 minute read)

This post goes into how curiosity led a pentester to discover a vulnerability that allowed him to track 130,000 cars worldwide. It reminds readers to not download just any random app that uses IoT or GPS as they are wildly insecure.
πŸ§‘β€πŸ’»
Launches & Tools

MS Devblogs Search (GitHub Repo)

MS Devblogs Search is a Python script that downloads Microsoft Devblogs articles and searches them. The tool is helpful for learning about Windows development from the perspective of Microsoft developers.

Token Security (Product Launch)

Token Security is a "machine-first" identity security platform that provides visibility and continuous threat exposure management to manage identities. It starts with a list of machines and identifies who can access each machine by integrating into existing infrastructure. It then triages data to extract context, evaluate, and prioritize threat detection

Okta Terrify (GitHub Repo)

Okta Terrify is a tool to abuse Okta Verify and FastPass. The tool allows an attacker to backdoor an Okta account via a compromised machine.
🎁
Miscellaneous

GhostStripe attack haunts self-driving cars by making them ignore road signs (5 minute read)

Six researchers have demonstrated a technique called GhostStripe that can interfere with autonomous vehicles' ability to recognize road signs by exploiting the camera-based computer vision systems and rolling shutters of CMOS sensors used by brands like Tesla and Baidu Apollo.

How the Feds Will Tackle the Software Bug Backlog (2 minute read)

The CISA has announced a new vulnrichment program to enrich vulnerabilities from the CVE database with additional details from testing. The goal of this project is to alleviate some of the load that has plagued databases like the NVD and led to slowdowns in cataloging new CVEs

New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (3 minute read)

Researchers have uncovered two new attack methods called Pathfinder, targeting high-performance Intel CPUs, which enable reconstruction of program control flow history and launching high-resolution Spectre attacks.
⚑️
Quick Links

Exploits and vulnerabilities in Q1 2024 (12 minute read)

This article discusses software vulnerabilities and exploits, analyzing trends and noteworthy vulnerabilities in Q1 2024.

Boeing refused to pay $200 million LockBit ransomware demand (2 minute read)

Boeing refused to pay a $200 million ransom demand from the LockBit hacking group after a ransomware attack.

Resilience Threat Researchers Identify New Campaigns from Scattered Spider (5 minute read)

Threat Researchers have found that Scattered Spider group is targeting various companies in finance and insurance with convincing lookalike domains and login pages and advises defenders to monitor lookalike domains and train employees to detect phishing attacks.
Curated news πŸ“°, research πŸ§‘β€πŸ”¬, and tools πŸ”’ for information security professionals
Join 300,000 readers for