TLDR Information Security 2024-05-17

Researchers have uncovered a new vulnerability in the IEEE 802.11 WiFi standard that affects every WiFi client and operating system. The vulnerability occurs because the WiFi standard does not require authentication of the SSID during beaconing which could allow an attacker to trick a victim into connecting to a different network. This post provides more details of the vulnerability and threat models that apply.

Singing River Health System (SRHS) has notified around 900,000 individuals that their personal information, including names, addresses, dates of birth, Social Security numbers, and medical data, was compromised in an August 2023 ransomware attack.

Linux maintainers' infrastructure was infected with backdoor malware for two years, starting in 2009. The attackers accessed encrypted password data and compromised servers connected to kernel.org. The malware spread to thousands of servers, but there is no evidence of tampering with the Linux kernel source code.

This article discusses in depth about malware found by ESET researchers in the European Ministry of Foreign Affairs' computers. These two backdoors, LunarWeb and LunarMail, have been associated with the Turla group. The backdoors use techniques like steganography and communicate via HTTP(S) or email.

This blog post discusses adversary tactics in cloud environments, focusing on techniques like modifying cloud compute infrastructure to evade defenses. Adversaries can manipulate cloud components, create snapshots, launch new instances, and modify configurations to bypass security measures and maintain stealthy access. Understanding these techniques can be crucial for defending against malicious activities in the cloud.

A tutorial on deploying mutual TLS on an AWS application load balancer utilizing an open-source serverless CA. It includes an overview and explanation of the solution as well as Terraform code for deploying it.

SignSaboteur is a Burp Suite extension for editing, signing, verifying, and attacking signed tokens. It supports a wide variety of different tokens.

DeepKeep's AI-Native Trust, Risk, and Security Management (TRiSM) platform provides data scientists and security leaders a valuable understanding of the risks and challenges that AI systems face while also delivering protection and alerts

Arcjet JS SDKs, Next.js, and Node.js library for rate limiting, bot protection, email verification, and defense against common attacks.

The FBI, in collaboration with international law enforcement agencies, seized the notorious cybercrime forum BreachForums on Wednesday. BreachForums has been a popular platform for hackers and cybercriminals to advertise, sell, and trade stolen data.

Microsoft has observed a cybercriminal group called Storm-1811 abusing Quick Assist for social engineering attacks to deploy Black Basta ransomware. The group uses voice phishing to trick victims into installing remote management tools, followed by QakBot, Cobalt Strike, and ultimately the ransomware.

When LLMs and AI agents respond to user inputs, they inherently make certain assumptions to provide context and accurate responses to a user. These assumptions should be explicitly stated in an assumptions_made metadata field. This would provide more insight into improving LLMs and AI agents.

CISA has published guidance for federal agencies on encrypting DNS traffic to enhance cybersecurity aligned with the zero trust strategy.

Google demoed a large variety of AI features for Android devices, including the capability for Gemini to notify users if a call seems to be from a scammer.

A new report by VikingCloud reveals that 40% of cyber teams are not reporting breaches due to fear of job loss, highlighting a significant underreporting issue globally.