TLDR Information Security 2024-05-22

Ever feel like keeping track of all your cloud resources is a full time job? With Orca's AI-powered search, it's as simple as asking a question like:

• Are there any S3 Buckets that allow public READ access?
• Do I have any AWS Lambda functions or Google Cloud functions with unsupported runtimes?
• Do I have any unencrypted databases with sensitive data exposed to the Internet?

…And Orca's AI will automatically search 100% of your environment and provide the answers you're looking for — so you can quickly respond to zero day risks, perform audits, optimize cloud assets, and understand exposure to threats.

Learn more here: blog | product | demo

Researchers have discovered a severe memory corruption vulnerability dubbed "Linguistic Lumberjack" in Fluent Bit, an open-source cloud logging utility with over 3 billion downloads widely used by major organizations and cloud providers like AWS, Microsoft, and Google Cloud. The vulnerability potentially allows denial of service, data leakage, and remote code execution in cloud environments.

Semiconductor manufacturing giant OmniVision Technologies disclosed a ransomware attack in September 2023 that led to data theft, including personal information. However, it has not detailed the type of personal information that was compromised.

This blog post presents a workflow that uses AI agents to simulate an AppSec team. The workflow features a manager, code reviewer, exploiter, mitigation expert, and report writer agent to attempt to find vulnerabilities, write PoCs, and mitigate the vulnerabilities. The post makes slightly exaggerated claims on the efficacy of the toolchain, but it serves as an early demonstration of the potential of these tools.

This is a walkthrough for implementing a SOC 2-compliant GitOps workflow. The workflow features an app repo to test and build the code and an infra repo to deploy it. The walkthrough also presents hotfix and rollback flows.

A post from Canva outlining its vulnerability management pipeline. The pipeline begins by extracting vulnerability information from its EDR, then utilizing its MDM to automatically push updates for managed applications or when an application is not managed, creating tickets for IT. The post also includes success metrics and a discussion of the results and difficulties of the process.

HoneyTrail is a set of honey services to be deployed in an AWS account to detect unauthorized access. The suite uses a separate CloudTrail trail for ease of detection and alerting.

Precli is designed to do static code analysis of source code with a number of rules covering the standard library for the corresponding programming language.

Mobile apps and SDKs face threats such as reverse engineering, back-end abuse, app cloning, and piracy. What's the best way to protect them? This Guardsquare webinar will compare two popular answers: compiler-based tech and wrapper solutions. How does each approach balance depth of protection, build times, and adaptability? Join the webinar to find out

Covering API and web application security, NightVision will simulate attacks to identify exploitable defects before they enter production and integrates directly with the standard development workflows and CI/CD pipelines.

Students have discovered a security flaw in internet-connected laundry machines used by millions of college students that allows free operation and manipulation of account balances through an app's API vulnerability. The vulnerability affects over a million machines across North America and Europe owned by CSC ServiceWorks.

The European Union has approved the groundbreaking and first-of-its-kind AI Act, establishing risk-based regulations for artificial intelligence. The law bans certain high-risk AI use cases and imposes obligations for high-risk applications like biometrics. It will come into force across the EU in phases.

Elastic Security Labs uncovered an intrusion set named REF4578 with a primary payload called GHOSTENGINE that targeted crypto mining operations by deploying malicious modules and exploiting vulnerable drivers. GHOSTENGINE aims to disable security solutions, establish persistence, and execute a crypto-miner while utilizing elaborate techniques to evade detection and ensure system infection.

GitHub addressed a serious flaw in GitHub Enterprise Server that allowed unauthorized access without authentication for server versionsserver versions below 3.13.0.

Veeam has warned customers about a critical security vulnerability in its Backup Enterprise Manager (VBEM), which allows attackers to sign into any account without authentication.

Wi-Fi router privacy vulnerabilities are being used to track devices like Starlink devices from conflict zones, prompting Apple to update its privacy policy.