TLDR Information Security 2024-06-07

Tiktok fixes 0-day ğŸŽµ, Windows Recall data extraction 🧠, FBI Obtains Lockbit keys 🔒

🔓
Attacks & Vulnerabilities

Uncle Sam seeks to claw back $5M+ stolen from trade union through spoofed email (3 minute read)

The US Justice Department filed a civil forfeiture action seeking to recover over $5 million stolen from a Massachusetts trade union. The funds, part of a $6.4 million theft, have been traced to seven bank accounts which are currently seized. The legal action aims to enable the recovery of the stolen money held in those accounts

Australian Food Service Provider's Internal Records and Invoices Exposed in Third Party Data Breach (4 minute read)

Security researcher Jeremiah Fowler discovered an unprotected database belonging to Patties Food Limited that was internet accessible. The database contained nearly 500K internal logs which exposed internal, customer, and vendor emails. The database also contained over 25K invoices which included vendors, contacts, emails, and banking information. The databases were managed by a third party known as Proveno.ai, which has responded to the responsible disclosure and protected the databases.

TikTok Fixes 0-Day Bug Used to Hijack High-Profile Accounts (2 minute read)

TikTok has fixed a 0-day vulnerability that allowed attackers to take over accounts. The vulnerability required the attacker to send a DM to the victim and the victim to open the message but did not require any further interaction such as clicking links. TikTok has not given details as to the number of accounts that were compromised.
🧠
Strategies & Tactics

Security First: DevSecOps Empowerment with Terrascan (8 minute read)

Terrascan is an IaC scanner by Tenable that can be used to scan Terraform files, Helm Charts, Dockerfiles, and other IaC files. This post walks through the steps to install Terrascan and run it against Terraform files. It provides the full output of the sample run and walks through the found vulnerabilities.

Why SAST + DAST can't be enough (7 minute read)

Static and dynamic app testing are important but not enough to fully secure modern software. New automated testing procedures are needed to address evolving threats and vulnerabilities. Detection in source code is crucial for enhancing application security beyond traditional methods.

Secure your Tailscale Infrastructure Further with Mutual TLS (4 minute read)

Viktor Petersson, co-founder of Screenly, walks through the process of utilizing certificates generated by Tailscale for Mutual TLS to provide an added layer of security to sensitive applications or those that don't require authentication. Petersson first generates a client certificate with Tailscale and exports it to a PKCS#12 bundle, then he imports that to a browser, and finally deploys a ghostunnel server to reverse proxy traffic on the server.
🧑‍💻
Launches & Tools

OXO (GitHub Repo)

OXO is a security scanning framework that combines specialized tools to work cohesively to find vulnerabilities and perform actions like recon, enumeration, fingerprinting, and more.

TotalRecall (GitHub Repo)

TotalRecall is a tool that extracts and displays data from the new Recall feature in Windows 11. The tool demonstrates how the local Recall database can be abused by an attacker. It was developed using an Azure VM with access to the feature as Copilot+ devices have not shipped yet.

VulnCheck (Product Launch)

VulnCheck provides exploit intelligence for vulnerability prioritization and an early-warning system for in-the-wild software exploitation activity.
ğŸŽ
Miscellaneous

UK retailers file a £1.1B collective action against Amazon over claims of data misuse (3 minute read)

The British Independent Retailers Association filed a damages claim against Amazon in a £1.1 billion ($1.3 billion) collective action, alleging illegal misuse of members' proprietary data for competitive purposes and manipulation of the coveted "Buy Box" feature.

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (2 minute read)

Threat actors are increasingly abusing legitimate packer software like BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers, primarily targeting financial institutions and government sectors.

Microsoft Deprecates Windows NTLM Authentication Protocol (3 minute read)

Microsoft announced that it has officially deprecated the outdated NTLM authentication protocol in favor of more secure alternatives. NTLM will still work in the next release of Windows server and the next annual release of Windows. Administrators are encouraged to audit their use of NTLM and users are encouraged to transition to Negotiate which attempts authentication with Kerberos before falling back to NTLM.
⚡️
Quick Links

Google Maps Timeline Data to be Stored Locally on Your Device for Privacy (2 minute read)

Google plans to store Maps Timeline data on users' devices instead of in their Google account starting December 1.

225,000 More Cybersecurity Workers Needed in US: CyberSeek (2 minute read)

There are more than 1.2 million cybersecurity workers in the United States, but 225,200 more people are needed.

FBI obtains 7,000 LockBit ransomware decryption keys (2 minute read)

The FBI obtained 7,000 decryption keys from the LockBit ransomware group. Victims can now unlock their data for free.
Curated news 📰, research 🧑‍🔬, and tools 🔒 for information security professionals
Join 300,000 readers for