TLDR Information Security 2024-06-07

In this virtual GameDay, you will complete a series of cloud security quests using Lacework and AWS.

⏳ You will have ~1 hour to build secure environments and mitigate threats.

🥪 Free lunch voucher to fuel the journey

🏆 Top 3 scorers get a Valve Steam Deck

Save your spot ↗️

The US Justice Department filed a civil forfeiture action seeking to recover over $5 million stolen from a Massachusetts trade union. The funds, part of a $6.4 million theft, have been traced to seven bank accounts which are currently seized. The legal action aims to enable the recovery of the stolen money held in those accounts

Security researcher Jeremiah Fowler discovered an unprotected database belonging to Patties Food Limited that was internet accessible. The database contained nearly 500K internal logs which exposed internal, customer, and vendor emails. The database also contained over 25K invoices which included vendors, contacts, emails, and banking information. The databases were managed by a third party known as Proveno.ai, which has responded to the responsible disclosure and protected the databases.

TikTok has fixed a 0-day vulnerability that allowed attackers to take over accounts. The vulnerability required the attacker to send a DM to the victim and the victim to open the message but did not require any further interaction such as clicking links. TikTok has not given details as to the number of accounts that were compromised.

Terrascan is an IaC scanner by Tenable that can be used to scan Terraform files, Helm Charts, Dockerfiles, and other IaC files. This post walks through the steps to install Terrascan and run it against Terraform files. It provides the full output of the sample run and walks through the found vulnerabilities.

Static and dynamic app testing are important but not enough to fully secure modern software. New automated testing procedures are needed to address evolving threats and vulnerabilities. Detection in source code is crucial for enhancing application security beyond traditional methods.

Viktor Petersson, co-founder of Screenly, walks through the process of utilizing certificates generated by Tailscale for Mutual TLS to provide an added layer of security to sensitive applications or those that don't require authentication. Petersson first generates a client certificate with Tailscale and exports it to a PKCS#12 bundle, then he imports that to a browser, and finally deploys a ghostunnel server to reverse proxy traffic on the server.

OXO is a security scanning framework that combines specialized tools to work cohesively to find vulnerabilities and perform actions like recon, enumeration, fingerprinting, and more.

TotalRecall is a tool that extracts and displays data from the new Recall feature in Windows 11. The tool demonstrates how the local Recall database can be abused by an attacker. It was developed using an Azure VM with access to the feature as Copilot+ devices have not shipped yet.

VulnCheck provides exploit intelligence for vulnerability prioritization and an early-warning system for in-the-wild software exploitation activity.

If you need managed file transfer (MFT) you can trust, choose the only MFT platform tough enough for FedRAMP and IRAP. Kiteworks is regularly audited against 325 security controls for NIST 800-53, built on a hardened virtual appliance, and offers enterprise scale-out and high availability — in the cloud, on-premises, or hybrid. Get a demo here

The British Independent Retailers Association filed a damages claim against Amazon in a £1.1 billion ($1.3 billion) collective action, alleging illegal misuse of members' proprietary data for competitive purposes and manipulation of the coveted "Buy Box" feature.

Threat actors are increasingly abusing legitimate packer software like BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers, primarily targeting financial institutions and government sectors.

Microsoft announced that it has officially deprecated the outdated NTLM authentication protocol in favor of more secure alternatives. NTLM will still work in the next release of Windows server and the next annual release of Windows. Administrators are encouraged to audit their use of NTLM and users are encouraged to transition to Negotiate which attempts authentication with Kerberos before falling back to NTLM.

Google plans to store Maps Timeline data on users' devices instead of in their Google account starting December 1.

There are more than 1.2 million cybersecurity workers in the United States, but 225,200 more people are needed.

The FBI obtained 7,000 decryption keys from the LockBit ransomware group. Victims can now unlock their data for free.