TLDR Information Security 2024-06-10

Break away from traditional SOAR with Tines. Trusted by security teams at McKesson, Canva, and Mars, Tines is scalable and accessible for the whole team.

Use Tines to automate security team toil, enrich alerts with data from across your tech stack — from endpoint detection and response to vulnerability management — and power your most important security workflows.

Get up and running in minutes, not weeks. No code. No custom development.

🆕 Power your workflows with AI: Leverage LLMs to work faster and reduce barriers to entry. AI in Tines is private and secure by design.

Start on the FREE Tines Community Edition

Security researchers warn of a critical PHP vulnerability that allows trivial remote code execution on Windows devices. Within 24 hours of its disclosure and patch release, scans for vulnerable servers were detected. Experts strongly recommend checking and patching PHP servers immediately to mitigate risks.

Frontier Communications suffered a data breach and the personal information of over 750,000 individuals, including names, addresses, emails, dates of birth, phone numbers, and Social Security numbers got leaked.

A leak of data from Disney's internal Confluence server was published to 4chan last week. The data was thought to only contain archives about Club Penguin but was revealed to also contain new information about Disney's corporate strategies, advertising plans, internal tools, business projects, and internal infrastructure. One of the tools was a high-performance asynchronous messaging library and the other was a show authoring and playback tool that allows Disney producers and authors to create non-linear experiences using real world input from sensors in Disney parks.

This post introduces the identity problems that modern SaaS apps face and the more complex ways that attackers hunt for access. It lays out SSO, user provisioning (via SCIM), and programmatic access to logs as requirements for modern SaaS apps. It also proposes proof-of-possession, continuous access evaluation profiles, and universal logout for SaaS apps of the future.

This post explores potential AI threat vectors through an offensive mindset. It discusses mitigation strategies and acknowledges the need for further development of AI security solutions as adoption rapidly increases.

This post discusses the importance of encryption at rest for web and cloud applications to protect sensitive data. It highlights the need for a clear threat model and proper key management when implementing encryption at rest. It also emphasizes the risks of confused deputy attacks and the importance of understanding the nuances of encryption strategies.

AirMDR utilizes AI for triaging security events, investigating alerts, and deploying response and containment measures.

Kubelet CSR Approver is a Kubernetes controller designed to automatically approve kubelet-serving CSRs after validating a configurable series of security checks.

Betterscan is an orchestration toolchain that uses state-of-the-art tools to scan your source code and infrastructure IaC and analyze your security and compliance risks.

Watch ThreatLocker® initiate a legit ransomware attack and provide a full breakdown of how it operates, followed by a demonstration of advanced mitigation techniques. Save your spot today!

The U.S. Justice Department's antitrust lawsuit against Google's alleged adtech monopoly will proceed as a bench trial before a judge this fall, after Google filed a $2.3 million cashier's check to cover potential damages, avoiding a potentially unpredictable jury trial.

DuckDuckGo unveiled a new AI Chat service that allows users to freely converse with mid-range LLMs while attempting to preserve privacy. The available models include OpenAI's GPT-3.5 Turbo, Anthropic's Claude 3 Haiku, Meta's Llama 3, and Mistral's Mixtral 8x7B. DuckDuckGo notes that in the case of GPT-3.5 Turbo and Claude 3 Haiku, the data needs to be sent to remote servers outside of DuckDuckGo, so the privacy experience is not as strong.

Microsoft is revising its controversial "Recall" feature for Copilot+ PCs after privacy concerns. Originally designed to capture desktop screenshots, Microsoft is now making Recall an opt-in feature with improved privacy and security safeguards.

Apple plans to increase the accessibility of its password manager by breaking it out into a standalone app.

Amid controversy over changes to its Terms of Services, Adobe claims that it does not train Firefly Gen AI models and will never assume ownership over a customer's work.

Trail of Bits has announced that it will be providing AI/ML safety and security training for organizations that covers fundamentals, vulnerabilities, risk assessment, and mitigation strategies for securing AI/ML systems.