TLDR Information Security 2024-07-26

For security professionals, AI is double-edged. Falling behind is risky, but so is jumping right in. What's the right balance?

AI in Tines is designed with security and privacy in mind - you decide when and how your workflows interact with AI.

Here's what security folks are saying ↘️

Amulya Namburi, SOAR Team Lead, Experian: “Automatic mode is a game-changer for new users; it makes the learning curve for advanced use cases very short.”

Allen Cox, Senior Director of Security and IT, MyFitnessPal: "It's unlocking new use cases for us.”

Kyle McGaley, Senior Security Engineer, Udemy: “In terms of what you can build with [Tines], the limit is your imagination.”

Try AI in Tines for free →

Michigan Medicine reported a data breach affecting approximately 57,000 individuals. Hackers accessed employee email accounts on May 23 and 29 and potentially accessed personal and health information.

KnowBe4 recently disclosed that a remote software engineer that it hired was a North Korean hacker who was able to make it through the interview process and pass a background check. KnowBe4 detected that the hacker's Mac immediately started loading malware. The employee refused to take a call with the team and then became unresponsive, which led KnowBe4 to contact the FBI and Mandiant.

The Binarly team has published research on how leaked private keys like the ones from Intel Boot Guard and American Megatrends International were exposed. Hardware containing these keys is still being deployed. The PKfail issue exposes poor cryptographic management practices that put devices at risk of being bypassed during the boot process. To mitigate PKfail, device vendors should follow best practices for key management and users should stay informed about security patches.

This blog post discusses the use of isolated virtual machines (VMs) to provide complete customer data separation in the architecture of Thinkst Canary. Each customer has their own VM, ensuring strong boundaries between services and data. This approach offers benefits like improved security, performance monitoring, regulatory compliance, and hardware fault isolation.

This article evaluates Amazon GuardDuty's coverage, efficacy, and cost. Coverage was limited to core attacks on core services, with few finding types across a few services. Foundational features are worth enabling, but others can be costly. GuardDuty failed to detect many tested attacks and had a best-case latency of 5:08 for an S3 ransomware simulation.

Monzo wanted a secret generation process that no entity could compromise or manipulate. Password managers with passkeys grant this assurance but don't scale to services that need to run in cloud environments. To achieve its goal, Monzo built a repeatable, deterministic build process that utilized AWS Nitro Enclaves to securely generate secrets. This was used to cryptographically verify the integrity of environments.

FlowAnalyzer is a tool to help with low level understanding of OAuth 2.0 Grants/Flows. It includes support for OIDC as well as a dedicated section on JWTs.

Lakera is a low-latency AI application firewall that secures traffic into and out of generative AI applications

This project is a CLI tool for testing various types of captchas including puzzle, text, complicated text, and reCAPTCHA using Python and Selenium. The tool uses OpenAI GPT-4 to help solve the captchas.

What defines a “material” cybersecurity incident?

This framework, built alongside 30+ cybersecurity executives, helps provide a baseline for determining what incidents could possibly be reported to the SEC.

*This does not constitute legal advice. Ultimately, “materiality” should be determined by your own legal counsel.

Google's reCAPTCHA service, while promoted as a security mechanism, is actually harvesting user information and labor worth billions. reCAPTCHA is disliked by users, costly in time and resources, and vulnerable to bots.

The "Invisible ghost" vulnerability in GitHub Copilot allows hidden instructions to be embedded using invisible Unicode characters. It can be used to manipulate code suggestions without developer awareness and potentially inject harmful code.

Cloudflare's State of Application Security Report revealed that 6.8% of all Internet traffic is malicious, with wars and elections theorized to be driving the uptick. It also noted that DDoS attacks are also on the rise, having blocked 4.5M DDoS attacks in the first quarter of 2024. About 38% of all HTTP requests processed by Cloudflare are classified as bot traffic.

The developer of the EvolvedAim cheat for Escape From Tarkov was caught selling the cheat with an information stealer embedded, putting users at risk.

GitHub's repository design allows access to data from deleted and private repositories indefinitely, creating a significant security vulnerability known as Cross Fork Object Reference (CFOR).

Let's Encrypt will stop supporting OCSP in favor of CRLs for better privacy and efficiency.