Security Operations

Analysis of a new Facebook profile stealer written in Node.js::We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.

LFI/RCE Vulnerability in WordPress Media Library Assistant Plugin - CVE-2023-4634 - Patrowl::Discovery of 0-days with Patrowl automation of EASM and PTaaS

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers::Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration.

We monitor open-source ecosystems and analyze every package's source code and metadata

A full report of penetration test of OPNsense (an open source, FreeBSD based firewall and routing platform).::undefined

China-linked cybercriminals bypass Barracuda’s security patch::Barracuda email security gateway devices became the target of a cyber espionage attack from a group with ties to China, known as UNC4841. This group managed

Secure FastAPI with eBPF::undefined

Annoying Apple Fans: The Flipper Zero Bluetooth Prank Revealed::undefined

Mashing Enter to bypass Linux full disk encryption with TPM, Clevis, dracut and systemd::This vulnerability allows a physically-present attacker to control the full disk encryption unlock process and gain complete access to decrypted content in s...

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows::Action pinning doesn’t always offer security. Understand risks stemming from the GitHub Actions ecosystem and learn how to avoid compromise of CI/CD pipeline.

Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework::This blog is based on a session we presented at DEF CON 2023 on Friday, August 11, 2023, in Las Vegas: Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework.

Diving into Starlink's User Terminal Firmware::undefined

Grave flaws in BGP Error handling::undefined

Multiple Vulnerabilities Found in Techview LA-5570 Wireless Gateway Home Automation Controller::Multiple Vulnerabilities found in Techview LA-5570 Wireless Gateway Home Automation Controller Introduction The Security Team at [exploitsecurity.io] uncovered multiple vulnerabilities in the Techview LA-5570 Wireless Home Automation Controller [Firmware Version 1.0.19_T53]. These vulnerabilities can be used to to gain full control of the affected device. CVE-2023-34723 Vulnerability Type: Directory Indexing, allows a threat actor to list the contents of specific directories outside of the web r

cross-posted from: https://lemmy.capebreton.social/post/397946

Authors:

Lorenzo Neil, North Carolina State University; Harshini Sri Ramulu, The George Washington University; Yasemin Acar, Paderborn University & The George Washington University; Bradley Reaves, North Carolina State University

Abstract:

Users have a wealth of available security advice

far too much, according to prior work. Experts and users alike struggle to prioritize and practice advised behaviours, negating both the advice's purpose and potentially their security. While the problem is clear, no rigorous studies have established the root causes of overproduction, lack of prioritization, or other problems with security advice. Without understanding the causes, we cannot hope to remedy their effects.

In this paper, we investigate the processes that authors follow to develop published security advice. In a semi-structured interview study with 21 advice writers, we asked about the authors' backgrounds, advice creation processes in their organizations, the parties involved, and how they decide to review, update, or publish new content. Among the 17 themes we identified from our interviews, we learned that authors seek to cover as much content as possible, leverage multiple diverse external sources for content, typically only review or update content after major security events, and make few if any conscious attempts to deprioritize or curate less essential content. We recommend that researchers develop methods for curating security advice and guidance on messaging for technically diverse user bases and that authors then judiciously identify key messaging ideas and schedule periodic proactive content reviews. If implemented, these actionable recommendations would help authors and users both reduce the burden of advice overproduction while improving compliance with secure computing practices.

Open Access Media USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Neil PDF
View the slides

MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file::JPCERT/CC has confirmed that a new technique was used in an attack that occurred in July, which bypasses detection by embedding a malicious Word file into a PDF file. This blog article calls the technique “MalDoc in PDF” hereafter and...

CVE-2020-19909 is everything that is wrong with CVEs::undefined

Fake Email Validation NPM Package Contains C2 and Sophisticated Data Exfiltration::On the morning of August 24, Phylum's automated risk detection system identified a suspicious package published to npm called “emails-helper." A deeper investigation revealed that this package was part of an intricate attack involving Base64-encoded and encrypted binaries. The scheme fetches encryption keys from a DNS TXT record hosted on

New OpenSecurityTraining2 class "Exploitation 4011: Windows Kernel Exploitation: Race Condition + UAF in KTM" by Cedric Halbronn (~33 hours)::undefined

New OpenSecurityTraining2 class "Architecture 2821: Windows Kernel Internals 2" by Cedric Halbronn (~5 hours)::undefined

Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop::undefined

Deep dive into the recent bugs in the NVMe protocol and the impact on cloud providers and on-premises servers.::undefined

Traders' Dollars in Danger: CVE-2023-38831 zero-Day vulnerability in WinRAR exploited by cybercriminals to target traders::Leading provider of cybersecurity solutions: Threat Intelligence, antifraud, anti-APT. Protect better, respond faster to network security attacks and threats.

Danger: Generative AI Fuels Extremism | Deeplab.com::How cybercriminals skillfully utilize neural networks for their increasingly sophisticated and elusive illicit objectives

The Importance of Key Rotation for Data Security::Enhance data security with key rotation. Learn why regularly changing encryption keys is crucial for adequate data security.

Lateral movement: A conceptual overview::I've often been in the situation of explaining lateral movement to people who do not work in the offensive security field on a daily basis or have a different level of technical understanding. A lof of these times I've not really talked about the ways in which lateral movement is performed, but I've taken a…