VayFul Security - August 27 2024

Hi all!

Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…

📰 SECURITY BYTES

Qilin Ransomware Caught Stealing Credentials Stored in Google Chrome - Sophos investigation reveals a concerning evolution in the tactics of the Qilin ransomware group. Beyond file encryption, Qilin is now targeting Google Chrome browsers on infected devices to steal stored login credentials. #ransomware #chrome #credentials #stealing

Fraudulent Slack Ad shows Malvertiser’s Patience and Skills to Attack Slack Users - Malwarebytes researchers uncover a sophisticated new attack targeting Slack users. The scam involves fraudulent Slack ads disguised as legitimate download links for the platform itself. These ads appear above actual search results, making them particularly deceptive. #malware #adware #slack #malicious #ads

China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches - The attack involved a previously unknown zero-day vulnerability (CVE-2024-20399) in Cisco's NX-OS software,exploited by a China-linked threat group dubbed "Velvet Ant." This vulnerability allowed attackers to gain unauthorized access to underlying systems and potentially move laterally within a network. #cisco #0day #vulnerability #unauthorized #access

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2024-38210) - CVE-2024-38210 affecting the Microsoft Edge browser. This vulnerability could potentially allow attackers to steal cryptographic private keys, compromising user security. The Microsoft Security Response Center (MSRC) recommends updating to Edge version 128.0.2739.42 or later as soon as possible to address the issue. #microsoft #edge #chromium #rce

SolarWinds Web Help Desk Hit with Critical Hardcoded Credential Vulnerability (CVE-2024-28987) - A critical vulnerability (CVE-2024-28987) has been discovered in SolarWinds Web Help Desk (WHD) versions before 12.8.3 Hotfix 2. This vulnerability stems from hardcoded credentials within the software, allowing remote,unauthenticated attackers access to internal functionalities and data manipulation. #solarwinds #hardcoded #creds #leakage

🔥 INTERESTING WRITEUPS

CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list() - [4263$ Bounty]

[CVE-2024-35176] DoS vulnerability in REXML -  [2142$ Bounty]

📝 BLOGS & ARTICLES

Exposing Security Observability Gaps in AWS Native Security Tooling - Security Runners dives into the potential security observability shortcomings within AWS environments. It highlights the limitations of relying solely on AWS IAM Access Analyzer and emphasizes the importance of comprehensive security observability practices. #aws #cloud #security #gaps

The Hunt for ALBeast: A Technical Walkthrough - Security researchers at Miggo have uncovered a critical configuration-based vulnerability dubbed "ALBeast" affecting applications utilizing AWS Application Load Balancer (ALB) authentication. #security #aws #alb #misconfig

How to Effectively Monitor Internal Pen Testers - Internal penetration testing (pentesting) is a valuable tool for identifying security vulnerabilities in your digital infrastructure. However, ensuring a thorough and safe pentest requires proper oversight. #internal #pentest #appsec

Proxy Logs: Preserving Client IPs in AWS PrivateLink - This blog post explores the advantages of combining the Proxy Protocol with AWS Private Link. The Proxy Protocol,designed for secure transport of connection information, enhances security in cloud environments when used with AWS Private Link, a service that facilitates secure communication between applications and AWS resources. #aws #squid #internet #proxy

🛠️TOOLS

CloudCommotion - Cloud Commotion intends to cause chaos to simulate security incidents. #cloud #security #incidents #simulation

Devtron - Cloud Native tool integration platform for Kubernetes. #cloud #kubernetes #integration

Cloud-security-list - Cloud security engineers are notoriously overworked and under-resourced. This curated list has links to tools, frameworks and resources to make their lives easier. #cloud #security #resources

🧠 TUTORIALS & SKILL-BUILDING

Ping a Site to Find Out Information About it - The ping command assists in obtaining domain information and the IP address of the target website. In this comprehensive tutorial, "Ping Command: Boosting Network Performance with Command Line Utility," we delve into the ins and outs of the ping command line utility. #ping #tool #capability

SQL Injection Isn't Dead Smuggling Queries at the Protocol Level - Defcon’32 presentation by Paul Gerste reveals a novel attack vector exploiting vulnerabilities in database communication protocols. This research demonstrates how carefully crafted data packets can bypass traditional defenses, injecting malicious SQL queries directly into the database server. #sqli #attacks

Uncovering Critical Vulnerabilities in Magento: A Deep Dive - Explore the importance of proactive and reactive security research, the limitations of traditional vulnerability scoring systems like CVSS and EPSS, and the significance of understanding exploitability in assessing vulnerabilities. Learn about the need for deeper insights into security risks and the value of in-depth research for security teams. #appsec #vulnerabilities

🎁 MISCELLANEOUS

Bullshit-detector - It is a game-changing platform that empowers you to seamlessly identify and tackle mission-critical jargon, enabling a frictionless transition to clear, impactful communication.

Frontend AI Tool Is Now Supporting React, Angular, CSS, Svelte, Vue - Make your first request speed up your frontend. Ask for a component or upload an image, and instantly receive ready-to-use code without lifting a finger. #website #frontend #ai

Leveraging AI for Efficient Incident Response and Root Cause Analysis - Facebook Engineering details their approach to optimizing incident response using AI. They describe a new system that leverages a combination of heuristic-based retrieval and large language model ranking to expedite root cause identification during investigations. #ai #security #incident #response

🎯 QUOTE OF THE DAY

⭐ HOW DID WE DO?

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.

That’s a wrap!

Thank you for reading,
VayFul Team