🔓
Attacks & Vulnerabilities
Physical security biz exposes 1.2M files via unprotected database (4 minute read)
Amberstone Security exposed nearly 1.3 million documents through a misconfigured public-facing database. The leaked data, dating back to 2017, contained over 99,000 snapshots of guards checking in for shifts. The data includes sensitive information like names, headshots, ID cards, and signatures, potentially compromising the security of the company's operations and personnel.
Why Your VPN May Not Be As Secure As It Claims (8 minute read)
VPNs may not provide complete protection against snooping when connecting from untrusted networks. Attackers on the same network can abuse the DHCP protocol to force a target's traffic off the VPN tunnel without triggering alerts. By running a rogue DHCP server and manipulating gateway settings, attackers can snoop on the target's traffic while passing it through to the legitimate gateway, bypassing the VPN's encryption.
Docker Imageless Repositories Used to Punt Malware and Phishing Schemes (4 minute read)
JFrog identified that nearly 20% of repositories on DockerHub were imageless repositories that were involved in three campaigns to social engineer users to download malware or expose credit card information. The attacks would include links in the description of imageless repositories on DockerHub to redirect users to malicious pages. JFrog worked with DockerHub to remove the repositories and remove the capability to include links in imageless repositories' descriptions.
How Not To Protect Your Android Applications (6 minute read)
This article advises against common security methods for Android apps, like relying on signing certificates and trusting the framework API, as they can be bypassed or manipulated by attackers. It also highlights the vulnerability of binary files in Android security, emphasizing the risk of hook attacks on dynamically linked binaries. The article suggests considering the potential benefits of cracked versions of apps as an alternative distribution channel with cost-effective advantages.
PDD is a Dying Fraudulent Company and TEMU is Cleverly Hidden Spyware (20 minute read)
An internal and external investigation into PDD and its shopping app TEMU concluded that the app is spyware and is likely selling or looking to sell user data. Grizzly Research conducted its own decompilation of the TEMU app and corroborated with third-party researchers that the app is harvesting user data in malicious and hidden ways. The company's corporate financials and infrastructure are also suspect.
SSO Tax, Cut (5 minute read)
This blog post discusses why Tailscale originally charged extra for advanced identity providers and why it decided to remove this charge. Tailscale requires SSO and doesn't allow for username + password authentication, but made the decision to charge extra for some paid/advanced identity providers, believing that clients of those IdPs might want premium features anyway. However, when Tailscale reevaluated its pricing structure, it realized that this created an SSO tax and customer feedback indicated that it didn't really impact their chosen services.
Police resurrect LockBit's site and troll the ransomware gang (2 minute read)
Law enforcement agencies have resurrected the seized darkweb site of the infamous LockBit ransomware gang, teasing new revelations about the group. The revived site features posts with titles suggesting that authorities plan to release information about LockBit members and their activities within the next 24 hours in an apparent move to troll and warn the hackers after successfully infiltrating their operations earlier this year.