TLDR Information Security 2024-04-15

A hacker breached Canadian retail chain Giant Tiger, exposing 2.8 million customer records with personal information. The compromised data included email addresses, names, phone numbers, and physical addresses, but financial information was not affected. Customers can check if their data was leaked using the HaveIBeenPwned service.

Threat actors are exploiting a critical command injection vulnerability (CVE-2024-3400) in Palo Alto Networks firewalls that allows unauthenticated attackers to execute arbitrary code with root privileges. The vulnerability, with a severity score of 10/10, affects the GlobalProtect feature in PAN-OS versions 10.2, 11.0, and 11.1.

Roku acknowledged a security breach where hackers gained access to around 576,000 user accounts. This is the second such incident for the streaming device maker, raising concerns about the company's data security measures and the potential exposure of users' personal information.

This blog post explores the internals of seccomp including its architecture, key concepts, and practical applications. The post provides kernel code examples that refer to x86_64 architecture with Linux kernel version 6.7.1. The second part of the post is expected to cover seccomp notifications.

This blog summarizes the architecture of a fully-featured open source SOC lab consisting of powerful technologies used by Fortune 500 companies. Despite being open source, these tools offer comprehensive security incident detection, response, automation, and threat intelligence capabilities.

This article discusses a significant security breach involving the XZ compression tool, used widely in Linux distributions, which was discovered to contain a malicious backdoor. This backdoor specifically targeted distribution builds using GCC and glibc, raising serious concerns about supply chain security. The openSUSE team, upon discovering the threat, acted swiftly to remove the compromised software and rebuild affected packages to ensure system integrity. The scenario emphasizes the need for heightened security measures and more robust community vigilance in open-source projects.

hauditor is a tool designed to analyze the security headers returned by a web page and report dangerous configurations.

Simbian is an autonomous security platform for enterprises. Humans make all the strategic decisions while AI implements those decisions.

A Kubernetes attack graph tool that enables automated calculation of attack paths between assets in a cluster.

Royal Mail introduced barcoded stamps to enhance security and prevent forgeries, but counterfeit stamps have flooded the UK. Customers face fines for unknowingly using fake stamps purchased at Post Offices. The transition to barcoded stamps raised privacy concerns due to the potential loss of anonymity in mail.

Attackers are manipulating GitHub search rankings by creating malicious repositories with popular names and topics and using automated updates and fake stars to deceive users. The recent campaign involves a large malware executable that targets cryptocurrency wallets, establishing persistence through a scheduled task.

A former security engineer at Amazon, Shakeeb Ahmed was sentenced to three years in prison for hacking two cryptocurrency exchanges in July 2022 and stealing over $12.3 million. He pled guilty to computer fraud charges in December 2023 following his arrest in July. Ahmed exploited security flaws to insert fake pricing data and fraudulently generate inflated fees, which he then withdrew.

Google has introduced Chrome Enterprise Premium, a new version of its browser for organizations that offers advanced security features for a monthly fee per user.

LastPass avoided a security breach in which an employee was targeted with a deepfake scam impersonating the CEO.

The FBI warns of a large wave of text message scams that trick people into clicking links to pay unpaid tolls.