Security Leftovers
-
Security Week ☛ Snowflake Attacks: Mandiant Links Data Breaches to Infostealer Infections
Mandiant says a financially motivated threat actor has compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems.
-
[Video] Marta Marczykowska-Górecka's Prototype Fund project: Streamlining Qubes OS device management (youtube.com)
-
Tom's Hardware ☛ Multiple Abusive Monopolist Microsoft Chaffbot instances work together to find and exploit security flaws — teams of LLMs tested by UIUC beat single bots and dedicated software
UIUC computer scientists have innovated a system for teams of LLMs to work together to exploit zero-day security vulnerabilities without an explanation of the flaws, a major improvement in the school's ongoing research.
-
Bruce Schneier ☛ Exploiting Mistyped URLs
Interesting research: “Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains“:
Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and phishing private information. In “typosquatting,” misspellings of common domains are registered to exploit errors when users mistype a web address. Yet, no prior research has been dedicated to situations where the linking errors of web publishers (i.e. developers and content contributors) propagate to users.
-
IT Wire ☛ Mandiant says stolen credentials used to steal data from 165 Snowflake customers
"During this investigation, Mandiant determined that the organisation’s Snowflake instance had been compromised by a threat actor using credentials previously stolen via infostealer malware," the researchers said.
{loadposition sam08}"The threat actor used these stolen credentials to access the customer’s Snowflake instance and ultimately exfiltrate valuable data. At the time of the compromise, the account did not have multi-factor authentication enabled."
Mandiant said it had continued its investigations after receiving additional indications that a broader campaign was targeting Snowflake customers.
"To date, Mandiant and Snowflake have notified approximately 165 potentially exposed organisations. Snowflake’s Customer Support has been directly engaged with these customers to ensure the safety of their accounts and data," the blog post said.