Wallet drainers steal $500M 💰, Building an offensive AI agent 👾, Nessus scanner agents offline 🕵️‍♂️

Wallet drainer malware stole nearly $500 million in cryptocurrency from over 332,000 victims in 2024, a 67% increase from 2023. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR TLDR Information Security 2025-01-07 🔓 Attacks & Vulnerabilities Windows 10 Users Urged to Upgrade to Avoid Security Fiasco (2 minute read) ESET is urging Windows 10 users to upgrade to Windows 11 before Oct 2025, which is when Windows 10 reaches EoL and stops receiving security updates. Almost 63% of Windows users are still running Windows 10. Adoption has been slow due to missing features and the TPM requirement. Microsoft will be offering Extended Security Update plans for businesses and individuals. Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024 (2 minute read) Wallet drainer malware stole nearly $500 million in cryptocurrency from over 332,000 victims in 2024, a 67% increase from 2023. The highest activity was in Q1 with $187.2 million stolen, though the largest single theft ($55.48 million) occurred in August. Atos rejects Space Bears' breach allegations, points to third-party infrastructure link (3 minute read) French IT firm Atos has denied the Space Bears ransomware group's claims of a system breach from December 28. It initially rejected all compromise allegations, but later clarified that the incident involved compromised external third-party infrastructure containing Atos-related data, not its own systems. 🧠 Strategies & Tactics How Attackers Abuse Serverless Services to Harvest Sensitive Data from Environment Variables (10 minute read) This post provides an overview of how attackers exploit environment variables from serverless devices post-exploitation. When secrets are stored directly in environment variables, they can be leaked by an attacker that can achieve code execution on the function. As permissions are generally provided to the serverless execution environment via environment variables, they can also be acquired by the attacker to pivot to other services in the account that the function can access. To mitigate these issues, utilize Secrets Manager services, audit functions, scope roles to least privilege, and alert on abuse. How to Build an Offensive AI Security Agent (7 minute read) This post walks through the process of building a POC for an offensive AI security agent that was able to analyze a JavaScript file to discover API endpoints and detect a vulnerability. The author provided the AI agent with 4 "tools" to find endpoints, format an API request, execute the test, and analyze the results. The post also provides some lessons learned, such as the importance of effective prompting, the power of agentic workflows, and the strengths of Claude 3.5 Sonnet for code writing. OpenAI's red teaming innovations define new essentials for security leaders in the AI era (7 minute read) OpenAI has released two papers showcasing its advanced approach to AI security through red teaming. The company employs external teams to find vulnerabilities and use automated reinforcement learning for attack simulation. Its human-in-the-middle approach combines human expertise with AI techniques, setting new standards for AI model safety. 🧑‍💻 Launches & Tools Quality of Life Beacon Object Files (GitHub Repo) A collection of Cobalt Strike Beacon Object Files for use in red team engagements. Frizbee (GitHub Repo) Frizbee is a tool that takes a tag and returns a checksum. Access (GitHub Repo) Access is a tool that utilizes the Okta API to provide a centralized portal for employees to discover, request, and manage their access to internal systems. 🎁 Miscellaneous From Remediation to Mitigation: Addressing Insecure-by-Design Flaws (6 minute read) Insecure-by-Design flaws are vulnerabilities inherent to the design of a system. They require a full redesign of the system remediate. These vulnerabilities should first be mitigated by implementing guardrails and monitoring tools. Once mitigations are in place, a slow sunsetting process can be started to reduce downstream impacts. Amit Yoran, chair and CEO of cybersecurity firm Tenable, dies unexpectedly after cancer battle (3 minute read) Amit Yoran, CEO of cybersecurity company Tenable and former U.S. National Cybersecurity Director, died unexpectedly at 54 while on medical leave for cancer treatment. Tenable went public successfully in 2016 under his leadership. The company's COO and CFO are serving as interim co-CEOs. Nessus scanner agents went offline due to a faulty plugin update (2 minute read) Tenable disabled two Nessus scanner agent versions due to a faulty plugin update that caused agents to go offline. The company released Nessus Agent v10.8.2 to address the issue and has advised customers to upgrade to this version or downgrade to 10.7.3 to resolve offline agent problems. Plugin feed updates were temporarily paused to prevent further issues. ⚡ Quick Links CISA says recent government hack limited to US Treasury (1 minute read) CISA confirmed that a recent hack attributed to the Chinese state-sponsored hackers at the US Treasury did not affect other federal agencies. Microsoft Bing shows misleading Google-like Page for 'Google' searches (2 minute read) Microsoft Bing displays a misleading Google-like search page when users search for 'Google'. Malicious npm packages target Ethereum developers (2 minute read) Malicious npm packages are targeting Ethereum developers by impersonating Hardhat plugins to steal private keys and sensitive data. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile If you don't want to receive future editions of TLDR Information Security, please unsubscribe from TLDR Information Security or manage all of your TLDR newsletter subscriptions.