Extensions Imitating Password Managers 🌐, Zen Microcode Hacking 🧘‍♂️, Stolen Taylor Swift Tickets 💃

Researchers at SquareX Labs developed a new "polymorphic" attack allowing malicious Chrome extensions to steal sensitive data ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-03-07 Beyond ROI: 5 Steps to Reposition Security as a Business Driver (Sponsor) Everybody knows data breaches can cost millions and negatively impact your brand. That's why robust security programs and inbound security reviews are critical to building customer trust. But when lengthy security processes begin stalling deals and creating internal friction, leadership starts to question security's ROI. This guide by SafeBase covers strategies and real customer success stories for repositioning security as a strategic business enabler rather than a necessary evil. Inside, you'll find practical ways to bridge the gap between security operations and business objectives, and how to move towards a more value-driven approach to cybersecurity. Download your copy here → 🔓 Attacks & Vulnerabilities Cybercriminals arrested for stealing hundreds of concert tickets through StubHub exploit (2 minute read) Two cybercriminals, Tyrone Rose and Shamara Simmons, were arrested for stealing hundreds of digital event tickets, including for Taylor Swift's Eras Tour. They intercepted legitimate StubHub URLs after purchases and resold about 900 tickets for over $600,000. The pair face grand larceny charges and potentially 3-15 years in prison. ChatGPT Operator Prompt Injection Exploit Leaking Private Data (2 minute read) ChatGPT Operator is an advanced AI agent equipped with web browsing and reasoning capabilities that can interact with websites on behalf of users. It is vulnerable to Prompt Injection attacks via instructions embedded into text or web content that can cause the model to browse sensitive pages and leak the information to attacker-controlled websites. OpenAI has implemented defenses such as prompting the user for confirmation, but researchers have shown that these mitigations can be bypassed. Malicious Chrome Extensions Can Spoof Password Managers in New Attack (2 minute read) Researchers at SquareX Labs developed a new "polymorphic" attack allowing malicious Chrome extensions to steal sensitive data. Once a user is tricked into installing the extension, it scans for password managers, impersonates them, and prompts users to reauthenticate, sending the information to attackers. SquareX Labs has urged Google to restrict extensions' ability to alter their appearance or behavior, but no mitigations currently exist for this attack. 🧠 Strategies & Tactics Zen and the Art of Microcode Hacking (13 minute read) This post details the concepts and tools behind EntrySign, the AMD Zen microcode signature validation vulnerability disclosed last month. It delves into microcode fundamentals, AMD's anti-tampering measures, and the specific vulnerability involving the CMAC hash function. It also announces the release of the Zentool suite, which consists of tools for microcode patch examination, including limited disassembly, microcode patch authoring using a limited amount of reverse-engineered assembly, microcode patch signing, and microcode patch loading. Four Ways to Grant Cross-Account Access in AWS (4 minute read) Grant access to a specific IAM role using the Principal element of the resource-based policy, an AWS account using the Principal element, a particular IAM role in an account using the AWS:PrincipalArn condition, and an entire AWS organization using the AWS:PrincipalOrgId condition. This post includes an example scenario with an S3 bucket and discusses tradeoffs associated with each method. Auto-Color: An Emerging and Evasive Linux Backdoor (11 minute read) Palo Alto's Unit 42 is monitoring a new malware known as Auto-Color. Upon startup, if the malware is not named Auto-Color, it will try to install a malware implant that imitates libcext.so. It also copies itself to /var/log/cross/auto-color and adds this library to ld.preload. Besides its command and control capabilities, the harmful library implant uses custom encryption and strives to conceal network communications by hooking into libc's open function. 🧑‍💻 Launches & Tools Considering a new SIEM for the AI era? (Sponsor) Organizations have been using SIEMs for decades — but the needs of SOC leaders and practitioners have changed dramatically. Ensure you choose an approach that works for your organization. Learn what questions you should be asking of your next SIEM. Aryon Security (Product Launch) Aryon scans the cloud application and infrastructure for security issues or policy violations before deployment. If any issues are detected, the platform alerts the developers with suggestions for resolving the problem. copa (GitHub Repo) copa is a CLI tool written in Go and based on buildkit that can be used to directly patch container images given the vulnerability scanning results from popular tools like Trivy. CaptainCredz (GitHub Repo) CaptainCredz is a modular password-spraying tool with a cache mechanism and fine-grained timing control. 🎁 Miscellaneous Badbox Android botnet disrupted through coordinated threat hunting (3 minute read) Badbox Android botnet was disrupted by a coordinated effort by Google, Human Security, and others to stop the compromised devices from talking to C2 servers. It was distributing malware through compromised Android-based TV boxes. UK quietly scrubs encryption advice from government websites (3 minute read) The UK government took down encryption advice from its websites shortly after requesting backdoor access to Apple's iCloud. The National Cyber Security Centre has stopped recommending encryption for individuals at high risk of being attacked. Memory Safety Will Be Key to Tackle Fundamental Cyber Security (5 minute read) UK Government's Digital Security by Design (DSbD) is championing technologies like CHERI to improve memory safety to add hardware-level memory safety that could work with existing C/C++ codebases. CHERI provides extensions to hardware ISAs to enable fine-grained memory safety. ⚡ Quick Links US charges Chinese hackers linked to critical infrastructure breaches (3 minute read) The US Justice Department has charged APT27 hackers with conducting global cyberattacks on government agencies since 2011. Hackers Deploy AI Deepfake of YouTube CEO in Credential Theft Scam (3 minute read) Scammers used AI deepfake technology to impersonate YouTube's CEO in a phishing scam targeting content creators. US seizes domain of Garantex crypto exchange used by ransomware gangs (2 minute read) The U.S. Secret Service seized the domain of sanctioned Russian crypto exchange Garantex with the DOJ's Criminal Division, FBI, and Europol. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.