X Insider Leaks Profile Data ❌, Protecting Devices From FindMyTracking📍, Compromising C2 Communications 📱

A data leak on X exposed information from 2.87 billion users. The leaked data includes a wealth of profile details but does not contain emails ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-03-31 Secure your cloud workspace before, during and after a breach (Sponsor) Your Google Workspace or Microsoft 365 platform is where your company works, communicates, and collaborates — it's your business's critical infrastructure. Protecting it with a patchwork of native security and point solutions leaves gaps – the biggest being visibility after an attacker has made it inside. Material Security is purpose-built to protect the entire cloud workspace – email, data, and accounts. With deep integration and powerful automations, Material prevents and detects a wider range of threats, responds to active attacks faster, and secures data and accounts even after a breach. All within a platform that fits seamlessly into existing workflows–making your security team's jobs easier, and protecting your users without slowing them down. See Material in action now! 🔓 Attacks & Vulnerabilities X Hit by Data Leak of 2.8 Billion Users; Allegedly an Insider Job (3 minute read) A data leak on X, possibly due to a disgruntled employee, exposed information from 2.87 billion users. The leaked data includes a wealth of profile details but does not contain email addresses. Despite the massive breach, X has not acknowledged the incident publicly. Security Firm Hacks Ransomware Gang, Cripples Operations (3 minute read) After discovering a vulnerability on BlackLock's data leak site, Resecurity researchers have been covertly acquiring information since late 2024. The researchers exploited a Local File Inclusion vulnerability to retrieve server-side configuration details and credentials along with plain text server logs, SSH credentials, and command-line histories. Resecurity researchers utilized their position to warn law enforcement and potential victims before leaks occurred. New Ubuntu Linux Security Bypasses Require Manual Mitigations (2 minute read) Researchers at Qualys have discovered three new vulnerabilities in Ubuntu 23.10 and 24.04 that could allow a local attacker to create user namespaces with full administrative privileges. The bypass mechanisms utilize aa-exec, busybox, or LD_PRELOAD. Canonical has shared that they will be treating these vulnerabilities as limitations of a defense-in-depth mechanism and shared recommended hardening steps to address them. 🧠 Strategies & Tactics TCCing is Believing (14 minute read) Apple has added a new feature called Endpoint Security events for TCC modifications in MacOS 15.4. Exposed with ES_EVENT_TYPE_NOTIFY_TCC_MODIFY flag, this feature allows security tools to detect and possibly override user decisions on granting access to protected resources. The events will provide information on when a TCC permission is granted or revoked, helping users monitor and control access to their system. Compromising Threat Actor Communications (12 minute read) Many threat actors utilize Telegram bots as a method of establishing C2 communication. In this technique, a threat actor creates a new Telegram bot, embeds a token for the bot in their malware and deploys it, then malware then periodically polls Telegram's servers to check for new commands sent to the bot and executes any commands that are sent while relaying the results back to the Telegram server. This post deep dives into a case study in which a malware that was discovered on VirusTotal was hijacked by the author, who discovered data from the malware developer's system which they used for testing. 🧑‍💻 Launches & Tools Landrun (GitHub Repo) Use Linux Landlock to run any Linux process in a secure, unprivileged sandbox. This tool is like firejail, but lightweight, user-friendly, and baked into the kernel. Brutespray (GitHub Repo) Brutespray serves as a utility for executing password spraying attacks by utilizing outputs from scanners like nmap or Nexpose. goLAPS (GitHub Repo) goLAPS is a tool to retrieve LAPS passwords from an Active Directory domain. 🎁 Miscellaneous Browser-native ransomware may be the next billion-dollar threat (3 minute read) Browser-native ransomware could target data stored in browsers, bypassing traditional security measures. This type of ransomware is hard to detect and can lead to severe consequences, such as compromising email services and stealing sensitive company files. Protecting Android, Windows, and Linux devices against being tracked via the Find My network (5 minute read) Malicious actors can track Android, Windows, or Linux devices through an Apple Find My network vulnerability using malware that mimics AirTag signals. They can monitor movements remotely, affecting smartphones, computers, smart TVs, etc. Apple has issued patches, and users should disable Bluetooth when not in use and keep devices updated. Zhou Shuai: A Hacker's Road to APT27 (6 minute read) Zhou Shuai is a Chinese hacker that first started hacking in his senior year of high school in 1996. Shuai's early motivations as a founding member of Green Army were idealistic as he sought to be a hacktivist vigilante. Shuai eventually ended up becoming more commercial and less idealistic and is now designated as APT27 and sanctioned by the U.S. Department of the Treasury. ⚡ Quick Links Rust adopting Ferrocene Language Specification (2 minute read) The Rust project has announced that it will adopt the Ferrocene Language Specification (FLS) developed by Ferrous Systems and maintain it as part of the core project. North Korea Ramps Up Cyber Offensive (1 minute read) North Korea has opened a new research center to focus on AI-powered hacking. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.