Lab Breach Affects 1.6M 🧪, Morocco CNSS Breach 🇲🇦, LLMs Hallucinating Dependencies 😵‍💫

Laboratory Services Cooperative suffered a data breach in October that affected 1.6 million individuals and exposed sensitive personal information ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-04-14 Are Your Passwords Truly Secure? Evaluate Your Security Posture With the Password Management Maturity Model (Sponsor) Cyberattackers grow bolder and data protection regulations become stricter, making organizational password management essential for employees and executives. But how can you tell whether your system is providing a solid defense or putting your organization at risk? The Bitwarden Password Management Maturity Model is a free + simple framework that reveals whether you're in the Wild West of dangerously exposed credentials, or a password-managing powerhouse with ironclad defenses. Ranked as the industry's most trusted enterprise password manager, Bitwarden serves over 50,000 businesses worldwide. Join more than 10 million users and try it for free today. 🔓 Attacks & Vulnerabilities 1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative (2 minute read) Laboratory Services Cooperative (LSC) suffered a data breach in October that affected 1.6 million individuals. The cyberattack exposed sensitive personal information, including names, contact details, Social Security numbers, health insurance information, and medical records. Some Planned Parenthood patients were impacted. National Social Security Fund of Morocco Suffers Data Breach (2 minute read) A threat actor, 'Jabaroot,' claims to have breached Morocco's National Social Security Fund (CNSS), compromising the data of nearly 2 million citizens. The leak includes personal and financial details like passports, emails, and banking information, posing significant identity theft and fraud risks for those affected. Fortinet: Symlink trick gives access to patched FortiGate VPN devices (3 minute read) Fortinet warns that threat actors can maintain access to FortiGate VPN devices after patching by creating symbolic links to the root file system via SSL-VPN, allowing read-only access. Users should upgrade to the latest FortiOS version to eliminate malicious files and check configurations for unauthorized changes. 🧠 Strategies & Tactics Uncovering a 0-Click RCE in the SuperNote Nomad E-ink Tablet (8 minute read) There was a remote code execution vulnerability in the SuperNote A6 X2 Nomad tablet that let attackers on the same network compromise the device without user interaction. The exploit involved identifying an open port with a custom HTTP server, discovering a path traversal flaw for arbitrary file placement, and uploading a malicious firmware update to the EXPORT directory, which auto-installs using publicly available debug keys. The exploit was responsibly disclosed to Ratta Software in July - the company acknowledged it and made plans to fix it in its December 2024 update, but a patch has yet to appear. TROX Stealer: A deep dive into a new Malware as a Service (MaaS) attack campaign (10 minute read) TROX Stealer, a Malware-as-a-Service first identified in December 2024, uses urgent debt collection phishing emails to entice victims into downloading malicious executables. It features a multi-stage execution chain with Python, Node.js, and WebAssembly to evade detection, stealing sensitive data like credit cards, browser credentials, cryptocurrency wallets, and Discord/Telegram session files. The attackers have a structured infrastructure, with domains registered nine months prior to the attack, indicating careful planning and marketing on hacking forums. Static Analysis via Lifted PHP (Zend) Bytecode (7 minute read) Eptalights Research analyzes PHP code at the bytecode level, providing a reliable method for understanding execution. Its technology converts Zend bytecode into a Pythonic model, simplifying the analysis of obfuscated PHP code that is hard to interpret at the source level. This is especially useful for obfuscated code with goto statements or encoded files using loaders, granting access to control flow, variables, and call sites even when the source is obscured. 🧑‍💻 Launches & Tools Spektion (Product Launch) Spektion provides vulnerability analysis for an organization's entire software inventory, leveraging runtime behavior analysis to provide detailed information on real risks and enable customers to prioritize and mitigate flaws, even those without CVEs or patches. Cable (GitHub Repo) .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation. jxscout (GitHub Repo) jxscout serves as a resource for security researchers looking to examine JavaScript code for vulnerabilities. It works seamlessly with proxies such as Burp or Caido to capture and arrange static assets, pre-fetch code segments, automatically beautify JS, and reverse source maps when the .map files are accessible. 🎁 Miscellaneous LLMs can't stop making up software dependencies and sabotaging everything (5 minute read) AI coding assistants often hallucinate non-existent software packages, creating a security vulnerability called "slopsquatting." Attackers exploit this by creating malicious packages using these hallucinated names, so it is recommended for developers to double-check the package they are installing is the correct one. 10 Bugs Found in Perplexity AI's Chatbot Android App (3 minute read) Researchers have found ten critical security flaws in Perplexity AI's Android app, including hardcoded API keys, network vulnerabilities, and weak authentication. These issues could allow attackers to bypass security measures and access user data. Experts recommend that Android users immediately uninstall the app until these easily exploitable vulnerabilities are fixed. A next-generation Certificate Transparency log built on Cloudflare Workers (16 minute read) The new static CT API log design simplifies operations and improves integrity for Certificate Transparency systems, serving log data efficiently to reduce costs and enhance availability. Cloudflare's Azul implementation on Workers further streamlines the process for CT log operators. ⚡ Quick Links China Admitted Its Role in Volt Typhoon Cyberattacks on U.S. Infrastructure (2 minute read) China acknowledged its involvement in cyberattacks on US infrastructure, which were interpreted as a warning over US support for Taiwan, during a secret meeting with US officials. Microsoft Defender will isolate undiscovered endpoints to block attacks (2 minute read) Microsoft Defender for Endpoint is trialing a feature that blocks traffic from unidentified endpoints to hinder lateral movement by attackers. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.