Underage Deepfakes Exposed 👶, Finding Evil in Memory 😈, AI Finds GRUB2 Flaws 🤖

A data leak at GenNomis, an AI image site, exposed explicit deepfake material, including images of minors and celebrities ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-04-04 Takes One to Know One: The Hacker's Guide to Securing your Organization (Sponsor) Hackers have exploited the same psychological blind spots since the early Internet days. Our brains are hardwired to fall for these scams. Your team is vulnerable. Ethical hacker Rachel Tobac's latest eBook from Bitwarden reveals how businesses still fall for age-old persuasion tactics, and the technologies that could have protected them. Read the eBook to future-proof your organization with tools and strategies that shut down social engineers once and for all. > Want the ultimate defense? The industry's most trusted enterprise password manager. Awarded best password manager by G2 + CNET, you can trust Bitwarden to keep your business-critical credentials safe from threats. > Learn more about Bitwarden for Business. 🔓 Attacks & Vulnerabilities Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent (2 minute read) A vulnerability in Google's Quick Share (CVE-2024-10668) for Windows permitted unauthorized file transfers. The flaw, fixed in version 1.0.2002.2, could be exploited to bypass security and cause denial-of-service attacks. AI Image Site GenNomis Exposed 47GB of Underage Deepfakes (2 minute read) A data leak at GenNomis, an AI image site, exposed explicit deepfake material, including images of minors and celebrities. This incident raises concerns about unmonitored AI-generated content and underlines the need for improved security measures and responsible AI development. Cybersecurity researcher Jeremiah Fowler emphasized the importance of detecting and preventing harmful deepfakes. Security Flaw Found in Unitree Go1 Robot Dogs (2 minute read) Researchers at the Berlin-based security startup thinkAwesome GmbH discovered a vulnerability in Unitree Go1 robot dogs. The robots include a service called CloudSail, which is a remote access tunnel service that was preinstalled on the devices. The researchers discovered that anyone with the default credentials and a specific API key could remotely control the robots and access their cameras. 🧠 Strategies & Tactics Part 3 Code Injection : How to Detect it and Finding Evil in Memory with MemProcFS FindEvil Plugin (6 minute read) Attackers use advanced techniques, such as memory manipulation, to evade detection via code injection. Tools like Volatility and MemProcFS help spot memory structure inconsistencies indicating malicious activity. Security professionals can identify indications of code injection and process manipulation by analyzing memory permissions and DLL loading behaviors. Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats (3 minute read) There has been a surge in login scanning for Palo Alto Networks PAN-OS GlobalProtect portals, with about 24,000 unique IPs attempting access in the last 30 days. This coordinated effort may indicate a plan to discover and exploit vulnerabilities. Organizations should secure their login portals. The primary sources are the United States and Canada, reflecting patterns from a past espionage campaign targeting network devices and highlighting the need to monitor and secure critical systems. Understanding RCPs and SCPs in AWS: Choosing the Right Policy for your Security Needs (5 minute read) Resource Control Policies (RCPs) were introduced by AWS in late 2024 to restrict access to resources within your AWS organization. RCPs should be used when trying to enforce consistent security standards in supported services, you're running out of SCPs, or you want to use the NotResource condition. SCPs should be used when you want to apply a policy to services that are not supported by RCPs or use the NotAction condition. 🧑‍💻 Launches & Tools What you can learn from the industry's largest repository of SaaS breaches (Sponsor) SaaS breaches surged 300% last year, with attackers breaching core systems in as little as 9 minutes. The 2025 SaaS Security Threat Report by Obsidian Security draws from the largest SaaS breach data repository and direct involvement in +150 incidents, revealing important past trends - and what to watch out for in the future. Read the report SolarWinds launches incident response tool, boosts AI in observability platform (2 minute read) SolarWinds has launched a new incident response tool called Squadcast Incident Response. It has also improved its observability platform with AI-based updates to enhance IT operational resilience. These updates include AI-powered alert isolation, on-call management, and integrations with Microsoft Teams and Slack. OctoSQL (GitHub Repo) A CLI for querying multiple databases: JSON, Parquet, and CSV/TSV with SQL. secureCodeBox (GitHub Repo) secureCodeBox is a Kubernetes-based, modularized toolchain for continuous security scans of your software projects. 🎁 Miscellaneous Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign (2 minute read) Threat hunters have uncovered a web skimmer campaign that exploits Stripe's legacy API to validate stolen payment cards for attackers. The attackers target merchants by hiding the legitimate payment form and cloning buttons to efficiently steal card data. This operation uses malicious scripts on compromised sites and tailors the skimmer payload to each target. Microsoft's AI tool catches critical GRUB2, U-boot bootloader flaws (4 minute read) Microsoft's AI tool has detected critical vulnerabilities in bootloaders like GRUB2 and U-boot that enable attackers to bypass Secure Boot and deploy persistent malware. These flaws significantly threaten enterprises, allowing malware to survive OS reinstallation. Organizations must prioritize patching affected systems and improving firmware and bootloader updates. ⚡ Quick Links Reviewing the Cryptography Used by Signal (Blog Series) This blog series provides an explanation of how to conduct cryptographic reviews, a mapping of Signal, and an in depth look at Signal's symmetric-key authenticated encryption, Signal's use of double ratcheting protocols, key transparency, and other cryptographic features such as group messaging. Trump Advisor Reportedly Used Personal Gmail for "Sensitive" Military Discussions (2 minute read) National Security Advisor Michael Walz has been reportedly using his personal Gmail to discuss sensitive military operations. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.