Attacks & Vulnerabilities |
Clinical Data Stolen in Cyber-Attack on Kidney Dialysis Provider DaVita (2 minute read)
US-based kidney dialysis provider DaVita confirmed that sensitive PII and clinical data were stolen from its systems, impacting over 900K customers. In an attack that began on March 24 and continued until April 12, the attackers stole names, dates of birth, SSNs, health-insurance information, health conditions and other treatment details, specific dialysis lab test results, tax identification numbers, and images of checks written to DaVita. |
Columbia University 2025 Data Breach Exposes Student Financial Records (2 minute read)
A report from Bloomberg details the data that was stolen from Columbia University in a politically motivated data breach that occurred in June. The attackers stole banking details, GPA records, student loan disbursement records, scholarship information, health-related financials tied to university insurance plans, and other PII from current students and alumni dating back several years. |
ReVault! When Your SoC Turns Against You (4 minute read)
Cisco Talos reported 5 vulnerabilities to Broadcom and Dell affecting the ControlVault3 firmware and its associated Windows APIs. Dell ControlVault is a hardware-based Unified Security Hub (USH) that connects various security peripherals, such as fingerprint readers, smart card readers, and NFC readers, to function as a vault for storing passwords, biometric templates, and security codes. These vulnerabilities include a remote code execution vulnerability that could allow non-administrative users to read data off the ControlVault firmware or store an implant on it, as well as a vulnerability in which a physical attacker could access the USH board without requiring a login. |
|
(Why) IAM Demands an #AttackGraph First Approach (23 minute read)
Many organizations begin their security journey with tasks such as mapping out a list of admins, enabling just-in-time access, and then auditing how or why a user has admin access. Attackers begin their process by obtaining lower privileges and then gradually escalating those privileges until they have achieved admin privileges. To combat this asynchronicity, security teams should instead develop attack graphs to audit the access chains that can lead an attacker to gain admin privileges. |
C4 Bomb: Blowing Up Chrome's AppBound Cookie Encryption (12 minute read)
C4 (Chrome Cookie Cipher Cracker) is a technique that defeats Google's AppBound Cookie Encryption, which was introduced in July 2024 to protect against infostealers. The attack exploits a padding oracle vulnerability to decrypt cookies as a low-privileged user, ironically turning Chrome's security feature into an attack vector for accessing SYSTEM-level data on Windows machines. New security implementations can inadvertently create novel attack surfaces when not properly hardened against cryptographic vulnerabilities. |
Trust Me, I'm a Legitimate Process: Verisimilitude and the Art of Hiding (4 minute read)
Modern adversaries focus on appearing believable rather than staying hidden, using techniques like process impersonation, legitimate parent-child relationships, and contextually appropriate command-line arguments to blend into everyday operations. Deception can be categorized into visual (fooling human analysts), logical (passing reasoning checks), and behavioral (mimicking legitimate timing and patterns) verisimilitude layers. Detection strategies must shift from pure anomaly detection to plausibility-based approaches that question whether actions make contextual sense for specific users, systems, and operational environments. |
|
KubeForenSys (GitHub Repo)
KubeForenSys is a tool for collecting Kubernetes cluster data and ingesting it into Azure Log Analytics for analysis post-compromise. |
Kanvas (GitHub Repo)
Kanvas is an Incident Response (IR) case management tool with an intuitive, Python-based desktop interface. |
Promptfoo (Product Launch)
Promptfoo embeds automated red-team tests into the build and release processes, provides actionable guidance for the identified issues, and feeds the results into the organization's existing vulnerability management workflows. |
|
Tracking Candiru's DevilsTongue Spyware in Multiple Countries (9 minute read)
Insikt Group identified new infrastructure associated with the Israeli-backed Candiru spyware. Candiru developed a spyware called DevilsTongue, which is a Windows-based spyware with user and kernel-mode components that maintains persistence via COM hijacking to enable deep access to victim devices, enabling file extraction, browser data collection, and theft of encrypted messages. Insikt Group has identified five active clusters linked to infrastructure in Hungary and Saudi Arabia. |
Microsoft's New AI Reverse-Engineers Malware Autonomously (3 minute read)
Microsoft Project Ire is an AI system designed to reverse-engineer and identify malicious software autonomously. Project Ire automatically dissects software files to understand how they work, what they do, and whether they're dangerous without any clues as to the software's origin or purpose. Microsoft's testing showed Project Ire to have a 98% true positive rate on detecting malicious files. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
| Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
| |
0 Comments