Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Cicada3301 Ransomware, LummaC2 Infostealer, Obfuscated Net Loader, and More: Hacker's Playbook Threat Coverage Round-up: September 2024

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

LLM Security: Top Risks and Best Practices

Large Language Models (LLMs) have become central to many AI-driven applications. These models, such as OpenAI’s GPT and Google’s Bard, process massive amounts of data to generate human-like responses. Their ability to handle natural language has revolutionized industries from customer service to healthcare. However, as their use expands, so do concerns about LLM security. LLM security is critical because these models handle sensitive data, making them tempting targets for cybercriminals.

How to Appoint a Qualified Data Protection Officer(DPO)?

A Data Protection Officer (DPO) can be called as an ally for organizations that deals with large amount of Privacy related data in its core operation. They are appointed based on article 37 of GDPR, and help organizations stay compliant with data protection laws by overseeing data security policies, monitoring internal compliance, and providing expert advice for staffs managing the potential data privacy risks.

Threat Hunting for macOS, Part Two

In part 1 of our Threat Hunting for macOS webinar series we explored basic use cases for utilizing macOS Unified Logging (MUL) and system telemetry to uncover suspicious behavior. Building upon this foundation, in part two we explore more intricate use cases and tap into third-party logs to uncover sophisticated attack TTPs.

Google's Transition to Rust Programming Reduces Android Memory Vulnerabilities by 52%

In a significant move towards enhancing the security of its Android operating system, Google has announced a substantial reduction in memory vulnerabilities by adopting memory-safe programming languages, particularly Rust. This shift aligns with Google's secure-by-design philosophy, aiming to minimize security risks associated with new code development. In this blog, we’ll explore the implications of this transition, the statistical outcomes, and what this means for the future of secure coding.

Mozilla Under Fire: Allegations of User Tracking in Firefox

Mozilla, the organization behind the popular Firefox browser, is facing scrutiny from the European digital rights group NOYB (None Of Your Business) over alleged privacy violations. The complaint, lodged with Austria’s data protection authority, claims that Firefox employs a feature known as "Privacy-Preserving Attribution" (PPA) to track user behavior without explicit consent. This controversy raises significant questions about user privacy and the ethical responsibilities of tech companies.

Cloudflare Abuse: How the SloppyLemming APT is Targeting Sensitive Organizations

In today’s cyber landscape, threat actors are becoming increasingly sophisticated, often leveraging free tools and cloud services to launch targeted attacks. One such group, known as SloppyLemming, is making waves by using platforms like Cloudflare Workers to engage in espionage against government and law enforcement agencies in the Indian subcontinent. This blog delves into their methods, targets, and how organizations can bolster their defenses against such threats.

How do Compliance Regulations Drive Application Security?

A zero-day flaw in MOVEit software exposed the data of 66.4 million individuals, revealing businesses are increasingly vulnerable to cyberattacks. Applications, which manage sensitive data, are prime targets for these threats. Compliance regulations recognize the risks and establish guidelines aimed at ensuring applications meet data protection, privacy, and overall security. PCI DSS v4.0 for example introduces 64 new requirements including strict security measures to protect public-facing applications.

Unix CUPS Unauthenticated RCE Zero-Day Vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177): All you need to know

On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in the disclosure process, @evilsocket decided to advance the disclosure, and on September 26th, the vulnerabilities were disclosed in @evilsocket’s blog, along with a full proof of concept.

How to Conduct Web Application Penetration Testing?

Web application penetration testing is a comprehensive and methodological process that leverages various tools and techniques to identify, analyze, and prioritize vulnerabilities in the application’s code and configurations. It goes beyond basics to find interlinked business logic vulnerabilities before attackers can gain unauthorized access to sensitive data, disrupt operations, or steal user data.