TLDR Information Security 2024-05-06

An Android bug leaks DNS queries even with the VPN kill switch enabled, potentially exposing user privacy. The issue, where DNS information leaks when switching VPN servers, impacts all Android VPN apps. The bug persists in the latest Android OS version and could reveal users' online activities.

A massive data leak has exposed over a million records of Australians who visited local pubs and clubs, including names, partial addresses, dates of birth, and venue details. The leaked data allegedly came from Outabox, a tech services company, and was posted on an anonymous leak site.

Dropbox reported a breach of its Dropbox Sign signature platform. Attackers gained access to authentication tokens, MFA keys, hashed passwords, and customer information. Dropbox says that the attackers gained access through a backend system configuration tool.

This post provides a few examples of why it can be effective for security teams to adopt the use of feature flags. The proposed uses are: to release unreviewed code that can be enabled once it has been reviewed, to enable features only for external security testers as a beta, and to be able to speed up security incident response.

This article provides some use cases and examples of using Semgrep to secure Terraform deployments. Some examples presented are to use Semgrep to evangelize secure-by-default, internal modules, enforce opinionated rules, and prevent unverified providers. The article also works through an example of writing a custom rule for a more niche scenario.

This community post explains how to enforce the use of Privileged Access Workstations (PAWs) for administrators at Microsoft by using Conditional Access policies to block logins from non-PAW devices. It details steps such as tagging PAW devices, setting permissions in Microsoft Graph Explorer, and creating a device-based Conditional Access policy in the Entra Admin Center.

Apex's security platform provides organizations with visibility of their AI activities. Organizations can define what AI usage should look like within their environments and enforce security policies accordingly. The platform can detect violations of company policies, as well as detect and respond to attacks.

prel(iminary) is an application that temporarily assigns Google Cloud IAM Roles and includes an approval process.

This repository presents an example of how to use the Zeek network monitoring tool with Grafana to analyze PCAP dumps and enable easy visual analysis. It contains a custom Zeek Docker build that generates Zeek log files with GeoIP, ASN, and JA3/JA4 fingerprints, a Python script for converting Zeek logs to SQLite database, as well as a custom Grafana Docker build with a pre-configured dashboard for analyzing Zeek Data.

Microsoft is overhauling its security processes, making security the "top priority" for all employees, after facing high-profile attacks. CEO Satya Nadella has instructed the company's over 200,000 employees to prioritize security above all else, even delaying new features or legacy support if needed.

A Florida resident, Onur Aksoy, was sentenced to 78 months in prison and ordered to pay $100 million in restitution to Cisco for running a counterfeit networking gear scam that generated $100 million in revenue and put U.S. military security at risk. Aksoy pleaded guilty to conspiring to traffic counterfeit goods, mail fraud, wire fraud, and importing fake Cisco products from China and Hong Kong and selling them as genuine through various online storefronts.

This research paper from Oxford University Press discusses advanced persistent threats (APTs) and proposes a detection strategy based on multi-stage attack behaviors and network vulnerabilities. It emphasizes the importance of understanding APT attack-related behaviors to improve detection accuracy and response. By integrating attributes of APT attacks into detection methods, security experts can enhance their ability to prevent these sophisticated threats.

This report analyzes the impact of pentests, revealing a 21% increase in the number of findings per pentest engagement year-over-year.

French cyberdefense is deep into preparation for the 2024 Paris Olympics.

Finland warns of an ongoing Android malware campaign targeting online bank accounts through deceitful SMS messages, impersonating banks, or payment service providers.