Expertise

During a recent engagement, we came across an unfamiliar configuration pertaining to /var/lib/docker permissions. This, combined with a number of other lower risk issues, resulted in an attack path that allowed privilege escalation to root from a low-privileged user. As this configuration was non-standard rare to see, we thought we'd share our observations and methods for leveraging this particular weakness to the wider community.

This report provides an in-depth technical analysis of the backdoor and its capabilities, and analyzes the connection between Kapeka and Sandworm group. The purpose of this report is to raise awareness amongst businesses, governments, and the broader security community. WithSecure has engaged governments and select customers with advanced copies of this report. In addition to the report, we are releasing several artifacts developed as a result of our research, including a registry-based & hardcoded configuration extractor, a script to decrypt and emulate the backdoor’s network communication, and as might be expected, a list of indicators of compromise, YARA rules, and MITRE ATT&CK mapping

This article demonstrates a practical approach to detect prompt injection attempts in LLM applications using a domain-specific dataset. We fine-tune a DistilBERT model to train a classifier that is able differentiate between legitimate inputs and potential injection attempts. 

In recent years, the use of internet-connected devices has become more prevalent in the healthcare sector, particularly as a means to communicate patient data. Therefore, it is essential that security testing is carried out against these devices to identify misconfigurations that could cause a severe impact, such as the prescription of incorrect drugs.

At DEFCON 2023 I presented some research in which I discussed an easier method of testing the Health Level Seven (HL7) medical protocol. This included a demonstration of a new tool I created named ‘HL7Magic’, which enables testers to proxy, parse and amend messages to demonstrate the impact of manipulating data sent to a medical device. This blog post has been released alongside the open-sourcing of this tool and will discuss the key concepts mentioned within my talk.

Since proof-of-concept code was released for two vulnerabilities in ConnectWise ScreenConnect, en-mass exploitation has started from multiple threat actors. Researchers in the security industry have reported on attack chains they have observed which include using ScreenConnect to deploy password stealers, other remote management software, and commercial post-exploitation frameworks. Some intrusions have even ended up with Ransomware deployments.

We present the security risks of granting LLMs control over web browsers, with a focus on prompt injection vulnerabilities. We demonstrate exploitation through two scenarios using Taxy AI, a representative proof-of-concept browser agent, where attackers manage to hijack the agent and (1) exfiltrate confidential information from a user’s mailbox, (2) force the merge of a malicious pull request on a GitHub repository.