WithSecure™ Labs: With great research comes great responsibility
Research, development, updates and tooling you can use.
This blog post presents plausible scenarios where prompt injection techniques might be used to transform a ReAct-style LLM agent into a “Confused Deputy”. These attacks not only compromise the integrity of the agent's operations but can also lead to unintended outcomes that could benefit the attacker or harm legitimate users.
DarkGate malware campaign
Vietnamese cybercrime groups are using multiple different Malware as a Service (MaaS) infostealers and Remote Access Trojans (RATs) to target the digital marketing sector. These actors greatly value Facebook business accounts and hijacking these accounts appears to be one of their primary goals. The targeting and methods of these groups heavily overlap to an extent that suggests that they are a closely related cluster of operators/groups. It is possible to identify campaigns carried out by these groups through non-technical indicators, such as their lure topics, lure files, and associated metadata.
Enumerating Cognito Clients Exposed to the internet
This post describes the process carried out when looking for means of exploiting AWS Cognito at scale. It aims to be an example for those interested in researching how to exploit any cloud service, as the process has been written to be as general as possible.
Guiding black-box CAN fuzzing with electromagnetic side-channel analysis
Essential part of most every automotive security assessment is CAN bus fuzzing. In this article, one corner case of such activities will be discussed, when fuzzing is performed during blackbox-style assessment, with minimum or no information about CAN IDs supported by the ECU. To optimize this process, using EMSCA (electromagnetic side-channel analysis) as a guidance is proposed.
Delete and ReSAStore: A lesser-known risk of using Azure SAS
This blog post provides a brief overview of SAS tokens and their structure, and describes the conditions that make it possible for a SAS token to be used even after the original resource it was associated with has been deleted.
Meet the Ducks: Vietnamese threat groups targeting Meta Business accounts
In this report we share an overview of current and emerging threats surrounding Meta's ad ecosystem that are pre-dominantly originating out of Vietnam. Additionally, we will share an update on the infamous DUCKTAIL operation exposed in our previous reports. Lastly, we will introduce an emerging threat dubbed “DUCKPORT” which has striking similarities to DUCKTAIL, but with important and distinct functionalities, TTPs, and history.