WithSecure™ Labs: With great research comes great responsibility

This blog post presents plausible scenarios where prompt injection techniques might be used to transform a ReAct-style LLM agent into a “Confused Deputy”. These attacks not only compromise the integrity of the agent's operations but can also lead to unintended outcomes that could benefit the attacker or harm legitimate users. 

Vietnamese cybercrime groups are using multiple different Malware as a Service (MaaS) infostealers and Remote Access Trojans (RATs) to target the digital marketing sector. These actors greatly value Facebook business accounts and hijacking these accounts appears to be one of their primary goals. The targeting and methods of these groups heavily overlap to an extent that suggests that they are a closely related cluster of operators/groups. It is possible to identify campaigns carried out by these groups through non-technical indicators, such as their lure topics, lure files, and associated metadata.

This post describes the process carried out when looking for means of exploiting AWS Cognito at scale. It aims to be an example for those interested in researching how to exploit any cloud service, as the process has been written to be as general as possible.

Essential part of most every automotive security assessment is CAN bus fuzzing. In this article, one corner case of such activities will be discussed, when fuzzing is performed during blackbox-style assessment, with minimum or no information about CAN IDs supported by the ECU. To optimize this process, using EMSCA (electromagnetic side-channel analysis) as a guidance is proposed.

This blog post provides a brief overview of SAS tokens and their structure, and describes the conditions that make it possible for a SAS token to be used even after the original resource it was associated with has been deleted.

In this report we share an overview of current and emerging threats surrounding Meta's ad ecosystem that are pre-dominantly originating out of Vietnam. Additionally, we will share an update on the infamous DUCKTAIL operation exposed in our previous reports. Lastly, we will introduce an emerging threat dubbed “DUCKPORT” which has striking similarities to DUCKTAIL, but with important and distinct functionalities, TTPs, and history.