company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Lua Bytecode

loading..
loading..
loading..

RedLine Stealer Uses Lua Bytecode in Fake Game Cheats

New RedLine Stealer variant uses Lua bytecode to disguise itself within game cheats. Avoid suspicious downloads.

22-Apr-2024
5 min read

Related Articles

loading..

R Program

Vulnerability

A critical R vulnerability (CVE-2024-27322) opens the door to supply chain attac...

A recently discovered vulnerability in the R programming language (CVE-2024-27322) exposes users to severe supply chain attacks. This critical flaw, with a CVSS score of 8.8, exploits R's deserialization process, enabling attackers to execute malicious code on victim systems, posing significant risks to various sectors, including finance, healthcare, and research. This [Threatfeed](https://www.secureblink.com/cyber-security-news) tries to explore the technical details of the vulnerability, explores its attack vectors, and emphasizes mitigation strategies with the help of [Threatspy](https://www.secureblink.com/threatspy). #### A Popular Target R, a widely used open-source language for statistical computing and graphics, is prevalent in various sectors like finance, healthcare, and research. Its popularity stems from its extensive functionality for data analysis and visualization. R packages, readily available on repositories like CRAN (Comprehensive R Archive Network), further enhance its capabilities. However, this very ecosystem creates a vast attack surface for malicious actors. #### Vulnerability Overview The flaw resides in R's deserialization mechanism, specifically in the process of converting encoded objects (JSON, XML, binary) back to their original form. Attackers exploit this weakness by injecting malicious code into R Data Serialization (RDS) files, commonly shared among developers and data scientists. #### Deserialization Under Microscope Deserialization is the process of converting encoded data back into its original form for use within a program. In R, this process involves RDS (R Data Serialization) files, commonly used to store and share objects between developers. The vulnerability lies in R's handling of _"promise objects"_ during deserialization. #### Exploitation Mechanism Researchers at HiddenLayer discovered that attackers can embed arbitrary R code within RDS files or packages, exploiting R's lazy evaluation and promise objects. Lazy evaluation defers expression evaluation until necessary, while promise objects delay object evaluation. By creating a specially crafted promise object, attackers execute arbitrary code during RDS deserialization. #### Lazy Evaluation & Promise Objects Lazy evaluation, a core concept in R, postpones expression evaluation until it's explicitly needed. Promise objects represent these delayed evaluations. The vulnerability resides in the ability to create a malicious promise object containing arbitrary code that executes when the object is accessed during deserialization. #### Crafting Attack: Malicious RDS Files Attackers exploit this vulnerability by crafting malicious RDS files containing weaponized promise objects. These files, disguised as legitimate R packages, can be uploaded to repositories like CRAN. When an unsuspecting user installs the compromised package, the malicious code embedded within the promise object executes during deserialization. #### Extensive Attack Surface: Repositories as Launchpads The vast number of R package repositories (like R-Forge and Bioconductor) with millions of downloads creates a significant attack surface. An attacker only needs to compromise a single repository or package to launch a widespread supply chain attack, potentially affecting thousands of downstream users. #### How ThreatSpy Mitigates Further Escalation ThreatSpy is a developer-first, AI-powered AppSec management platform designed to effectively identify and address R language deserialization vulnerabilities. Its proactive approach allows it to detect these security issues even before they are officially listed as CVEs. In addition to early detection, ThreatSpy facilitates a streamlined prioritization and remediation process. It offers curated, stack-oriented remediation steps and enables automated actions through customizable playbooks and campaigns. By automating key parts of the security workflow, ThreatSpy helps development teams save valuable time and effort, promoting a 'security by design' philosophy. We are offering 14-days of free trial just in case you are looking forward to getting hands-on experience. Just [sign-up here](https://threatspy.secureblink.com/signup)!

loading..   04-May-2024
loading..   3 min read
loading..

Misconfiguration

Qantas Airways app glitch exposed passenger names, flights, even frequent flyer ...

Qantas Airways, Australia's premier airline, faced a critical cybersecurity incident resulting from a misconfiguration in its mobile app. This [Threatfeed](https://www.secureblink.com/cyber-security-news) delves into the technical intricacies of the breach, dissecting its impact, causes, and remedial measures. #### Incident Overview Qantas acknowledged the exposure of sensitive customer information due to a misconfiguration in its app, leading to unauthorized access to personal data and boarding passes. Despite swift responses, the incident underscores the vulnerability of digital platforms to cyber threats. #### Technical Details The misconfiguration stemmed from internal system changes, not a cyberattack, allowing some users to view others' travel details. Specifically, the flaw compromised names, upcoming flight information, points balance, and status within the app. #### Root Cause Analysis The [incident's root cause](https://www.qantasnewsroom.com.au/qantas-responds/statement-on-qantas-app-issue/) lies in recent system alterations, highlighting the complexity of maintaining secure configurations amid dynamic operational environments. Such changes inadvertently exposed critical data, necessitating comprehensive risk mitigation strategies. #### Impact Assessment While no financial data was compromised, the exposure of personal details poses significant privacy risks to affected customers. Furthermore, the potential for fraudulent activities and social engineering attacks amplifies the severity of the breach. #### Remedial Actions Qantas promptly addressed the issue by advising customers to log out of their accounts and remain vigilant against potential scams. Subsequent updates implemented additional measures to prevent similar incidents, safeguarding customer data integrity. #### Technical Mitigation Strategies To fortify app security, Qantas could implement robust access controls, encryption mechanisms, and regular security audits to detect and mitigate configuration vulnerabilities proactively. Additionally, incorporating threat intelligence feeds and anomaly detection algorithms enhances threat detection capabilities. #### User Awareness and Education Empowering users with cybersecurity best practices, such as recognizing phishing attempts and safeguarding personal information, strengthens the overall security posture. Regular communication and awareness campaigns foster a culture of security consciousness among customers. #### Codebase Integrity Ensuring the integrity of the Qantas app's codebase is paramount to mitigating future security risks. Employing secure coding practices, code reviews, and static code analysis tools can identify and remediate vulnerabilities in the software development lifecycle. #### Additional Considerations Further analysis may explore the scalability of Qantas' cybersecurity infrastructure, incident response effectiveness, and long-term strategies for enhancing resilience against emerging threats in the digital ecosystem.

loading..   02-May-2024
loading..   2 min read
loading..

China

DNS

Discover the sophisticated DNS manipulation tactics of Muddling Meerkat threat a...

Muddling Meerkat, a sophisticated DNS threat actor, has emerged as a formidable challenge in the cybersecurity landscape. Leveraging extensive DNS manipulation techniques, likely orchestrated by Chinese state actors, Muddling Meerkat poses a significant threat to global networks. In collaboration with external researchers, Infoblox Inc. has conducted a thorough investigation to dissect the intricacies of this threat actor. #### DNS Manipulation Techniques Muddling Meerkat employs advanced DNS activities, exploiting open DNS resolvers to propagate large volumes of DNS queries worldwide. This strategy enables the threat actor to bypass traditional security measures effectively. By inducing responses from the Great Firewall of China, Muddling Meerkat injects false MX records, highlighting a novel use of national infrastructure in its operations. #### Sophisticated Operations The threat actor's operations are characterized by a profound understanding of DNS mechanics. By triggering DNS queries for various record types to domains not owned by the actor, Muddling Meerkat employs distraction and obfuscation techniques to conceal its true intentions. Additionally, the utilization of super-aged domains further emphasizes the threat actor's expertise in evading detection. ![mx-resolution.png](https://sb-cms.s3.ap-south-1.amazonaws.com/mx_resolution_d9fb0acba6.png) #### Infoblox's Role in Detection Infoblox's Threat Intel team plays a pivotal role in detecting and mitigating threats like Muddling Meerkat. With a focus on DNS data analysis, powered by data science and AI, Infoblox provides proactive threat intelligence to its customers. The introduction of Zero Day DNS™ feature enhances Infoblox's capability to detect and block attacks launched from recently registered domains, aligning with a zero trust model for DNS. #### Operational Insights Muddling Meerkat's operations extend beyond conventional DDoS attacks, indicating a broader agenda. The threat actor's manipulation of MX records and exploitation of open resolvers demonstrate a sophisticated understanding of DNS infrastructure. By targeting domains registered before 2000 and employing tactics to create DNS "noise," Muddling Meerkat seeks to evade detection and potentially lay the groundwork for future cyberattacks. #### Implications and Recommendations The emergence of threats like Muddling Meerkat underscores the critical importance of DNS threat intelligence in cybersecurity strategies. Organizations must adopt DNS Detection and Response systems, such as Infoblox's BloxOne® Threat Defense, to effectively combat sophisticated threats. Additionally, proactive measures, such as Zero Day DNS™, are essential for early threat detection and mitigation.

loading..   01-May-2024
loading..   2 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303