Weekly in Security 202237

2022-09-12 to 2022-09-19

2 min read - 299 words

Introduction

Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-09-12 to 2022-09-19.

Interesting Reads

Google Completes Acquisition of Mandiant

Mandiant will join Google Cloud and retain the Mandiant brand. Google Cloud customers and partners benefit from pioneering security capabilities including world-class threat intelligence, zero trust architecture, and planet-scale analytics for security operations.

Mandiant Google Cloud

Solving the Unredacter Challenge

Bishop Fox hosted a CTF-style challenge related to their article Never, Ever, Ever Use Pixelation for Redacting Text. The challenge winner, Shawn Asmus, published his write-up for the challenge. This is an good reminder to properly redact documents. Looking back, there are many examples of pixelations, swirl and black-boxes gone wrong.

Retbleed performance on VMs

Retbleed Fix raubt Linux-VMs bis zu 70% Leistung Performance Regression in Linux Kernel 5.19

Prompt injection attacks against GPT-3

Prompt injection is when an AI that uses textual instructions (a “prompt”) to accomplish a task is tricked by malicious, adversarial user input to perform a task that was not part of it’s original objective, akin to a SQL injection. Simon wrote an interesting summary of the recent exploits. One funny example Marco came up with is tricking the prompt injection detector to simply ignore the injection. As such, there currently does not exist a proper protection against such attacks, as Simon stated in his follow up article. Probably, models will have to distinguish instructions and user input. I would imagine something similar to prepared statements in SQL.

Tools

GIFShell

Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs

Bobby Rauch built a tool to abuse legitimate Microsoft infrastructure to deliver malicious files, commands, and perform data exfiltration via GIFs. The medium article was picked up by bleepingcomputer after a few days. For Microsoft the underlying