aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Industry News

New tools, products, platforms, funding rounds, and company developments in AI security.

to
Export CSV
2939 items

Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely

infonews
security
Apr 28, 2020

Chrome's remote debugging feature (a tool normally used by developers to test their code) can be abused by malware after gaining initial access to a computer, allowing attackers to steal cookies (small files that store login information), spy on user activities, and remotely control the browser without needing administrator permissions.

Embrace The Red

Hunting for credentials and building a credential type reference catalog

infonews
security
Apr 26, 2020

Attackers are using credentials (login information) that are exposed in plain text to break into systems and access sensitive data. Rather than passively waiting for problems, security teams should actively search their systems for exposed credentials using targeted techniques and knowledge about their infrastructure.

Attack Graphs - How to create and present them

infonews
security
Apr 7, 2020

Attack graphs are visual diagrams that show how attackers move through a system, including the actions and TTPs (tactics, techniques and procedures, or the specific methods attackers use) they take along the way. Creating these graphs helps red teams (security professionals simulating attacks) plan operations and communicate results to leadership by telling a clear story without overwhelming people with technical details.

Cybersecurity Attacks - Red Team Strategies has been released.

infonews
security
Apr 2, 2020

This is an announcement for a published book on red team strategies (offensive security testing methods used to identify vulnerabilities by simulating attacker behavior) and cybersecurity attacks. The 524-page book is divided into two parts: program management for building offensive security programs, and technical tactics and tools for Windows, macOS, and Linux systems.

2600 - The Hacker Quarterly - Pass the Cookie Article

infonews
security
Feb 15, 2020

An article titled 'Pass the Cookie and Pivot to the Clouds' was published in 2600 magazine's Winter edition, discussing a technique called 'Pass the Cookie' (a method where attackers use stolen session tokens to gain unauthorized access to systems). The article is available through bookstores and the 2600 Online Shop, and the author recommends an upcoming red teaming book for those interested in learning more about cybersecurity attack strategies.

Web Application Security Principles Revisited

infonews
security
Feb 12, 2020

This item is a personal reflection on a final-year university project about web application security principles completed approximately 18 years ago. The author describes submitting their security-focused research paper to Michael Howard at Microsoft, who reviewed it.

Zero Trust and Disabling Remote Management Endpoints

infonews
security
Feb 6, 2020

This post discusses how disabling remote management endpoints can improve an organization's security by reducing attack surface (the total number of entry points an attacker could exploit) and preventing the spread of automated malware. The approach follows zero trust principles, which means treating all network access as potentially risky unless verified.

Book: Cybersecurity Attacks - Red Team Strategies

infonews
security
Dec 2, 2019

This is an announcement for a book called 'Cybersecurity Attacks - Red Team Strategies' that teaches red teaming (simulated attack techniques used to test an organization's defenses) tactics and procedures. The book covers both team management aspects and technical content, but differs from typical penetration testing (authorized security testing where professionals try to break into systems to find vulnerabilities) books by focusing less on common tools and more on foundational strategies.

MITRE ATT&CK Update for Cloud and cookies!

infonews
security
Oct 27, 2019

MITRE updated its ATT&CK Framework (a catalog of known hacker techniques and strategies) to include cloud-based attack methods, specifically focusing on stealing web session cookies (small files that store login information) and using them to move laterally (gain access to other systems within a network). The update documents two main techniques: stealing cookies during credential access attacks and using stolen cookies for lateral movement within a system.

Coinbase under attack and cookie theft

infonews
security
Sep 1, 2019

Coinbase was attacked using Firefox 0-days (previously unknown security flaws in Firefox) to steal browser session tokens, which are credentials stored in browser data files that let attackers access cloud services like Gmail without needing passwords. The attackers specifically targeted these token files through direct access to browser datastores (the storage locations where browsers save data), which is unusual behavior that could be detected by monitoring which processes access these files.

Cybersecurity - Homefield Advantage

infonews
security
Aug 24, 2019

This article discusses 'Homefield Advantage' as a security concept, meaning that a mature security team should have natural advantages when defending their own systems, similar to how sports teams perform better at home. The author argues that security programs should recognize and leverage these inherent benefits, such as familiarity with their own environment and systems.

Now using Hugo for the blog

infonews
security
Aug 24, 2019

This is a disclaimer notice from a blog called WUNDERWUZZI stating that penetration testing (authorized attempts to find security weaknesses in systems) must have proper permission, and that the blog's content is for educational purposes to help people understand security attacks and defenses.

BashSpray - Simple Password Spray Bash Script

infonews
security
Jul 4, 2019

BashSpray is a password spray tool (a script that tests many accounts with common weak passwords to find security gaps) that red teams (security professionals hired to test defenses) can use to identify weak passwords in their organization. The tool works on both Mac and Windows systems, and ideally should be integrated into security response workflows so that affected users and security teams are notified to change passwords and investigate if needed.

Active Directory and MacOS

infonews
security
Jun 21, 2019

This article discusses how to interact with Active Directory (a system that manages users and computers on networks) on macOS computers. It describes three approaches: using macOS's built-in Directory Utility, using Apache Directory Studio (a third-party tool), or writing custom scripts with LDAP (lightweight directory access protocol, the standard way to query directory systems) commands.

Google Leaks Your Alternate Email Addresses to Unauthenticated Users

infonews
security
Jun 5, 2019

Google's login system leaks alternate email addresses to anyone who calls an unauthenticated endpoint (a service that doesn't require you to prove who you are) with just an email address. An attacker could use this to find backup accounts linked to a target email, then use those accounts for phishing (tricking people into giving up passwords) or to take over the main account if the alternate email is set up for password recovery.

Lyrebird - Hack the hacker (and take a picture)

infonews
security
May 22, 2019

Lyrebird is a security tool that takes a screenshot of your desktop and then monitors your computer by using the webcam to photograph anyone who tries to use it while you're away. The tool is designed to catch people who access an unattended workstation, helping you identify if someone has tampered with your computer.

KoiPhish - The Beautiful Phishing Proxy

infonews
security
Jan 10, 2019

KoiPhish is a relay proxy (a tool that intercepts and forwards network traffic between a user and a target server) designed for phishing attacks. It forwards requests from victims to a real website while modifying links in responses to keep users engaged with the fake site instead of noticing they've been redirected.

McPivot and useful LLDB commands

infonews
security
Jan 5, 2019

This post describes techniques for accessing user accounts and data on macOS systems after gaining root access, including methods to bypass keychain (macOS's password storage system) protections through process injection and debugger attachment. The author notes that macOS has security features like SIP (System Integrity Protection, which prevents debugging of protected system processes) and keychain encryption that make direct access difficult, requiring either the target user's password or creative workarounds like injecting code into running processes.

Pass the Cookie and Pivot to the Clouds

infonews
security
Dec 16, 2018

Attackers can steal authentication cookies (small files that prove you're logged in) from a compromised computer to break into web applications and cloud services, even bypassing multi-factor authentication (extra security checks beyond passwords). This works because cookies remain valid long after authentication is complete and are stored where attackers can find them, either on disk or in the computer's active memory. This technique, called "pass the cookie," is a post-exploitation method (a way attackers move through a system after gaining initial access) that also works with similar tokens like JWTs (JSON web tokens, another way to prove identity).

Previous147 / 147
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red

Fix: The source mentions two mitigations: (1) 'Remove all alternate account associations' and (2) 'Make sure that any alternate account is not your password recovery or 2FA to minimize attack surface.' However, these are user-level workarounds. Google declined to fix the issue itself after review.

Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red