Userify @userify

This is bad. Putty level bad. notepad-plus-plus.org/news/hijacked-…

🦔 Moltbook, the "social media for AI agents" that went viral this week, left its entire database exposed. Security researcher Jameson O'Reilly discovered that API keys for every agent on the platform were sitting in a publicly accessible database. Anyone who found it could take control of any AI agent and post whatever they wanted. OpenAI cofounder Andrej Karpathy has an agent on the platform. His API key was exposed like everyone else's. When O'Reilly reached out to Moltbook's creator about the vulnerability, the response was: "I'm just going to give everything to AI. So send me whatever you have." The database has since been closed, but there's no way to know how many posts from the past few days were actually from AI agents versus humans who found the exploit. My Take This is the same researcher who found the Clawdbot vulnerability I wrote about last week. Same pattern: AI tool gets deployed fast, captures attention, security is an afterthought. "Ship fast, capture attention, figure out security later. Except later sometimes means after 1.49 million records are already exposed." The New York Post worried about AI agents plotting humanity's downfall. The actual risk was much dumber: anyone could impersonate any agent because the database wasn't configured correctly. Two SQL statements would have fixed it. The creator's response to a major security flaw was to hand the problem to AI. That tells you everything about how this stuff is being built. Vibe coding plus hype plus zero security review. The agents weren't autonomously evolving. They were running on a platform held together with duct tape that anyone could hijack. Hedgie🤗

Windows uses the NTFS file system, and one of its lesser-known features is something called Alternate Data Streams. NTFS allows a file to contain multiple data streams while appearing as a single normal file in Explorer. Most users and even many security tools only see the main file and assume that’s all that exists. Attackers take advantage of this trust. Hackers use Alternate Data Streams to hide payloads, scripts, or stolen data inside legitimate-looking files like documents or images. The file still opens normally, its size barely changes, and nothing suspicious shows up in Task Manager. Because Explorer doesn’t display alternate streams by default, the hidden data stays invisible unless you know exactly how to look for it. In the terminal below, the system shows only a harmless report.txt file at first glance. When the directory is listed with alternate streams enabled, a hidden stream appears attached to the file. Reading that stream reveals executable data even though no executable file exists on disk. Process listings show nothing running, and no new files appear. This is how attackers hide in plain sight on Windows not by dropping obvious malware, but by abusing features most people don’t even know are there.

Winston Ighodaro @Officialwhyte22

5 months ago

Do you know hackers can hide files inside other files on Windows and the system won’t show anything?

9 7 131 213K 20

bleepingcomputer.com/news/security/…

Ubuntu 25.10 is switching to sudo-rs (a memory-safe and more secure version of the venerable sudo that @Userify has supported for more than a decade). We are pleased to announce that Userify will 'just work' with sudo-rs out of the box, thanks to its near-perfect compatibility. We salute @canonical for their excellent efforts in making Linux safer (well, about systemd.. 😆) and look forward to checking for sudo-rs installation in the future across all distributions!

bleepingcomputer.com/news/security/…

Quick tip if you are wanting to see exactly what the user accounts are that Userify is sending to your instance: curl -u api_id:api_key -sX POST configure.userify.com/api/userify/co… |jq . Replace configure.userify.com with your server hostname if you're running on prem.

Cisco warns of large-scale brute-force attacks against VPN services - @billtoulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Putty Vulnerability Every version of the PuTTY tools from 0.68 to 0.80 inclusive has a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. (PuTTY, or Pageant, generates a signature from a key when using it to authenticate you to an SSH server.) chiark.greenend.org.uk/~sgtatham/putt… Incidentally, very nice write-up.

Major security breach discovered in popular Linux tool sabotages secure SSH connections. Read more at arstechnica.com/security/2024/…

Remote access giant AnyDesk resets passwords and revokes certificates after hack techcrunch.com/2024/02/05/rem…

Great writeup by @Cloudflare on how the Okta hacks were leveraged to gain access to various Atlassian systems. Great transparency! blog.cloudflare.com/thanksgiving-2…

By virtue of their design, containers can never offer the same strong security boundaries like virtual machines or instances. So, if you prioritize security, choose instances.

Matt Johansen @mattjay

2 years ago

A new container escape vulnerability just dropped. It gives an attacker the ability to hop from container to host OS via runc.

7 236 1K 153K 493

We just worked with @ManavBankatwala for some pentesting, and he helped us find some places where we could improve security, such as by rate-limiting on Forgotten Password emails to prevent spammy behavior. We especially liked how he didn't just run Burp Suite or skiddy sort of reporting, but Manav really dug into the data flow behind the scenes and figured out new ways to attack, and set up complex, multi-stage attacks. It was really fun to work with Manav! He had some kind words to say about us, too: "Thank you for confirmation team, I really liked working with you. Honestly, I have never seen this much responsive team taking the security risks seriously. I hope to work with you in the future." He also offers additional services, like VAPT audit, Network Audit, new feature release testing, etc. We highly recommend Manav and hope you will consider him for additional pentesting.

Yet more malicious NPM packages, this time that steal SSH (private) keys if you install them on your desktop. thehackernews.com/2024/01/malici… For these reasons, it's probably a good recommendation that you should not perform development on your desktop, but in a VM or remote server. Nevertheless, audit your dependencies frequently, regardless of your language's package manager. If it's possible to read or at least skim all of those packages, then it's always a good idea to do that. If you can avoid using certain ecosystems that have a less robust stdlib and thus develop a culture of lots of nested dependencies to fill in holes in the stdlib, all the better. Not to name names 😅, but recently certain languages have had many instances of malware available through their repos: Node, PHP, and Python come to mind. This also goes for Docker repos like DockerHub and also cloud repos like the AMI database: just because it's an available image doesn't mean that it's official or altruistic! Be careful out there.

First, I want to compliment @Microsoft for being forthright with details. Some of the problems I see in this report, I SEE EVERYWHERE due to VULNERABLE DEFAULTS. Let's start with creating malicious OAuth applications. By default, ANY USER can create app registrations and consent to Graph permissions as well as sharing 3rd party company data. In tenants where this is hardened, ability to create app registrations require Application Administrator or Cloud-Application Administrator and admins must consent to permissions used by the application whether local or from another tenant.

We just received a series of emails (attached) to different @userify email addresses. Note the minor differences in wording, like {major|real|serious} issue. This appears to be a phishing expedition or social engineering attack. BOLO, be careful out there! (Our reply at end.)

keyboard_arrow_left Previous keyboard_arrow_right Next