Firebase is a platform for hosting databases, cloud computing, and app development. It’s owned by Google and was set up to help developers build and ship apps.
What the researchers discovered was scary. They found 916 websites from organizations that set their Firebase instances up incorrectly, some with no security rules enabled at all.
One of the researchers told BleepingComputer that most of the sites also had write enabled (meaning anyone can change it) which is bad, and one of them was a bank.
During a sweep of the internet that took two weeks, the researchers scanned over five million domains connected to Google’s Firebase platform.
And as if that isn’t bad enough, 19,867,627 of those passwords were stored in plaintext. Which is a shame given that Firebase has a built-in end-to-end identity solution called Firebase Authentication that is specifically designed for secure sign-in processes and does not expose user passwords in the records.
So, an administrator of a Firebase database would have to go out of their way and create an extra database field in order to store the passwords in plaintext.
The researchers have warned all the affected companies, sending 842 emails in total. Only 1% of the site owners replied, but about a quarter of them did fix the misconfiguration.
In this case we can consider it a blessing that these researchers managed to get a lot of those instances correctly configured. On the other hand it’s frightening that the rest lives on in a state of insecurity.
If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.
Ubuntu ‘command-not-found’ tool can be abused to spread malware
A logic flaw between Ubuntu’s ‘command-not-found’ package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. […] Read More
Gemini 1.5 Pro – Powered With Automated Malware Analysis To Detect Zero-Day
[[{“value”:”
Google has introduced Gemini 1.5 Pro for malware analysis, an advanced AI tool capable of processing up to 1 million tokens. This tool revolutionizes automated malware analysis and marks a significant leap forward in the ongoing battle against the ever-evolving threat landscape.
Gemini 1.5 Pro for automated malware analysis successfully identified a zero-day threat undetected by any anti-virus or sandbox on VirusTotal. The tool processed the decompiled code and issued a malicious verdict, revealing suspicious functionalities aimed at stealing cryptocurrency and evading detection.
“This showcases Gemini’s ability to go beyond simple pattern matching or ML classification and leverage its deep understanding of code behavior to identify malicious intent, even in previously unseen threats,” said Smith.
The Limitations of Traditional Malware Analysis
Historically, Malware Analysis has relied heavily on static and dynamic analysis techniques. Static analysis involves examining the malware without executing it, providing insights into its code structure and logic.
On the other hand, dynamic analysis observes the malware in execution, offering a glimpse into its behavior in a controlled environment. While these methods are foundational, they face limitations in handling the increasing complexity and volume of malware, often requiring extensive manual effort and expertise.
Parallel to these traditional techniques, AI and machine learning have been explored to enhance malware detection.
Document
Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
These technologies have shown promise in classifying and clustering malware based on behavioral patterns and anomalies. However, their effectiveness is challenged by new and sophisticated malware variants that can evade detection, highlighting a gap in cybersecurity defenses.
Enter Gemini 1.5 Pro: A New Era of Automated Malware Analysis
Gemini 1.5 Pro emerges as a groundbreaking tool designed to address the limitations of existing malware analysis methods. It leverages generative AI to automate and scale malware analysis, particularly reverse engineering.
With the capability to process prompts of up to 1 million tokens, Gemini 1.5 Pro significantly expands the scope of automated analysis, enabling a comprehensive examination of complex malware samples in their entirety.
“By analyzing the entire code at once, Gemini 1.5 Pro gains a comprehensive understanding of the malware, allowing for more accurate and comprehensive analysis,” explained John Smith, Lead Researcher on the Gemini project.
Key Features and Advancements
Increased Processing Capacity: Gemini 1.5 Pro can handle up to 1 million tokens and analyze large and complex malware samples in a single pass, providing a holistic understanding of their functionality and behavior.
Code Interpretation: Unlike traditional methods that primarily identify patterns or similarities, Gemini 1.5 Pro interprets the intent and purpose of the code. It is trained on a vast dataset of code, including assembly language and high-level languages, allowing it to emulate the reasoning of a malware analyst.
Detailed Analysis Reports: The tool generates summary reports in human-readable language, offering detailed insights into the malware’s potential actions and attack vectors. This feature enhances the accessibility and efficiency of the analysis process.
The analysis of WannaCry binaries demonstrated Gemini 1.5 Pro’s capabilities, showcasing its ability to accurately identify ransomware characteristics and potential attack vectors.
Furthermore, its performance in analyzing unknown malware samples illustrates its potential to detect and understand never-before-seen threats, a critical advantage in proactive cybersecurity defense.
Let’s explore a practical case study to examine how Gemini 1.5 Pro performs in analyzing decompiled code with a representative malware sample.
Google processed two WannaCry binaries automatically using the Hex-Rays decompiler, without adding any annotations or additional context.
Credits: Google.
This approach resulted in two C code files, one 268 KB and the other 231 KB in size, which together amount to more than 280,000 tokens for processing by the LLM.
Detecting Zero-Day
The ability of malware analysis tools to identify novel threats that evade traditional security measures and to provide proactive defense against zero-day attacks is a crucial metric for determining their effectiveness.
In this context, we explore an instance where the executable file “medui.exe,” which went undetected by all antivirus programs and sandboxes on VirusTotal, was analyzed.
Gemini 1.5 Pro analyzed the 833 KB file in just 27 seconds, breaking it down into 189,080 tokens, and producing a thorough malware analysis report from a single examination.
This rapid and detailed analysis pinpointed several suspicious features, leading Gemini 1.5 Pro to classify the file as malicious.
The analysis determined that the malware’s main purpose was to steal cryptocurrency by manipulating Bitcoin transactions and to avoid detection by disabling security software.
This instance demonstrates Gemini 1.5 Pro’s advanced capabilities in identifying and understanding malicious code behaviors beyond traditional pattern recognition or machine learning classifications, highlighting its effectiveness in addressing novel security threats.
Despite its advancements, Gemini 1.5 Pro, like any tool, faces challenges. These include dealing with malware obfuscation techniques, increasing binary sizes, and evolving attack methods.
To get around these problems and keep automated malware analysis working well, generative AI models and preprocessing techniques will need to keep getting better.
Gemini 1.5 Pro represents a significant milestone in cybersecurity, offering a scalable and automated solution to malware analysis challenges.
Carbanak Banking Malware Resurfaces with New Ransomware Tactics
The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics.
"The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023.
"Carbanak returned last month through new Read More
The Hacker News | #1 Trusted Cybersecurity News Site