Email Details

Planned Parenthood CyberattackπŸ‘¨β€πŸ‘©β€πŸ‘§β€πŸ‘¦, Threat Modeling with AIπŸ€–, Bitcoin ATM Scams πŸ’°

Planned Parenthood in Montana experienced a cyber-attack on August 28. It is working with federal law enforcement and cybersecurity experts 

TLDR

Together With

TLDR Information Security 2024-09-06

Flashpoint analysis reveals that >13 million devices were infected by info-stealing malware in H1 2024 (Sponsor)

Flashpoint has released its midyear edition of the Cyber Threat Intelligence Index, revealing key data, insights, and trends shaping the cyber threat landscape in 2024.

πŸ“– Download the full report to read the full findings, including:

β†’ Overview of insider threats by industry

β†’ Main targets for ransomware and malware

β†’ Vulnerabilities by product and vendor

Get the report for free

πŸ”“

Attacks & Vulnerabilities

Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data (3 minute read)

Planned Parenthood in Montana experienced a cyber-attack on August 28. It is working with federal law enforcement and cybersecurity experts to investigate and restore systems. Ransomware group RansomHub claims to have stolen 93GB of data and has threatened to leak it unless paid.
Revival Hijack Supply-Chain Attack Threatens 22k PyPi Packages (2 minute read)

JFrog has detected a new attack, dubbed Revival Hijack, where attackers register a package under the name of a previously deleted package. 22k packages are vulnerable to this attack because PyPi makes package names available immediately upon deletion. JFrog took action to mitigate this vulnerability by registering packages under the name of more popular vulnerable projects.
Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch (2 minute read)

Google has released its monthly security updates for the Android operating system, addressing a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), allows privilege escalation in the Android Framework component.
🧠

Strategies & Tactics

A Security Analysis of Azure DevOps Job Execution (15 minute read)

Azure DevOps is a key tool in CI/CD practices - particularly its Azure Pipelines feature for automating code building and testing. This post explores the server-side processes when pipelines are triggered, focusing on potential security risks and the importance of protecting against unauthorized access and data breaches in modern development workflows.
Threat Modeling Automation: Opportunities, Challenges, and the Role of AI (8 minute read)

Traditional threat modeling struggles with scalability due to needing dedicated security resources as well as engineering resources to understand both the security aspects and application components. Recent innovations in the threat modeling process are meant to integrate threat modeling throughout the SDLC as well as offering tools for diagramming or threat models as code. With the advent of LLMs, it could be possible to generate threat models directly from source code. Current efforts such as STRIDE GPT can generate threat models from a natural language description.
Avoiding Security Incidents Due to Request Coalescing (4 minute read)

Web caching is often utilized to speed up costly calculations or decrease response times by maintaining a copy of data closer to users. Request coalescing is when Amazon CloudFront is used as a CDN and sees requests for the same cache key come in simultaneously and the CDN waits for the first response to be cached and then uses the cached copy for the following responses. Wiz found an unexpected behavior where Amazon CloudFront was ignoring the Cache-Control: no-cache header and sending sensitive cached content to users via request coalescing. To prevent this behavior, users must configure the managed cache policy CachingDisabled for those cache keys or set the minimum TTL for the cache behavior to 0 AND configure the origin to send the Cache-Control: no-cache header.
πŸ§‘β€πŸ’»

Launches & Tools

Free OWASP Top 10 API Training Programs (Sponsor)

Security Journey is offering free training programs for developers who work with APIs, covering the ins and outs of the OWASP Top 10 API Security Risks. This expertly-crafted, 12-lesson learning path is perfect for individual developers or teams. Get free access or learn more about training developers to write secure code.
Wush (GitHub Repo)

Wush is a command line tool that allows for transferring files and opening shells over peer-to-peer WireGuard connections. It is built on top of Tailscale's tsnet package and utilizes Tailscale's public DERP relays, but does not require a Tailscale account.
Acuvity (Product Launch)

Acuvity helps adopt AI platforms through a governance platform to detect and monitor employee interactions and helps companies develop secure in-house AI Applications.
SUASS (GitHub Repo)

The Secure ur Ass By Learning Cybersecurity repository is a comprehensive resource for cybersecurity professionals, students, beginners, and anyone interested in the field of cybersecurity. It contains a wide range of cybersecurity study materials to help students enhance their knowledge and skills.
🎁

Miscellaneous

Announcing AWS KMS ECDH Support (5 minute read)

AWS has announced support in KMS for asymmetric keys using ECDH. Each party generates a key using the same key spec and selects KEY_AGGREEMENT for the usage. The parties then retrieve and exchange their public key from KMS. Each party can then utilize the other party's public key and their KEY_AGREEMENT key to call the new DeriveSharedSecret API to derive an asymmetric key that can be utilized for secure communication. This post provides a walkthrough for a sample use case of end-to-end encryption using the new DeriveSharedSecret API.
AWS Network Firewall Introduces GeoIP Filtering (2 minute read)

AWS Network Firewall has introduced GeoIP-based filtering for ingress to and egress from a VPC. GeoIP filtering allows for the creation of firewall rules that target a country as opposed to previously where users needed to maintain an IP list for each country.
X is hiring staff for security and safety after two years of layoffs (3 minute read)

X is hiring for safety and cybersecurity roles. The company has posted two dozen job openings, including positions for content moderation and platform security.
⚑

Quick Links

Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database (3 minute read)

The Dutch Data Protection Authority fined Clearview AI €30.5 million for GDPR violations, citing its database of billions of facial images collected without consent.
Bitcoin ATM scams on the rise: Americans lose $65 million in six months (2 minute read)

Scammers are using bitcoin ATMs to steal money, with Americans losing $65 million in just six months.
Computer glitch nearly drowns Amsterdam, utility worker saves the day (2 minute read)

A computer glitch caused a near-flooding disaster in Amsterdam when sluice gates were left open.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!
https://refer.tldr.tech/d8e8dfc2/8
Track your referrals here.

Want to advertise in TLDR? πŸ“°

If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile


If you don't want to receive future editions of TLDR Information Security, please unsubscribe from TLDR Information Security or manage all of your TLDR newsletter subscriptions.

Β© 2024 Email Dashboard. All rights reserved.