TLDR Information Security 2024-01-24

Subway is investigating a potential data breach after the LockBit ransomware gang claimed it hacked the company's systems and stole hundreds of gigabytes of data, including financial information and employee salaries. The hackers threatened to sell the data to competitors if Subway did not pay a ransom to protect it.

A researcher discovered a password dump containing nearly 71 million unique credentials for various sites circulating on the internet. This password dump is unique from many other multisite dumps because it contains nearly 25 million credentials that have never been leaked before. The credentials were collected by a stealer malware running on compromised machines.

Apple has released a fix for a WebKit confusion issue. The vulnerability can result in remote code execution when processing malicious web content. This article contains a full list of affected devices.

This post describes how to find vulnerabilities in applications. It explains a method for hunting CSRFs, a familiar vulnerability for most people to start with.

AI Sleeper Agents are AI agents that behave normally until a certain trigger occurs and their behavior changes. Researchers created AI Sleeper Agents and then applied standard safety training methods that are used by GPTs like ChatGPT and Claude. They observed that the models still responded to the sleeper triggers and were able to adapt their behavior even after going through all the safety training.

The Cactus ransomware has been targeting victims across various industries and putting pressure on them by releasing personal information. The malware uses standard C++ constructs and Windows scheduled tasks for persistence. This analysis provides information on the build of the malware, its program flow, its setup process, and the techniques it uses to inhibit system recovery.

LAST (Latio Application Security Tester) uses OpenAI to scan code for security issues from the command line. The tool can be configured to scan all code, only changes, or run in a pipeline.

Stalker is an Attack Surface Management (ASM) tool with a big focus on extendability. It streamlines and automates reconnaissance operations while giving you the flexibility to expand its functionalities. Its web interface enables easy data access and sharing with all stakeholders.

This script is designed to help expedite web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

HP claims blocking third-party ink cartridges prevents viruses. CEO Enrique Lores said viruses could "go to the printer" via cartridges, justifying HP's controversial Dynamic Security system. While hacked cartridges sound concerning, the actual security risk appears low, casting doubt on HP's virus justification.

CISA Director Jen Easterly was the target of a swatting incident on Dec 30. She described it as "harrowing," noting the rise in harassment and threats against public officials.

A post in which Ross Haleliuk, best-selling author of the recently released Cyber for Builders, draws parallels between the development of the quality assurance industry and penetration testing. Haleliuk observes that both QA and pentesting followed a similar trajectory, going from companies not doing them at all before outsourcing the functions, and then finally bringing them back in-house. He predicts that just as software development and testing have become linked, securing and testing software security will become the standard.

A website that keeps a list of known AI agents. The list can be used for information or to block unwanted scrapers.

An exposed API in the project management tool Trello allows the linking of private email addresses with Trello accounts, resulting in the creation of millions of data profiles containing public and private information.

Over 39K attacks on Atlassian Confluence Data Centre deployment attempting to make use of CVE-2023-22527.