Lee Enterprises Cyberattack 📰, Extracting ChatGPT conversations 💬, Securely Disposing Storage Media 💽

Lee Enterprises experienced a cyberattack on February 3 causing widespread disruptions to newspapers, subscriptions, and internal services ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-02-12 How to Conduct an AI Risk Assessment [Free Guide] (Sponsor) Nudge Security has discovered over 1,000 unique GenAI tools in customer environments to date, with new ones like DeepSeek popping up daily. While GenAI is clearly here to stay, IT and security teams need to take a proactive approach to mitigating AI risks. Download this guide to learn how to: • Discover the AI tools in use in your org • Conduct security reviews for AI vendors • Determine where AI tools are connected to other apps • Educate your workforce on safe and compliant AI use 👉 Get the guide 🔓 Attacks & Vulnerabilities Cyberattack on Lee Enterprises Causes Disruptions at Dozens of Newspapers (2 minute read) Lee Enterprises experienced a cyberattack on February 3 causing widespread disruptions to newspapers, subscriptions, and internal services. While it is likely it was ransomware, no group has claimed responsibility. Investigations and system restoration are still ongoing. Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores (2 minute read) Threat actors are using Google Tag Manager (GTM) to install credit card skimmer malware on Magento-based e-stores, according to Sucuri researchers. The malware hides in a website's database and steals credit card information entered during the checkout process, sending it to the attackers' server. This sophisticated attack demonstrates how criminals are using legitimate platforms like GTM to deploy malicious code that is difficult to detect. New Hack Uses Prompt Injection to Corrupt Gemini Long-Term Memory (5 minute read) Many of the major LLMs have protections against basic prompt injection however researcher Johann Rehberger unveiled a new indirect prompt injection technique that utilizes delayed tool injection. In Rehberger's attack, Gemini is instructed to download and summarize a website, the summary that Gemini creates includes a covert request to take specific actions if the user responds with specific trigger words, once the user replies with the trigger word the instruction is saved to Gemini's long term memory. Google has responded that it will not fix the issue. 🧠 Strategies & Tactics Build Your Own Offensive Security Lab A Step-by-Step Guide with Ludus (17 minute read) This is a guide for building a red team security lab using Ludus, which simplifies creating Active Directory environments with XDR/SIEM integration. Ludus' key advantages are its template system and YAML configuration for easy customization and sharing. Secure Sanitization and Disposal of Storage Media (5 minute read) Guidance from the UK's NCSC on how to properly sanitize or dispose of storage media for non-classified data. For devices that can be sanitized, if the device is encrypted (such as with FileVault or BitLocker) disposing of the cryptographic keys may be sufficient whereas devices that are unencrypted should be overwritten with a fixed value and then have the value read back after reboot. For devices that cannot be sanitized, they should be physically destroyed to pieces of a size smaller than 6nm. LevelDB WAL Log - Extracting ChatGPT Conversations (7 minute read) The ChatGPT desktop app makes use of LevelDB's write ahead log (WAL) to temporarily cache conversation history. This article examines and dissects the binary structure of the WAL file. The author uses the insights that they gained while researching this to create a generic parser for ChatGPT WAL files. 🧑‍💻 Launches & Tools Flashpoint Ignite: Threat intelligence based on 3.6 petabytes of open and obscure web data (Sponsor) Flashpoint blends automated data collection with expert analysis for a clear view of breach, fraud, identity, technical, and vulnerability threats. The secret sauce? A continuously-updated database spanning 41Bn stolen credentials, 5.2Bn chat messages, 64M paste site articles, and 1.2B illicit marketplace elements. Take the interactive tour to see Flashpoint's data in action 7ai (Product Launch) 7ai provides autonomous 'swarming agents' that can categorize threat alerts and then dispatches the appropriate agents that are capable of investigating the threat using data from multiple sources within the enterprise environment. Gosec (GitHub Repo) Gosec inspects source code for security problems by scanning the Go Abstract Syntax Tree (AST) and Static Single Assignment (SSA) code representation. STS SAML Driver (GitHub Repo) STS SAML Driver provides a local server which will receive SAML assertions from an IdP and attempts to assume the role. This allows users to retrieve temporary SAML credentials without interacting with an embedded browser. 🎁 Miscellaneous Apple and Google take down malicious mobile apps from their app stores (2 minute read) Apple and Google removed 20 apps containing SparkCat malware discovered by Kaspersky researchers. The malware, active since March 2024, used OCR to scan for cryptocurrency wallet recovery phrases and personal data throughout the phone. Google Will Now Automatically Revoke Permissions From Harmful Android Apps (2 minute read) Google's Play Protect will now automatically revoke permissions from apps that it detects to be potentially malicious. Users will be able to re-enable the permissions but will need to acknowledge an additional warning. This is part of Google's push to increase Play Protect's capabilities along with capabilities to automatically block known malicious apps. AWS IAM Identity Center Now Offers Improved Error Messages and AWS CloudTrail Logging (1 minute read) AWS has updated AWS Identity Center to now emit logs to CloudTrail for provisioning errors to aid in troubleshooting. Users can also build automated monitoring and auditing for these log messages. ⚡ Quick Links February Patch Tuesday delivers 57 packages (12 minute read) After January's deluge of patches, February's Patch Tuesday included 57 updates addressing various vulnerabilities in Microsoft products with two critical Windows issues were actively exploited, with additional vulnerabilities expected to be targeted in the next 30 days. OpenAI Was Not Breached, Say Researchers (2 minute read) Threat intelligence firm that investigated claims of millions of breached OpenAI accounts has concluded that these accounts came from existing infostealer malware logs rather than a direct breach. Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (4 minute read) Gcore's latest report shows a 56% increase in DDoS attacks, with the largest hitting 2 Tbps with as well as financial services saw a 117% rise in attacks. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.