Full Segment Notes
Keyboards, 3 am, TikTok, LummaC2, Cityworks, Honeypots, Fancy Bear, Aaran Leyland, and More, on this edition of the Security Weekly News.
Hosts
List of Articles
Doug White
- 3AM ransomware uses spoofed IT calls, email bombing to breach networks
- TikTok videos now push infostealer malware in ClickFix attacks
- Microsoft dials up Uncle Sam to take down LummaC2 malware backbone
- Trimble Cityworks zero-day attacks on US local governments detailed
- Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
- CISA: Russia’s Fancy Bear Targeting Logistics, IT Firms
- A.I.-Generated Reading List in Chicago Sun-Times Recommends Nonexistent Books
- Torvalds’ typing taste test touches tactile tragedy
Aaran Leyland
- GitLab’s AI Assistant Opened Devs to Code Theft
A Dark Reading report revealed a flaw in GitLab’s AI-based code assistant that exposed developers’ code to potential theft.
In plain terms, the very tool meant to help write and review code could have handed attackers the keys to our intellectual property.
GitLab’s AI pair programmer “Duo” was deeply integrated into the platform.
The problem was that Duo trusted user-provided content far too much.
Researchers found they could hide malicious prompts in innocuous places (comments, commit messages, issue descriptions) and Duo would execute them blindly.
