Pre-news

• Leif will be attending Lead Dev in NYC next week
• Semgrep is hiring for SWEs and other roles
• Travis really proud of the Block case study: https://www.resourcely.io/case-studies/block

News

Hackers May Have Leaked Every American’s Social Security Information

• https://futurism.com/the-byte/hackers-social-security-information
• https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/
• https://www.wired.com/story/national-public-data-breach-leak/

Shorten your detection engineering feedback loops with Grimoire

• https://securitylabs.datadoghq.com/articles/announcing-grimoire/
• https://permiso.io/blog/permiso-launches-cloud-console-cartographer-to-help-security-teams-make-sense-of-console-activity-in-cloud-logs

Bucket exfiltration attack

• https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/

IRS working to improve data security after major tax return leak

• https://federalnewsnetwork.com/cybersecurity/2024/08/irs-working-to-improve-data-security-after-major-tax-return-leak/

Open source templates you can use to bootstrap your security programs

• SecTemplates.com

Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue

• https://www.miggo.io/resources/uncovering-auth-vulnerability-in-aws-alb-albeast
• https://www.securityweek.com/thousands-of-apps-using-aws-alb-exposed-to-attacks-due-to-configuration-issue

Threat Modeling Enterprise AI Search

• https://kanenarraway.com/posts/threat-modelling-enterprise-ai-search

Bypassing airport security via SQL injection

• https://ian.sh/tsa

‍