CyberSecurity updates
Updated: 2024-11-06 13:45:32 Pacfic


Dissent @ DataBreaches.Net
Data Breaches on Snowflake Cloud Storage Services - 1d

A significant data breach impacting around 165 companies has been linked to a suspected hacker who exploited Snowflake’s cloud storage services. Alexander “Connor” Moucka, the alleged perpetrator, was apprehended by Canadian authorities following a request from the US government. The stolen information, including customer data, is believed to have been offered for sale online. This incident highlights the vulnerabilities of cloud storage services and emphasizes the importance of robust security measures for safeguarding sensitive data. The breach has raised concerns about the security of cloud-based platforms and the potential for data theft, particularly within companies relying heavily on cloud services. It underscores the need for constant vigilance and proactive security measures to mitigate risks and protect sensitive data.

about.fb.com
Meta Opens Llama AI for US National Security - 1d

Meta has opened up its open-source Llama AI models to US government agencies and contractors for use in national security applications. This move aims to enhance the US’s capabilities in areas such as logistics, cyber defense, and counterterrorism efforts. The decision comes amidst concerns about China’s rapid advancements in AI and the potential threat posed by its military AI development. Meta is collaborating with companies like Amazon, Microsoft, and Lockheed Martin to make Llama accessible to the government, emphasizing the importance of American AI dominance in the global AI race.

Flag this
SPAR Program for AI Safety and Governance Research - 16h

The SPAR program is a remote-first part-time program connecting mentors and mentees for three-month AI safety and governance research projects. This initiative aims to promote research in areas such as technical AI safety, AI policy and governance, AI strategy, and AI security. The program offers funding for compute costs and provides valuable experience for both mentors and mentees. The focus on AI safety and governance is increasingly relevant in the rapidly evolving landscape of artificial intelligence. The SPAR program plays a crucial role in fostering research and development within the AI community.

research.checkpoint.com
APT36 Targets Indian Entities With ElizaRAT Malware - 1d

APT36, a known advanced persistent threat group, is actively targeting Indian entities with a sophisticated malware called ElizaRAT. This malware is primarily designed for espionage, with a focus on data exfiltration and covert communication. Recent campaigns have shown significant improvements in ElizaRAT’s evasion techniques, making it a potent tool for persistent attacks. The malware leverages cloud-based services for communication and data exfiltration, enabling it to operate stealthily and evade detection. The integration of ApoloStealer into the latest ElizaRAT campaign further enhances its capabilities, allowing the threat actor to steal a wider range of sensitive data.

eclypsium.com
Sophos Firewall Appliance Hacking Campaign - 1d

Sophos has identified a five-year campaign, dubbed “Pacific Rim”, by Chinese threat actors targeting network appliances, particularly Sophos firewalls. These attackers, including APT31, APT41/Winnti, and a third group, have employed a variety of tactics, including botnets, zero-days, custom malware, firmware backdoors, and UEFI implants, in attempts to compromise these devices. The UEFI implants, while not entirely new, are particularly concerning as they provide attackers with a persistent foothold on the firewall, potentially enabling them to gain control over the entire network. This campaign highlights the vulnerability of network appliances and the increasing sophistication of threat actors. Attackers are exploiting vulnerabilities, utilizing zero-day exploits, and implementing backdoors to gain access to sensitive data and gain a foothold in targeted organizations.

forms.kairos-project.org
SPAR AI Safety and Governance Research Program - 13h

The SPAR (Student Program for AI Research) program is a remote-first part-time program focused on AI safety and governance. The program connects mentors with mentees for three-month research projects, aiming to advance research in areas like technical AI safety, AI policy and governance, and AI security. SPAR is open to graduate students, academics, and individuals with relevant research experience. Mentors dedicate 2-12 hours per week to guide mentees, and the program offers funding for compute costs. The program is now being run by Kairos, a new AI safety fieldbuilding organization.

Maria Deutscher @ SiliconANGLE
Snowflake Data Theft Suspect Arrested - 15h

A suspect named Alexander Moucka has been arrested in Canada in connection with a data theft campaign that targeted Snowflake Inc. users. The attack exploited account credentials compromised by infostealers years ago. This incident affects over 160 Snowflake users, highlighting the ongoing threat of credential-based attacks. The arrest underscores the need for robust security measures to protect sensitive data, including multi-factor authentication, strong password policies, and regular security audits. It also emphasizes the importance of international cooperation in combating cybercrime.

Malwarebytes
Phish ‘n Ships: Cybercriminals Infect Web Shops with Fake Product Listings - 4d

A group of cybercriminals, dubbed “Phish ‘n Ships” by researchers, has infected over 1,000 legitimate web shops to create and promote fake product listings. The group targets in-demand products, creating fake online stores where consumers unwittingly provide their payment card information. These infected web shops redirect visitors to fake online stores, where they are presented with fake listings for popular items. Victims are then led to third-party payment processors controlled by the fraudsters, unknowingly providing their payment details. The group has been successful in manipulating search engine rankings, making their fake listings appear high in results. This sophisticated phishing scheme has caused estimated losses of tens of millions of dollars over the past five years.

x.com
Okta Authorization Bypass Vulnerability - 4d

Okta, a prominent identity and access management provider, has been found to be vulnerable to an authorization bypass flaw. This vulnerability, which has been patched, allows attackers to gain unauthorized access to restricted resources, potentially compromising sensitive user data. The vulnerability stems from Okta’s AD/LDAP delegated authentication mechanism, which allows users to authenticate with a username longer than 52 characters. Attackers could exploit this by crafting specially designed usernames, effectively bypassing authentication checks and gaining access to resources without proper authorization. This incident highlights the importance of robust security practices, including thorough vulnerability assessments and timely patching of identified flaws.

Bruce Schneier @ Security Boulevard
AI Discovering Vulnerabilities: A New Era of Security - 21h

The use of Artificial Intelligence (AI) to automatically discover vulnerabilities in code is becoming increasingly prevalent, with researchers developing new methods to effectively scan source code and find zero-days in the wild. Companies like ZeroPath are combining deep program analysis with adversarial AI agents to uncover critical vulnerabilities, often in production systems, that traditional security tools struggle to detect. While AI-based vulnerability discovery is still in its early stages, its potential to enhance security measures is undeniable. This development could significantly improve the effectiveness of security testing and lead to the identification of vulnerabilities earlier in the development cycle, reducing the risk of exploitation.

Heather Adkins @ The Official Google Blog
Okta Secure by Design Flaw - 4d

Okta, a prominent identity and access management (IAM) provider, experienced a security setback that contradicted its “secure by design” pledge. A vulnerability was discovered in the AD/LDAP DelAuth solution, allowing attackers to bypass password requirements and log in under specific conditions. The flaw, introduced in a July 2024 update, stemmed from a security oversight in cache key generation using the Bcrypt algorithm. The vulnerability required a combination of factors, including a long username, the absence of multi-factor authentication (MFA), and specific authentication timing. Okta quickly fixed the vulnerability and deployed a patch, but the incident highlights the challenges of achieving 100% secure by design principles across complex software systems.

googleprojectzero.blogspot.com
Large Language Models Used to Detect Code Vulnerabilities - 1d

The research community is exploring innovative ways to leverage large language models (LLMs) for cybersecurity purposes. A recent study has demonstrated the potential of LLMs to identify vulnerabilities in real-world code. The study’s findings suggest that LLMs can be trained to detect flaws in software by analyzing vast amounts of code data. This approach represents a promising advancement in automated vulnerability detection, potentially leading to improved software security and reduced exploitation risks. This research indicates the potential of LLMs to play a crucial role in proactive vulnerability identification and mitigation, enhancing the security of software systems.

Flag this
Kia Vehicles Vulnerable to Remote Hijacking: Security Flaws Allow Full Control - 9d

Researchers have identified a critical vulnerability in Kia vehicles that allows attackers to gain remote control over essential functions, including locking and unlocking doors, starting the engine, and even accessing personal information. The vulnerability, discovered by security researcher Sam Curry, allows attackers to exploit weaknesses in Kia’s online systems and mobile apps, potentially compromising vehicles within 30 seconds using only a license plate number. While Kia has patched the vulnerability, the incident highlights the increasing threat posed by connected vehicles, emphasizing the need for robust security measures to protect against remote hijacking and data theft.

cyble.com
Critical Vulnerabilities in Ivanti Products Actively Exploited - 20d

Multiple critical vulnerabilities have been identified in Ivanti Cloud Services Appliance (CSA), a key component for secure device management and communication. These vulnerabilities, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, are actively exploited by threat actors. CVE-2024-9379 allows remote, authenticated attackers with administrator privileges to execute SQL injection attacks. CVE-2024-9380 enables attackers to achieve remote code execution through OS command injection. CVE-2024-9381 provides a path traversal vulnerability, enabling attackers to bypass restrictions. The vulnerabilities are chained with CVE-2024-8963, highlighting the severity of the situation. CISA has issued an urgent advisory, urging security teams to patch the flaws immediately.

systemweakness.com
Nezur Lua Malware Campaign Targeting Roblox Players - 19d

A new malware campaign, written in Lua, is targeting Roblox players. The campaign uses social engineering tactics to trick players into downloading infected files that contain malicious code. The malware appears to be delivered through a web interface that masqueraded as a legitimate AI engine for Roblox games. It appears to offer tools or features to enhance the gaming experience but is actually a front for the malware delivery mechanism. The attackers use GitHub as a delivery mechanism, disguising the malware as a legitimate file in a trusted environment. This campaign is particularly concerning because it targets a vulnerable user base, including young gamers who are less cautious about cybersecurity.

rte.ie
SETU Waterford Campus Cyberattack - 1d

South East Technological University (SETU) in Ireland has confirmed a cyberattack affecting its Waterford campus, causing significant disruptions to IT services and academic activities. The university’s IT team and external cybersecurity experts are working to resolve the incident, but the full extent of the impact is still being assessed. The attack highlights the growing vulnerability of educational institutions to cyber threats, especially given their access to large amounts of sensitive data. Although no data breaches have been reported yet, the incident underscores the need for robust security measures to protect critical infrastructure within universities.


This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts documented at my website here (https://royans.net/) if you have feedback. You can also find FlagThis at Mastodon.