FlagThis

A significant data breach impacting around 165 companies has been linked to a suspected hacker who exploited Snowflake’s cloud storage services. Alexander “Connor” Moucka, the alleged perpetrator, was apprehended by Canadian authorities following a request from the US government. The stolen information, including customer data, is believed to have been offered for sale online. This incident highlights the vulnerabilities of cloud storage services and emphasizes the importance of robust security measures for safeguarding sensitive data. The breach has raised concerns about the security of cloud-based platforms and the potential for data theft, particularly within companies relying heavily on cloud services. It underscores the need for constant vigilance and proactive security measures to mitigate risks and protect sensitive data.

Meta has opened up its open-source Llama AI models to US government agencies and contractors for use in national security applications. This move aims to enhance the US’s capabilities in areas such as logistics, cyber defense, and counterterrorism efforts. The decision comes amidst concerns about China’s rapid advancements in AI and the potential threat posed by its military AI development. Meta is collaborating with companies like Amazon, Microsoft, and Lockheed Martin to make Llama accessible to the government, emphasizing the importance of American AI dominance in the global AI race.

The SPAR program is a remote-first part-time program connecting mentors and mentees for three-month AI safety and governance research projects. This initiative aims to promote research in areas such as technical AI safety, AI policy and governance, AI strategy, and AI security. The program offers funding for compute costs and provides valuable experience for both mentors and mentees. The focus on AI safety and governance is increasingly relevant in the rapidly evolving landscape of artificial intelligence. The SPAR program plays a crucial role in fostering research and development within the AI community.

APT36, a known advanced persistent threat group, is actively targeting Indian entities with a sophisticated malware called ElizaRAT. This malware is primarily designed for espionage, with a focus on data exfiltration and covert communication. Recent campaigns have shown significant improvements in ElizaRAT’s evasion techniques, making it a potent tool for persistent attacks. The malware leverages cloud-based services for communication and data exfiltration, enabling it to operate stealthily and evade detection. The integration of ApoloStealer into the latest ElizaRAT campaign further enhances its capabilities, allowing the threat actor to steal a wider range of sensitive data.

Sophos has identified a five-year campaign, dubbed “Pacific Rim”, by Chinese threat actors targeting network appliances, particularly Sophos firewalls. These attackers, including APT31, APT41/Winnti, and a third group, have employed a variety of tactics, including botnets, zero-days, custom malware, firmware backdoors, and UEFI implants, in attempts to compromise these devices. The UEFI implants, while not entirely new, are particularly concerning as they provide attackers with a persistent foothold on the firewall, potentially enabling them to gain control over the entire network. This campaign highlights the vulnerability of network appliances and the increasing sophistication of threat actors. Attackers are exploiting vulnerabilities, utilizing zero-day exploits, and implementing backdoors to gain access to sensitive data and gain a foothold in targeted organizations.

The SPAR (Student Program for AI Research) program is a remote-first part-time program focused on AI safety and governance. The program connects mentors with mentees for three-month research projects, aiming to advance research in areas like technical AI safety, AI policy and governance, and AI security. SPAR is open to graduate students, academics, and individuals with relevant research experience. Mentors dedicate 2-12 hours per week to guide mentees, and the program offers funding for compute costs. The program is now being run by Kairos, a new AI safety fieldbuilding organization.

A suspect named Alexander Moucka has been arrested in Canada in connection with a data theft campaign that targeted Snowflake Inc. users. The attack exploited account credentials compromised by infostealers years ago. This incident affects over 160 Snowflake users, highlighting the ongoing threat of credential-based attacks. The arrest underscores the need for robust security measures to protect sensitive data, including multi-factor authentication, strong password policies, and regular security audits. It also emphasizes the importance of international cooperation in combating cybercrime.

A group of cybercriminals, dubbed “Phish ‘n Ships” by researchers, has infected over 1,000 legitimate web shops to create and promote fake product listings. The group targets in-demand products, creating fake online stores where consumers unwittingly provide their payment card information. These infected web shops redirect visitors to fake online stores, where they are presented with fake listings for popular items. Victims are then led to third-party payment processors controlled by the fraudsters, unknowingly providing their payment details. The group has been successful in manipulating search engine rankings, making their fake listings appear high in results. This sophisticated phishing scheme has caused estimated losses of tens of millions of dollars over the past five years.

Okta, a prominent identity and access management provider, has been found to be vulnerable to an authorization bypass flaw. This vulnerability, which has been patched, allows attackers to gain unauthorized access to restricted resources, potentially compromising sensitive user data. The vulnerability stems from Okta’s AD/LDAP delegated authentication mechanism, which allows users to authenticate with a username longer than 52 characters. Attackers could exploit this by crafting specially designed usernames, effectively bypassing authentication checks and gaining access to resources without proper authorization. This incident highlights the importance of robust security practices, including thorough vulnerability assessments and timely patching of identified flaws.

The use of Artificial Intelligence (AI) to automatically discover vulnerabilities in code is becoming increasingly prevalent, with researchers developing new methods to effectively scan source code and find zero-days in the wild. Companies like ZeroPath are combining deep program analysis with adversarial AI agents to uncover critical vulnerabilities, often in production systems, that traditional security tools struggle to detect. While AI-based vulnerability discovery is still in its early stages, its potential to enhance security measures is undeniable. This development could significantly improve the effectiveness of security testing and lead to the identification of vulnerabilities earlier in the development cycle, reducing the risk of exploitation.

Okta, a prominent identity and access management (IAM) provider, experienced a security setback that contradicted its “secure by design” pledge. A vulnerability was discovered in the AD/LDAP DelAuth solution, allowing attackers to bypass password requirements and log in under specific conditions. The flaw, introduced in a July 2024 update, stemmed from a security oversight in cache key generation using the Bcrypt algorithm. The vulnerability required a combination of factors, including a long username, the absence of multi-factor authentication (MFA), and specific authentication timing. Okta quickly fixed the vulnerability and deployed a patch, but the incident highlights the challenges of achieving 100% secure by design principles across complex software systems.

The research community is exploring innovative ways to leverage large language models (LLMs) for cybersecurity purposes. A recent study has demonstrated the potential of LLMs to identify vulnerabilities in real-world code. The study’s findings suggest that LLMs can be trained to detect flaws in software by analyzing vast amounts of code data. This approach represents a promising advancement in automated vulnerability detection, potentially leading to improved software security and reduced exploitation risks. This research indicates the potential of LLMs to play a crucial role in proactive vulnerability identification and mitigation, enhancing the security of software systems.

Researchers have identified a critical vulnerability in Kia vehicles that allows attackers to gain remote control over essential functions, including locking and unlocking doors, starting the engine, and even accessing personal information. The vulnerability, discovered by security researcher Sam Curry, allows attackers to exploit weaknesses in Kia’s online systems and mobile apps, potentially compromising vehicles within 30 seconds using only a license plate number. While Kia has patched the vulnerability, the incident highlights the increasing threat posed by connected vehicles, emphasizing the need for robust security measures to protect against remote hijacking and data theft.

Multiple critical vulnerabilities have been identified in Ivanti Cloud Services Appliance (CSA), a key component for secure device management and communication. These vulnerabilities, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, are actively exploited by threat actors. CVE-2024-9379 allows remote, authenticated attackers with administrator privileges to execute SQL injection attacks. CVE-2024-9380 enables attackers to achieve remote code execution through OS command injection. CVE-2024-9381 provides a path traversal vulnerability, enabling attackers to bypass restrictions. The vulnerabilities are chained with CVE-2024-8963, highlighting the severity of the situation. CISA has issued an urgent advisory, urging security teams to patch the flaws immediately.

A new malware campaign, written in Lua, is targeting Roblox players. The campaign uses social engineering tactics to trick players into downloading infected files that contain malicious code. The malware appears to be delivered through a web interface that masqueraded as a legitimate AI engine for Roblox games. It appears to offer tools or features to enhance the gaming experience but is actually a front for the malware delivery mechanism. The attackers use GitHub as a delivery mechanism, disguising the malware as a legitimate file in a trusted environment. This campaign is particularly concerning because it targets a vulnerable user base, including young gamers who are less cautious about cybersecurity.

South East Technological University (SETU) in Ireland has confirmed a cyberattack affecting its Waterford campus, causing significant disruptions to IT services and academic activities. The university’s IT team and external cybersecurity experts are working to resolve the incident, but the full extent of the impact is still being assessed. The attack highlights the growing vulnerability of educational institutions to cyber threats, especially given their access to large amounts of sensitive data. Although no data breaches have been reported yet, the incident underscores the need for robust security measures to protect critical infrastructure within universities.