3 Layers of App Security to Keep Hackers Out, Let Customers In – Aviad Mizrachi – PSW #807

In the wake of Hamas’s attack on Israel, researchers and cybersecurity firms observed an uptick in operations by hacktivists and state-sponsored hacking groups. But more than one month into the conflict, researchers are increasingly concluding that cyberoperations linked to the war have been mostly opportunistic in nature and frequently exaggerated in terms of their impact.

In May of this year, more than 20 critical infrastructure organizations in Denmark were targeted with cyberattacks. A report published by SektorCERT, the Danish cybersecurity organization for critical infrastructure sectors details the attacks, which were carried out through two known vulnerabilities in Zyxel firewalls. Report: https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/sektorcert-the-attack-against-danish-critical-infrastructure-tlp-clear.pdf

DP World was able to contain the attacks to their Australian components. They have roughly 10% of the shipping worldwide and operate 82 inland and marine terminals in 40 countries. Further, they executed their response plan, bringing things back online in three days.

The government of the state of Maine has disclosed that its MOVEit server was breached earlier this year: intruders had access to files on the server on May 28 and 29. The incident affects 1.3 million people; the compromised data include names, Social Security numbers (SSNs), dates of birth, driver's license/state ID numbers, taxpayer ID numbers, and some medical and health insurance information. As of the 2020 census, the population of Maine was 1.3 million.

Researchers at Huntress say that cyberthreat actors are gaining unauthorized access to US healthcare organizations through locally-hosted instances of the ScreenConnect remote access tool, used by Transaction Data Systems. Huntress has provided a list of observed tactics, techniques, and procedures used in the attacks.

Don't expose any form of RDP to the Internet. Report: https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack

The US Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI) and the National Security Agency (NSA) have published software supply chain security guidance for vendors. The document focuses on software bill of materials (SBOM) consumption. https://media.defense.gov/2023/Nov/09/2003338086/-1/-1/0/SECURING%20THE%20SOFTWARE%20SUPPLY%20CHAIN%20RECOMMENDED%20PRACTICES%20FOR%20SOFTWARE%20BILL%20OF%20MATERIALS%20CONSUMPTION.PDF

CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) The alert comes one week after Juniper updated its advisory to notify customers that the flaws found in Juniper's J-Web interface (tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847) have been successfully exploited in the wild.

Fix: limit access to or disable J-Web, apply the software update

The Juniper CVE's are listed CISA's KEV catalog with due dates of 11/17.

The government of the City of Huber Heights, Ohio, is recovering from a ransomware attack. The city notified residents of the situation on the morning of Sunday, November 12, noting that “while public safety services are not impacted the following city divisions are affected: Zoning, Engineering, Tax, Finance, Utilities, Human Resources, and Economic Development.”

Of note: Providing updates every day at 2PM, City Manager steps up as POC.

China's largest bank, ICBC, was hit by ransomware that resulted in disruption of financial services (FS) systems on Thursday Beijing time. ICBC is the largest commercial bank in the world based on revenue. As they cannot connect to DTCC/NSCC they are unable to clear transactions, which is having impacts on US Treasury trades, which is why they are sending messengers to manually do so.

The attackers appear to have leveraged Citrix Bleed to own the bank's unpatched Citrix server. To abuse an old story - but for a patch, the battle was lost.

The Intel OEM private key was leaked, causing an impact on the entire ecosystem. The reality is that Intel Boot Guard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake. It affects many different device vendors, including Intel, Lenovo, Supermicro, and many others across the entire industry.

What a digital twin is doing is using your data inside a model that represents how your physiology and pathology is working. It is not making decisions about you based on a population that might be completely unrepresentative. It is genuinely personalised.

Civitai, an online marketplace for sharing AI models that enables the creation of nonconsensual sexual images of real people, has introduced a new feature that allows users to post “bounties.” These bounties allow users to ask the Civitai community to create AI models that generate images of specific styles, compositions, or specific real people, and reward the best AI model that does so.

They will make the proprietary algorithms it created for the TETRA radio protocol public.
This will mean independent researchers and government agencies that rely on the algorithms to protect their communications can examine them for security flaws.

A new AI model called EVEscape predicts how viruses mutate. To showcase EVEscape's potential, scientists provided it with the original genome sequence of SARS-CoV-2, and the AI correctly predicted nearly all the mutations that would come to dominate during the pandemic.

Project Green Light uses artificial intelligence to optimize and alter intersections in order to minimize vehicles’ stopping and starting. Google reported that at busy intersections in cities, pollution can be 29 times higher than it is on open roads, due to the environmental toll of cars stopping and starting again.

Drone swarms talk, collaborate and split up duties using human language, making it easier for operators to understand the machines’ behaviour. The technology has potential for use in security patrols, rescue operations and aerial logistics and transport.

OpenAI recently released a way for anyone to create their own version of ChatGPT. They're calling them GPTs, and you can build one, catered to your company or personal goals, in a matter of minutes.

GPT 4 hallucinated 3% of the time, while Google's Palm Chat hallucinated 27% of the time.

Giskard is a French startup working on an open source testing framework for large language models. It can alert developers of risks of biases, security holes and a model’s ability to generate harmful or toxic content. Tests cover a wide range of issues, such as performance, hallucinations, misinformation, non-factual output, biases, data leakage, harmful content generation and prompt injections.

The AI system provides an accurate picture of risk to clinicians. This can alter, and potentially improve, the course of treatment for many heart patients. The technology could save thousands of lives while improving treatment for almost half of patients.

BitcoinJS, a popular package for the browser based generation of cryptocurrency wallets, used insufficiently random numbers, so the private keys can be guessed. Vulnerable wallets were created between 2011 and 2015.

Wallet Drainers are using Create2 to bypass security alerts in certain wallets. By exploiting Create2’s ability to pre-calculate contract addresses, the Drainers can generate new addresses for each malicious signature. These addresses pass the wallet's tests and are not flagged as malicious.

Many x86 processors have a flaw in the microcode which can be triggered by assembly language instructions with multiple prefixes. This can cause branches to unexpected locations, unconditional branches being ignored and the processor no longer accurately recording the instruction pointer. This may lead to privilege escalation, but that exploit has not been developed yet. There is a PoC tool used to demonstrate the flaw.

Some of the processors that have this feature include:

Ice Lake Rocket Lake Tiger Lake Raptor Lake Alder Lake Sapphire Rapids

The new feature lets you upload files, but it also makes them vulnerable to exposure. An attacker would need to trick the ChatGPT user into entering a prompt containing a malicious third-party URL which can exfiltrate data from the files. This amounts to a high-level version of cross-site scripting.

Check if your Cryptocurrency Wallet is Vulnerable to Known Exploits. Submit your Public Key and our automated wallet checker will let you know if your wallet is vulnerable or becomes vulnerable in the future.