Homeland Security Department Releases Framework for Using AI in Critical Infrastructure
The Biden administration released guidelines for integrating artificial intelligence into critical infrastructure sectors such as the power grid, water systems, and air travel networks. The Department of Homeland Security announced that private industries are encouraged to adopt these guidelines, developed in consultation with the department’s advisory Artificial Intelligence Safety and Security Board.
Homeland Security Secretary Alejandro Mayorkas stated that the framework is intended to be a "living document" that will evolve with industry developments. The guidelines recommend that AI developers assess potentially dangerous capabilities, ensure alignment with human-centric values, and protect user privacy. Cloud-computing infrastructures are advised to vet hardware and software suppliers and secure data centers physically.
Owners and operators of critical infrastructure are urged to enhance cybersecurity protocols considering AI-related risks and to provide transparency about AI usage. There are also recommendations for state and local governments.
SurePath AI Raises $5.2 Million for Gen-AI Governance Solution
SurePath AI has secured $5.2 million in seed funding to advance its platform that helps enterprises securely use generative artificial intelligence. This funding round, led by Uncork Capital with participation from Operator Collective, brings the total raised by the company to $6.3 million.
Founded in 2023 and launched at AWS re
2024, SurePath AI offers a governance platform designed to detect Gen-AI usage, mitigate risks, and control enterprise data access. The platform provides visibility and control over Gen-AI use across public and private models, with role-based access controls determining data access and egress."As GenAI adoption continues to surge across industries, businesses are challenged to balance the risks and benefits," said Casey Bleeker, CEO and founder of SurePath AI. "Our company was built to solve this dilemma, and today, our platform enables the secure adoption of GenAI without hindering innovation."
Glove Stealer Malware Bypasses Chrome’s App-Bound Encryption
A new information stealer called Glove Stealer can bypass the App-Bound Encryption mechanism in Chromium-based browsers, according to cybersecurity firm Gen Digital. Written in .NET, the malware targets multiple browsers and extensions to exfiltrate sensitive information such as cookies, credentials, and data from cryptocurrency wallets and password managers.
Glove Stealer stands out due to its ability to bypass Application-Bound Encryption introduced in Chrome 127 to prevent cookie theft. The malware exploits the internal COM-based IElevator service unique to each browser to decrypt necessary keys. It targets browsers like Edge, Brave, Opera, Yandex, and CryptoTab.
The malware is distributed via phishing emails containing HTML attachments that display fake error messages, prompting victims to execute malicious scripts. Once executed, Glove Stealer contacts a command-and-control server to begin data harvesting and exfiltration.
Team Software Data Breach Impacts 100,000 People
Business software maker Team Software (WorkWave) reported a data breach affecting nearly 100,000 individuals. Unauthorized access was detected in late July, compromising systems that stored personal information.
DDoS Attack Disrupts Credit Card Readers in Israel
A DDoS attack disrupted credit card readers at gas stations and supermarkets in Israel. The affected provider, Hyp Credit Guard, stated that the attack lasted about an hour and targeted both its services and communication suppliers.
Researcher Finds Multiple macOS Sandbox Escape Vulnerabilities
Security researcher Mickey Jin discovered over 10 macOS sandbox escape vulnerabilities related to an overlooked attack surface involving XPC services. Apple has patched most of them, with a few still pending fixes.
TSA Proposes Cyber Risk Management Requirements for Pipelines and Railroads
The Transportation Security Administration (TSA) proposed a new rule requiring pipeline and railroad operators to establish cyber risk management programs and report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA).
Microsoft Visio Files Abused in Phishing Attacks
Perception Point observed cybercriminals using a new two-step phishing attack involving Microsoft Visio files and SharePoint to evade detection. The attacks begin with compromised email accounts sending links to SharePoint-hosted Visio files that redirect to Microsoft credential phishing pages.
Black Hat SEO in Japan
Trend Micro and Japanese authorities conducted research into threat groups specializing in black hat SEO, aiming to lure users to fake e-commerce sites through malware and search engine poisoning attacks.
Hamas-Linked Hackers Expand from Espionage to Disruptive Attacks
Cybersecurity firm Check Point reports that Wirte, a Hamas-linked threat actor, has expanded operations from espionage to disruptive attacks involving wiper malware against Israeli entities.
North Korea-Linked macOS Malware Abuses Flutter
Jamf researchers found macOS malware samples abusing Flutter, Google's open-source UI toolkit, to obfuscate malicious code. The malware is linked to North Korean hackers and may be part of tests to bypass detection.
SIM Swappers Arrested in the US
Three Indiana residents were arrested over alleged roles in a SIM swapping operation leading to money and data theft. The suspects used fraudulent IDs to perform SIM swaps and obtain two-factor authentication codes.
New Real-Time Protections in Android
Google announced two new real-time protection features in Android: Scam Detection in Phone and Google Play Protect live threat detection. These features aim to detect potential scam calls and harmful software activities.
Known Brand, Government Domains Hijacked via 'Sitting Ducks' Attacks
Cybersecurity firm Infoblox reports that tens of thousands of domains, including those of well-known brands and government entities, have been hijacked over the past five years due to DNS providers failing to verify domain ownership. The attack method, known as Sitting Ducks, allows attackers to hijack domains through incorrect configurations at domain registrars and insufficient DNS provider preventions.
Infoblox identified over a dozen independent actors using Sitting Ducks attacks, including groups like Vacant Viper and Vextrio Viper. The attacks result in reputational damage, financial losses, and risks of malware infections and credential theft.
Man Who Stole and Laundered Roughly $1B in Bitcoin Sentenced to 5 Years
Ilya Lichtenstein, who stole approximately 120,000 bitcoin from Hong Kong-based exchange Bitfinex in 2016, was sentenced to five years in prison. Valued at $71 million at the time and over $7.6 billion today, Lichtenstein and his wife Heather Morgan laundered the stolen funds through complex transactions. Authorities have recovered over 96% of the stolen bitcoin.
CISA Warns of Additional Palo Alto Expedition Flaws Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) warned about two more vulnerabilities in Palo Alto Networks Expedition tool being exploited in the wild. The flaws, CVE-2024-9463 and CVE-2024-9465, are critical and were patched in October. They allow unauthenticated attackers to execute arbitrary OS commands and obtain sensitive information.
Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover
A critical vulnerability in the Really Simple Security plugin for WordPress exposed up to four million websites to potential takeover, according to security firm Defiant. Tracked as CVE-2024-10924, the flaw is an authentication bypass allowing attackers to log in as any user, including administrators. Patches have been rolled out, and site administrators are advised to update to version 9.1.2.
Palo Alto Networks Confirms New Firewall Zero-Day Exploitation
Palo Alto Networks confirmed that a new zero-day vulnerability affecting its firewalls has been exploited in attacks. The unauthenticated remote command execution vulnerability has a CVSS score of 9.3. The company is working on patches and advises customers to restrict access to the firewall management interface to trusted IP addresses.
LightSpy Spyware Operation Expands to Windows
The China-linked APT group APT41 has expanded its LightSpy malware operation to Windows systems, reports BlackBerry. The group has added a Windows-based surveillance framework called DeepData, enhancing their cross-platform espionage capabilities. The malware targets communication platforms, browsers, password managers, and can record audio to spy on victims.
Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
Cybersecurity company Check Point uncovered a new remote access trojan called WezRat, used by Iranian state-sponsored actors to target Israeli organizations. The malware can execute commands, take screenshots, and steal sensitive data. It is associated with the group known as Cotton Sandstorm or Emennet Pasargad.
Researchers Warn of Privilege Escalation Risks in Google's Vertex AI Platform
Palo Alto Networks Unit 42 researchers disclosed two security flaws in Google's Vertex AI platform that could allow attackers to escalate privileges and exfiltrate models. By exploiting custom job permissions and deploying poisoned models, attackers could gain unauthorized access to data services. Google has addressed the vulnerabilities following responsible disclosure.
Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia
A Vietnamese-speaking threat actor has been linked to a new Python-based malware called PXA Stealer, according to Cisco Talos. The malware targets government and education entities in Europe and Asia, stealing sensitive information including credentials and financial data. The attackers focus on Facebook business and advertisement accounts.
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables
Cybersecurity researchers from Varonis disclosed a high-severity vulnerability in the open-source database system PostgreSQL, tracked as CVE-2024-10979. The flaw allows unprivileged users to alter environment variables, potentially leading to code execution or information disclosure. Patches have been released in multiple PostgreSQL versions.