Read Time:11 Second
I was surprised to receive an email this week telling me that I had renewed my annual subscription for McAfee virus protection.
Would you, or a member of your family, have fallen for this scam?
Daily Archives: May 25, 2023
Inactive accounts pose significant account takeover security risks
Read Time:47 Second
Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. That’s according to Okta’s first Customer Identity Trends Report which surveyed more than 20,000 consumers in 14 countries about their online experiences and attitudes towards digital security and identity.
It found that increasing identity sprawl can trigger significant account takeover (ATO) security risks due to accounts that haven’t been used or even thought about in years, particularly if customers reuse (or only slightly alter) passwords or do not perform security reviews. A breach to any service may equip a threat actor with a huge volume of user credentials and associated personal data, with attackers adept at using this information at scale to compromise active accounts including important business accounts and networks.
CVE-2022-38716
Read Time:7 Second
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.
CVE-2022-38356
Read Time:6 Second
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions.
On the Poisoning of LLMs
Read Time:52 Second
Interesting essay on the poisoning of LLMs—ChatGPT in particular:
Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they validate the prompts they use for training, how they vet their training data set, or how they fine-tune ChatGPT. Their secrecy means we don’t know if ChatGPT has been safely managed.
They’ll also have to update their training data set at some point. They can’t leave their models stuck in 2021 forever.
Once they do update it, we only have their word—pinky-swear promises—that they’ve done a good enough job of filtering out keyword manipulations and other training data attacks, something that the AI researcher El Mahdi El Mhamdi posited is mathematically impossible in a paper he worked on while he was at Google.
Microsoft links attacks on American critical infrastructure systems to China
Read Time:33 Second
Microsoft and a few American intelligence agencies have detected malware of Chinese origin deployed in critical infrastructure systems in Guam and elsewhere in the United States.
The malicious activity, focused on post-compromise credential access and network security discovery, has been linked to Volt Typhoon, a state-sponsored threat actor in China.
“Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States,” Microsoft said in a blog post. “In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.”
Smashing Security podcast #323: Botched Bitcoin blackmail, iSpoof, and Meta’s billion dollar data bungle
Read Time:21 Second
13 years jail for spoofing scammer, a rogue IT security expert’s Bitcoin blackmail goes wrong, and Facebook’s eyewatering GDPR fine may be only the beginning of its problems.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by the Imposter Syndrome Network podcast’s Zoë Rose.
USN-6054-2: Django vulnerability
Read Time:17 Second
USN-6054-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Moataz Al-Sharida and nawaik discovered that Django incorrectly handled
uploading multiple files using one form field. A remote attacker could
possibly use this issue to bypass certain validations.
6 ways generative AI chatbots and LLMs can enhance cybersecurity
Read Time:25 Second
The rapid emergence of Open AI’s ChatGPT has been one of the biggest stories of the year, with the potential impact of generative AI chatbots and large language models (LLMs) on cybersecurity a key area of discussion. There’s been a lot of chatter about the security risks these new technologies could introduce — from concerns about sharing sensitive business information with advanced self-learning algorithms to malicious actors using them to significantly enhance attacks.
Attributes of a mature cyber-threat intelligence program
Read Time:39 Second
Earlier this year, ESG published a research report focused on how enterprise organizations use threat intelligence as part of their overall cybersecurity strategy. The research project included a survey of 380 cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees).
Survey respondents were asked questions about their organization’s cyber-threat intelligence (CTI) program – how it was staffed, what types of skills were most important, its challenges and strategies, spending plans, etc. I’ve written three previous blogs detailing the research. The first one gave an overview of enterprise threat intelligence programs. The second examined challenges with the threat intelligence lifecycle, and the third looked at the intersection between CTI and digital risk protection (DRP).