News Items

As growing and maturing data services demand faster Internet speeds and operating systems call for better security, hackers and adversaries continue to interfere. For some, this involves infiltrating home and office wireless networks to steal personal or business information. These attackers often use high-powered signal jamming devices, which are wireless portable devices that impede devices' communication with each other. These jammers also serve as a defense for users trying to avoid these attacks. With this dichotomy in mind, former Khoury doctoral student Hai Nguyen and his advisor Guevara Noubir, both of whom are members of Khoury College's Cybersecurity and Privacy Institute, have developed a novel approach that cancels these high-powered jammers in situations where traditional techniques fail. This failure may occur as a result of the traditional techniques being designed for benign interference, requiring mechanically moving parts that react slowly to jamming, or requiring additional radio frequency bands to achieve resilience. JaX is the name of the duo's technique that sidesteps these situations. This article continues to discuss the researchers' JaX solution.

Northeastern University reports "Signal Jamming Defense Not up to the Task? These Researchers Have a Solution"

P2Pinfect, a novel peer-to-peer botnet that targets the Redis and SSH open-source services, has experienced a 600-time increase in activity since August 28, including a 12.3 percent increase in traffic over the past week. According to Cado Security Labs, P2Pinfect compromises have been seen in China, the US, Germany, the UK, Singapore, Hong Kong, and Japan. P2Pinfect was discovered in July, targeting servers hosting publicly accessible instances of the Redis open-source database. In a new blog post, the researchers noted that targeting Redis is only half of P2Pinfect's functionality, as the malware can also propagate via SSH and includes a list of username/password combinations to facilitate brute-force attacks. Matt Muir, the threat research lead at Cado Security Labs, explained that attackers could use a botnet of this size to conduct disruptive Distributed Denial-of-Service (DDoS) attacks, similar to those launched by hacktivists during the Russia-Ukraine war. Muir added that attackers could use it to mine cryptocurrency on a large scale, or to support additional malware campaigns or social engineering operations such as phishing. This article continues to discuss new findings regarding the P2Pinfect botnet.

SC Media reports "P2Pinfect Botnet Targets Redis and SSH Services"

Face recognition software is often implemented to gatekeep access to secure websites and electronic devices. Researchers are looking into the possibility of defeating it simply by wearing a mask resembling another person's face. The National Institute of Standards and Technology (NIST) recently published research on software designed to detect this type of spoof attack. The new study is published alongside another that evaluates the ability of software to identify potential issues with a photograph or digital facial image, such as one captured for a passport. Together, the two NIST publications provide insight into the effectiveness with which modern image-processing software executes a face analysis task that is becoming increasingly important. This article continues to discuss the two NIST evaluation studies that will help software better detect photo spoofs and image quality issues.

NIST reports "What's Wrong With This Picture? NIST Face Analysis Program Helps to Find Answers"

According to security researchers at SEC Consult, two vulnerabilities discovered earlier this year in Atos Unify products could allow malicious actors to cause disruption and even backdoor the targeted system. The vulnerabilities affect the Atos Unify Session Border Controller (SBC), which provides security for unified communications, the Unify OpenScape Branch product for remote offices, and Border Control Function (BCF), which is designed for emergency services. The researchers discovered that the web interface of these products is affected by CVE-2023-36618, which can be exploited by an authenticated attacker with low privileges to execute arbitrary PHP functions and, subsequently, operating system commands with root privileges. The second security hole, CVE-2023-36619, can be exploited by an unauthenticated attacker to access and execute certain scripts. The researchers stated that attackers could leverage these scripts to cause a denial-of-service (DoS) condition or change the system's configuration. The researchers noted that the vulnerabilities have a critical impact, but the vendor has assigned the flaws a "high severity" rating based on their CVSS score. The researchers stated that attackers can gain full control (root access) over the appliance if any low-privileged user credentials are known and could reconfigure or backdoor the system. Atos has released updates that should patch both Unify vulnerabilities.

SecurityWeek reports: "Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems"

Quantinuum is a merger between Honeywell Quantum Solutions and Cambridge Quantum focused on quantum computing. It aims to help build quantum-hardened cryptographic keys to secure Honeywell's smart utility meters. Quantum Origin is a service that uses quantum computers to generate large random numbers that can safeguard sensitive information or grid infrastructure. The first step in creating cryptographically secure encryption and authentication keys is to generate random numbers. A well-functioning Random Number Generator (RNG) ensures that future cryptographic keys cannot be guessed based on a predictable pattern. Traditionally, random numbers are generated algorithmically or with hardware devices that sample physical phenomena such as electrical noise. This article continues to discuss Honeywell securing its meters with cryptographic keys from Quantinuum.

IEEE Spectrum reports "Smart Utility Meter Security Takes a Quantum Leap"

The cloud security vendor Skyhawk has introduced a new benchmark for evaluating generative Artificial Intelligence (AI) Large Language Models' (LLMs) ability to identify and score cybersecurity threats within cloud logs and telemetries. According to the company, the free resource analyzes the accuracy with which ChatGPT, Google BARD, Anthropic Claude, and other LLAMA2-based open LLMs predict the maliciousness of an attack sequence. From a risk perspective, generative AI chatbots and LLMs can be a double-edged sword, but when used properly, they can significantly improve an organization's cybersecurity. Their potential to identify and dissect possible security threats faster and in greater volume than human security analysts is one of the benefits they offer. A Cloud Security Alliance (CSA) report exploring the cybersecurity implications of LLMs suggests that generative AI models can be used to improve the scanning and filtering of security vulnerabilities. CSA demonstrated in the paper that OpenAI's Codex Application Programming Interface (API) is an effective vulnerability scanner for programming languages, including C, C#, Java, and JavaScript. This article continues to discuss the generative AI benchmark that evaluates the ability of LLMs to identify and score cybersecurity threats within cloud logs and telemetries.

CSO Online reports "Skyhawk Security Ranks Accuracy of LLM Cyberthreat Predictions"

According to Rockwell Automation, 60 percent of cyberattacks against the industrial sector are conducted by state-affiliated actors and are often facilitated by internal personnel (33 percent of the time). This aligns with other industry research that suggests Operational Technology/Industrial Control Systems (OT/ICS) cybersecurity incidents are increasing in volume and frequency, and are targeting critical infrastructure, including energy producers. In the last three years, the number of OT/ICS cybersecurity incidents has already surpassed the total number reported between 1991 and 2000. The energy sector is the primary target of threat actors (39 perecent of attacks), which is over three times more frequently targeted than critical manufacturing (11 percent) and transportation (10 percent). This article continues to discuss key findings from Rockwell Automation's "Anatomy of 100+ Cybersecurity Incidents in Industrial Operations" report.

Help Net Security reports "Rising OT/ICS Cybersecurity Incidents Reveal Alarming Trend"

Following the disclosure of vulnerabilities in Mozilla's Firefox and Thunderbird, the National Cyber Security Agency in Qatar urges Adobe users to apply patches. However, other affected browsers were not mentioned. The vulnerability, tracked as CVE-2023-4863 with a CVSS score of 8.8, is a critical heap buffer overflow in the WebP library. It enables Remote Code Execution (RCE) and affects three versions of Firefox and two Thunderbird releases. The vulnerability also impacts other browsers supporting this library, including Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. Google recently warned that the vulnerability had been exploited in the wild as a zero-day before being patched. WebP allows administrators and web developers to create smaller, more robust images to improve user experience. This article continues to discuss the WebP vulnerability affecting multiple browsers.

Dark Reading reports "Qatar Cyber Chiefs Warn on Mozilla RCE Bugs"

A regulation requiring organizations conducting business in China to notify the government of software vulnerabilities within 48 hours of discovery reflects the Chinese government's increasingly strategic view of security flaws. A new report published by the Atlantic Council highlights how companies are complying with China's "Regulations on the Management of Network Product Security Vulnerabilities" (RMSV) law, as well as the mandate's effect on the broader vulnerability disclosure landscape and China's offensive hacking capabilities. This article continues to discuss key findings and points from the Atlantic Council's report on the 2021 RMSV.

Decipher reports "The Emergence of Security Flaws as a 'National Resource' in China"

Since the release of ChatGPT to the public, the adoption of Artificial Intelligence (AI) and Machine learning (ML) systems has increased significantly. In order to gain a competitive advantage, companies are racing to adopt AI technology. However, they may be exposing themselves to cybercriminals. ML models that drive many AI applications are susceptible to attacks against data contained within AI systems and adversarial ML attacks. Adversarial ML involves providing malicious input to an ML model to cause it to generate inaccurate results or degrade its performance. This attack could occur during the training phase of the ML model, or it could be introduced later via input samples to trick a trained model. This article continues to discuss how ML models are trained, the different types of adversarial ML attacks, and how to combat such attacks.

Cybernews reports "AI Under Criminal Influence: Adversarial Machine Learning Explained"

According to a new report from New York University (NYU), the immersive Internet experience known as the metaverse will erode users' privacy unless significant measures are taken to improve and regulate how the technology collects and stores personal data. The metaverse relies on Extended Reality (XR) technologies, encompassing Augmented Reality (AR), Virtual Reality (VR), and Mixed Reality (MR). The report from NYU's Stern Center for Business and Human Rights warns that because the technology cannot function without collecting and processing personal and bodily data, it poses a significant privacy risk. According to the report, behavioral and psychological information about individuals can be deduced from bodily data alone. Conventional XR hardware includes sensors that continuously track at least three categories of user data: head movements, eye movements, and spatial maps of physical surroundings. The report argues that when compiled over time, these types of data can disclose "highly sensitive information" about users, such as their physical and mental health, which can be used for commercial or political gain. This article continues to discuss privacy threats posed by metaverse technology.

The Record reports "Metaverse Poses Serious Privacy Risks for Users, Report Warns"