Daily Drop (703): Water Facility Systems, US Weapons Stockpile, Gcore: DDoS, Warbeast2000 & Kodiak2k, Deepfack Robocall Biden, Atlassian Confluence, GSA: CN CAMs, 01.AI, Nuclear-Powered Datacenter
01-24-24
Wednesday, Jan 24 2024 // (IG): BB // ShadowNews // Coffee for Bob // Proxies
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
Ransomware Attack on Veolia North America's Water Facility Systems
Bottom Line Up Front (BLUF): Veolia, a major global operator of water and wastewater systems, experienced a ransomware attack impacting its North America Municipal Water division. This cyber incident affected software applications and systems, leading to operational disruptions in the United States.
Analyst Comments: This incident underscores the escalating cyber threats targeting critical infrastructure sectors. Veolia's quick response, involving IT and Security Incident Response Teams and collaboration with law enforcement, highlights the importance of preparedness and rapid action in mitigating such threats. The attack on Veolia, part of a sector crucial for public health and safety, raises concerns about the vulnerability of essential services to cyberattacks. It also emphasizes the need for robust cybersecurity measures and incident response plans in the water and wastewater industry.
FROM THE MEDIA: Veolia, a firm specializing in water, waste, and energy management systems with significant operations in the United States and worldwide, was hit by a ransomware attack that affected its North America division. The attack led to the disruption of certain software applications and systems, particularly impacting online bill payment systems. Veolia's response included taking targeted back-end systems offline and cooperating with law enforcement for investigation. The company assured customers that the attack did not affect water or wastewater treatment operations, but it did result in personal data theft for some individuals. The incident did not involve water or wastewater treatment disruption, but it did impact the company's internal back-end systems. In response, Veolia has reassured customers that late payments will not incur penalties or interest charges due to the service interruption.
READ THE STORY: The Record
The West Faces a Weapons Stockpile Challenge Amid Growing Global Conflicts
Bottom Line Up Front (BLUF): Western nations, led by the U.S. and NATO, are confronting a significant security dilemma due to dwindling weapons stockpiles. This challenge arises as the U.S. continues to provide substantial military aid to Ukraine and Israel, amounting to billions of dollars. The sustained support in these conflicts has led to a decrease in military resources, prompting a reevaluation of defense strategies and raising concerns about the West's capacity to respond effectively to global conflicts.
Analyst Comments: The situation highlighted represents a critical juncture in Western military strategy and defense policy. Historically, the U.S. and NATO have maintained extensive arsenals and military capabilities, positioning them as global security pillars. However, the protracted nature of modern conflicts, particularly in Ukraine, combined with the need to support allies like Israel, has substantially drained these resources. This development could signal a shift in geopolitical dynamics, where the West might have to recalibrate its approach to international conflicts. It also raises questions about the sustainability of current defense policies, especially in the face of potential new threats or emergencies.
FROM THE MEDIA: The report by Hollie McKay for The Cipher Brief on January 23rd, 2024, underlines a pressing security issue for Western nations: the diminishing stockpiles of weapons amidst ongoing global conflicts. For nearly two years, the U.S. has been at the forefront of supplying military aid to Ukraine, and for the past three months, it has significantly increased its military support to Israel. This increased involvement and support have led to a notable decrease in military resources available in the U.S. and Europe.
READ THE STORY: The Cipher Brief
Surge in DDoS Attack Power: Gcore Radar's Alarming Report
Bottom Line Up Front (BLUF): Gcore's latest report indicates a significant escalation in DDoS attack power, jumping from 300 Gbps in 2021 to a staggering 1.6 Tbps (Terabits per second) by the end of 2023. This development signals a new era in cybersecurity threats, with attacks becoming more sophisticated and powerful.
Analyst Comments: The exponential growth in DDoS attack power represents a formidable challenge for cybersecurity defenses worldwide. The transition from measuring attacks in Gigabits to Terabits per second underscores a critical shift in the threat landscape. Organizations must adapt by implementing robust and versatile cybersecurity strategies to counter these increasingly sophisticated attacks. The wide geographic spread of attack origins further complicates the situation, emphasizing the need for global cooperation in cybersecurity efforts. Industries like gaming, finance, and telecommunications remain prime targets, highlighting the necessity for industry-specific defense mechanisms. This alarming trend necessitates heightened vigilance and proactive measures to safeguard against these evolving cyber threats.
FROM THE MEDIA: Gcore's latest report, highlighted by The Hacker News, reveals alarming trends in DDoS attack power and strategies in the second half of 2023. The report notes a more than 100% annual increase in peak DDoS attack volume, with a peak capacity reaching 1.6 Tbps. The report also observed a variation in attack durations and methods, with UDP floods constituting the majority of attacks. Key findings include the global spread of attack sources, with the US leading, followed by Indonesia and the Netherlands. The report emphasizes the need for a multifaceted defense strategy to protect against various DDoS techniques and highlights the continued targeting of specific industries like gaming and finance. The data suggest attackers are becoming more strategic, with gaming sector attacks being more frequent but lower in power, and financial sector attacks varying in volume and length.
READ THE STORY: THN
North Korea's AI Development Raises Concerns About Cloud Computing Misuse
Bottom Line Up Front (BLUF): The Stimson Center's 38 North, through a report by Hyuk Kim of the James Martin Center for Nonproliferation Studies, highlights North Korea's significant advancements in AI, particularly in military applications like nuclear energy safety, wargaming, and battle simulations. The report raises concerns about North Korea potentially renting cloud computing infrastructure to further its AI capabilities, circumventing international sanctions that limit its access to physical AI infrastructure.
Analyst Comments: North Korea's focus on AI development, especially for military purposes, is a strategic move aligning with its long-standing pursuit of technological advancement in warfare. This development is particularly worrying due to North Korea's history of belligerence, nuclear capabilities, and missile technology. The international community has long tried to curb North Korea's technological advancements through sanctions, but the digital nature of AI and cloud computing presents new challenges. The potential for North Korea to anonymously access and utilize global cloud resources for AI research and development is a loophole that undermines the effectiveness of these sanctions.
FROM THE MEDIA: The Stimson Center, through its publication 38 North, addresses concerns about North Korea's growing AI capabilities, especially in light of its potential misuse of cloud computing resources. Authored by Hyuk Kim from CNS, the report stresses North Korea's increased interest in AI, evident from numerous scientific papers and national prioritization. Despite international sanctions impeding North Korea's acquisition of physical AI infrastructure, there's apprehension about the country renting cloud services for AI development. This method could enable North Korea to enhance its military capabilities, including nuclear safety and battle simulations. The report suggests that cloud providers and academic conferences should be vigilant to prevent unintentional collaboration with North Korean entities. The overall concern is that North Korea's covert use of cloud computing for AI could weaken the effectiveness of sanctions and international efforts to restrict its technological military advancements.
READ THE STORY: The Register
Malicious NPM Packages Exfiltrate Developer SSH Keys via GitHub
Bottom Line Up Front (BLUF): Two harmful npm packages, warbeast2000 and kodiak2k, were found using GitHub to steal and store Base64-encrypted SSH keys from developer systems. Detected by ReversingLabs, these packages were downloaded hundreds of times before removal.
Analyst Comments: This incident highlights the growing trend of exploiting software supply chains, particularly open source ecosystems, to conduct cyber espionage and theft. The use of popular platforms like GitHub for malicious activities underlines the sophistication and adaptability of cybercriminals. This situation calls for heightened vigilance among developers and organizations, emphasizing the necessity for robust security protocols in software development and dependency management processes.
FROM THE MEDIA: The malicious npm packages warbeast2000 and kodiak2k, after installation, executed scripts to steal SSH keys from developers' systems, uploading them to GitHub. ReversingLabs discovered these packages, each designed to execute different malicious JavaScript files. Warbeast2000 targeted private SSH keys, while kodiak2k sought a placeholder key named "meow" and later incorporated the Empire post-exploitation framework and Mimikatz tool for credential dumping. Security researcher Lucija Valentić noted the significance of this campaign in the context of cybercriminals targeting development organizations through software supply chain attacks.
READ THE STORY: THN
Deepfake Technology in Politics: The Biden Robocall Incident
Bottom Line Up Front (BLUF): A deepfake audio robocall impersonating President Biden has caused alarm in the context of the New Hampshire primary elections. This incident underscores growing concerns about the use of generative AI in spreading disinformation and interfering in political processes. Lawmakers and experts are increasingly worried about the potential misuse of AI for deceptive purposes, especially in sensitive areas like elections.
Analyst Comments: The Biden deepfake robocall incident represents a significant escalation in the use of AI-generated content for potential political manipulation. Deepfake technology, capable of creating convincing fake audio and video, poses a serious challenge to the integrity of information, especially in politically sensitive contexts. This incident not only highlights the technological advancements in AI but also underscores the urgent need for regulatory frameworks to manage the ethical and legal implications of such technology. The effectiveness of deepfakes in misleading the public, particularly during election periods, signals a worrying trend that could undermine public trust in democratic processes.
FROM THE MEDIA: As reported by Vittoria Elliott and Makena Kelly for WIRED, an audio deepfake mimicking President Biden has been utilized in a robocall during the New Hampshire primary, causing confusion among voters. The deepfake falsely encouraged voters to abstain from voting in the primary, falsely stating that their vote would be more impactful in the November election. This incident has amplified existing concerns about the potential of generative AI to spread disinformation. Lawmakers and advocacy groups are calling for more robust regulations to address AI accountability and transparency, particularly in the context of political advertising and disinformation. Recent developments, like voluntary commitments from tech companies to watermark AI-manipulated content and executive orders for AI technology guidance, reflect efforts to mitigate these challenges.
(CVE-2023-22527) Critical Atlassian Confluence Flaw: Widespread Exploitation Within Days of Disclosure
Bottom Line Up Front (BLUF): A critical security flaw in Atlassian Confluence Data Center and Server, identified as CVE-2023-22527 with a CVSS score of 10.0, is being actively exploited just days after its public disclosure. This vulnerability allows unauthenticated attackers to execute remote code on affected installations. Approximately 40,000 attacks have been recorded since the flaw's disclosure, originating from over 600 unique IP addresses, predominantly from Russia.
Analyst Comments: The rapid exploitation of CVE-2023-22527 demonstrates the heightened risk and pace at which cyber threats evolve in the digital landscape. It highlights the criticality of timely patching and updates for security vulnerabilities, especially in widely used enterprise software like Atlassian Confluence. The geographical concentration of the attack origins suggests possible state-sponsored activities or organized cybercriminal groups operating in those regions. This situation underscores the importance of robust cybersecurity defenses and proactive threat intelligence for organizations globally, as vulnerabilities can be swiftly turned into vectors for significant cyberattacks.
FROM THE MEDIA: According to The Hacker News, malicious actors have quickly leveraged the recently disclosed vulnerability in Atlassian Confluence Data Center and Confluence Server. The flaw, impacting versions released before December 5, 2023, has seen nearly 40,000 exploitation attempts since January 19, primarily from Russia, Singapore, Hong Kong, the U.S., China, India, Brazil, Taiwan, Japan, and Ecuador. Security researchers from ProjectDiscovery have analyzed the flaw, emphasizing its potential to allow attackers to inject expressions and execute arbitrary code. The current activities mostly involve scanning for vulnerable servers, indicating preparation for more extensive exploitation. Over 11,000 Atlassian instances are internet-accessible, though the exact number vulnerable to CVE-2023-22527 remains unknown.
READ THE STORY: THN // PoC: CVE-2023-22527
GSA's Flawed Procurement of Non-Compliant Chinese-Made Cameras Raises Security Concerns
Bottom Line Up Front (BLUF): The General Services Administration (GSA) has been criticized for using "egregiously flawed" market research in its procurement of 150 Chinese-made video conferencing cameras that failed to comply with the 1979 Trade Agreements Act. These cameras, purchased from a U.S.-based company designated as "Company A," have known security flaws, some of which remain unpatched, posing potential cybersecurity risks to government networks.
Analyst Comments: This incident underscores the ongoing challenges in securing federal procurement processes against cybersecurity risks, particularly in the context of heightened concerns about Chinese-made communications equipment. The GSA's decision, despite knowledge of non-compliance and security vulnerabilities, highlights a significant lapse in due diligence and risk assessment in federal procurement practices. This situation also reflects broader geopolitical tensions and the need for stringent supply chain security measures, especially in an era where cybersecurity threats can have severe implications for national security. The involvement of Chinese-manufactured equipment in government networks continues to be a contentious issue, reflecting wider concerns about potential espionage and data exfiltration.
FROM THE MEDIA: Reported by David DiMolfetta, the GSA's decision to purchase Chinese-made video conferencing cameras has come under scrutiny for not adhering to U.S. trade standards and cybersecurity protocols. An unnamed IT security company identified five vulnerabilities in the equipment, which could potentially be exploited to access networks secretly. Despite these concerns, GSA CIO David Shive approved the purchase. This case has drawn attention to the federal government's challenges in maintaining secure and compliant technology procurements, following recent high-profile cyberattacks on other government agencies. The incident also coincides with efforts to remove Chinese technology from U.S. government networks due to espionage concerns. The report suggests that alternative, compliant products were available but overlooked in the procurement process, raising questions about the GSA's market research and decision-making criteria in selecting technology vendors.
READ THE STORY: NextGov
01.AI: A Chinese Startup's Rise in the Open Source AI Arena
Bottom Line Up Front (BLUF): 01.AI, a Beijing-based startup, is making significant strides in the open source AI race with its advanced AI model, Yi-34B. Led by Kai-Fu Lee, a renowned AI expert, the startup has developed a model that outperforms other leading AI technologies. By releasing its AI models as open source, 01.AI aims to foster a developer community and create groundbreaking AI applications. The company has garnered substantial investment and is valued at over $1 billion.
Analyst Comments: 01.AI's emergence as a leader in open source AI reflects the evolving dynamics in the global AI landscape, where Chinese technology is increasingly competing with Western counterparts. The company's strategy of open-sourcing its AI models represents a shift in the traditionally closed and proprietary approach of major AI firms. This move could democratize AI development, enabling a broader range of developers and businesses to innovate with advanced AI technologies. The involvement of Kai-Fu Lee, with his extensive experience in both the Chinese and American tech sectors, highlights a potential bridge between the two tech worlds.
FROM THE MEDIA: Reported by Will Knight for WIRED, 01.AI's Yi-34B AI model is a significant advancement in the AI field, surpassing Meta's Llama 2 in performance and versatility. The model's proficiency in both Mandarin and English, coupled with its open-source nature, has garnered attention and utilization from Western developers. The company, founded in June 2023, received substantial funding, indicating strong investor confidence in its potential. Kai-Fu Lee's vision for 01.AI is to create AI-driven applications that will transform productivity, creativity, and social media tools. The company's approach to AI development, which contrasts with the more controlled strategies of U.S. firms like OpenAI and Google, suggests a new phase in the AI revolution where Chinese technology plays a central role.
READ THE STORY: Wired
Microsoft's Nuclear-Powered Datacenter Initiative: Hiring Energy Experts for Revolutionary Project
Bottom Line Up Front (BLUF): Microsoft has embarked on a groundbreaking project to develop small-scale atomic reactors for powering datacenters, a move aimed at reducing reliance on fossil fuels. Archana Manoharan, an industry veteran, has been appointed as director of nuclear technologies. The initiative reflects Microsoft's commitment to decarbonizing electricity in the tech sector and aligns with global efforts toward sustainable energy solutions.
Analyst Comments: Microsoft's venture into nuclear technology for datacenter power is a bold step in the tech industry's ongoing struggle to find sustainable, reliable energy sources. This move signals a significant shift in the industry's approach to energy consumption, especially in the context of the growing energy demands of AI processing. Small modular reactors (SMRs) represent a potential game-changer due to their scalability and reduced environmental impact compared to traditional nuclear reactors. However, this approach also introduces new challenges, including regulatory hurdles, public perception issues, and the need for technological innovation in safe nuclear energy use. Microsoft's long-term investment in this area underscores the importance of sustainable solutions for the ever-increasing energy needs of the digital world.
FROM THE MEDIA: Reported by Dan Robinson for The Register, Microsoft's latest venture into nuclear technology involves hiring experts to develop small-scale nuclear reactors for its datacenters. Archana "Archie" Manoharan, formerly of Ultra Safe Nuclear Corporation, will lead this initiative. Microsoft's focus on SMRs highlights the tech industry's urgency to find sustainable energy solutions amidst rising concerns about carbon emissions and fossil fuel dependency. Erin Henderson, another industry veteran, joins Microsoft from Tennessee Valley Authority, bringing valuable expertise in nuclear development. This move is part of Microsoft's broader strategy to explore alternative energy sources, including a partnership with Helion Energy for developing nuclear fusion power.
READ THE STORY: The Register
U.S. Advocates for Narrow Focus in UN Cybercrime Treaty Negotiations
Bottom Line Up Front (BLUF): The U.S. government is pushing for a "narrow" United Nations Cybercrime Treaty, emphasizing the need for a focused approach on "cyber dependent crimes" rather than a broad spectrum that includes all tech-related offenses. This stance comes as final negotiations approach, with the U.S. resisting efforts by Russia and China to expand the treaty's scope, citing concerns over human rights and the potential misuse of the treaty for information control.
Analyst Comments: The U.S. government's position on the UN Cybercrime Treaty reflects a strategic approach to international cybersecurity regulation. By advocating for a narrow focus, the U.S. aims to ensure that the treaty targets genuine cyber threats without overreaching into areas that could infringe on human rights and freedom of expression. The distinction between "cyber enabled" and "cyber dependent" crimes is crucial in this regard. The U.S. involvement in the treaty's formulation, following initial skepticism, indicates an understanding of the importance of shaping global cyber norms. This situation also illustrates the ongoing geopolitical tensions in cyberspace, particularly between Western democracies and nations like Russia and China, who have different approaches to internet governance and cybercrime.
FROM THE MEDIA: Jonathan Greig reports for The Record that the U.S. is aiming for a narrow version of the UN Cybercrime Treaty, focusing on "cyber dependent crimes." This approach contrasts with Russia and China's broader definition encompassing all tech-related offenses. Human rights groups and tech giants have expressed concerns that the current draft of the treaty could criminalize cybersecurity research and erode data privacy globally. The U.S. insists on strong human rights safeguards in any final agreement. The debate over the treaty's scope highlights significant divergences in international perspectives on cybercrime and internet governance. The U.S. has emphasized the need for human rights protections and limited scope to ensure the treaty does not become a tool for repressive regimes to control information or suppress dissent. The upcoming final negotiations at the UN, scheduled from January 29 to February 9, will be critical in determining the treaty's final form and its implications for global cybersecurity and human rights.
READ THE STORY: The Record
BreachForums Founder Sentenced to Supervised Release, Avoids Jail Time
Bottom Line Up Front (BLUF): Conor Brian Fitzpatrick, the founder of the notorious cybercrime marketplace BreachForums, has been sentenced to time served and 20 years of supervised release, avoiding jail time. Fitzpatrick, known by his online alias "pompompurin," faced charges of conspiracy to commit access device fraud and possession of child pornography.
Analyst Comments: The sentencing of Conor Brian Fitzpatrick reflects the complex nature of cybercrime prosecution and the considerations involved in legal judgments. The decision to forego jail time, instead opting for supervised release and mental health treatment, suggests a nuanced approach to handling cybercrime offenders, especially considering Fitzpatrick's young age and potential mental health issues. This case highlights the challenges law enforcement faces in balancing punitive measures with rehabilitation in the evolving landscape of cybercrime. Fitzpatrick's role in running BreachForums, a significant platform for trafficking stolen data, underscores the ongoing battle against cybercrime networks and the importance of international cooperation in addressing these threats.
FROM THE MEDIA: According to The Hacker News, Fitzpatrick was arrested in March 2023 and charged with serious offenses relating to cybercrime and child pornography. Despite the severity of the charges, court records indicate that Fitzpatrick's mental health may have played a role in the sentencing decision. During his supervised release, Fitzpatrick is required to undergo mental health treatment and refrain from internet use. His involvement in BreachForums, a major cybercrime marketplace, had significant implications, impacting millions of U.S. citizens and numerous companies and government agencies. Although Fitzpatrick's domain seizure in March 2023 temporarily halted BreachForums, the platform was later resurrected by the ShinyHunters group, demonstrating the persistence of cybercrime ecosystems even after law enforcement interventions.
READ THE STORY: THN
Taiwan Advances in Quantum Computing with First Internet-Connected Quantum Computer
Bottom Line Up Front (BLUF): Taiwanese research institute Academia Sinica has achieved a significant milestone by connecting its first domestically developed quantum computer to the internet. This five-qubit machine represents Taiwan's growing capabilities in quantum computing, aligning with its strategic goals to advance in this cutting-edge technology field.
Analyst Comments: Taiwan's entry into the quantum computing arena with its own internet-connected quantum computer marks a notable development in the global quantum computing landscape. This advancement, reflecting the island's strategic focus on high-tech sectors, is particularly significant given Taiwan's established leadership in semiconductor manufacturing. The quantum computer's connectivity to the internet and its collaboration with U.S. universities indicate potential contributions to broader quantum research efforts. However, the development of quantum computing in Taiwan, like elsewhere, remains in early stages, with challenges in scalability and practical applications. Taiwan's initiative in quantum computing, alongside its semiconductor expertise, positions it as a key player in future technological advancements, especially considering the geopolitical implications of quantum technology in the Asia-Pacific region.
FROM THE MEDIA: Reported by Simon Sharwood for The Register, Academia Sinica in Taiwan has successfully connected a five-qubit quantum computer to the internet, a notable achievement in quantum computing. Collaborating with the University of California, Santa Barbara, and the University of Wisconsin-Madison, this development could bolster U.S. quantum research. The upgrade from three to five qubits and the high fidelity of qubit logic gates suggest the computer's stability and potential for further development. While the operating environment details are limited, the strategic significance of this development highlights Taiwan's ambition to complement its semiconductor leadership with advancements in quantum technology. The Taiwanese Semiconductor Research Institute's interest in acquiring a five-qubit machine from Finland's IQM further indicates Taiwan's proactive approach in this field.
READ THE STORY: The Register
British Intelligence Warns AI Will Cause Surge in Ransomware Volume and Impact
Bottom Line Up Front (BLUF): The National Cyber Security Centre (NCSC) of the UK has warned that ransomware attacks are set to increase in both volume and impact due to advancements in artificial intelligence (AI) technologies.
Analyst Comments: This warning from the NCSC underscores the double-edged nature of AI technology. While AI has tremendous potential for good, it equally amplifies cybersecurity threats, particularly in the domain of ransomware. The forecasted increase in ransomware attacks due to AI improvements highlights the need for continuous evolution in cybersecurity strategies and the importance of AI ethics and governance in technology development.
FROM THE MEDIA: The NCSC's report, based on diverse intelligence sources, predicts a significant rise in ransomware attacks facilitated by AI technologies. Current AI advancements are already enhancing reconnaissance and social engineering capabilities, making them more effective and difficult to detect. Although sophisticated AI usage in cyber operations is currently limited to well-resourced threat actors, the landscape is expected to change by 2025. High-quality exploit data is crucial for training AI models, suggesting that only highly capable states might currently possess the necessary data repositories for effective AI-driven cyber operations. As more successful data exfiltrations occur, the data feeding AI will improve, enabling more precise cyber operations. The UK's National Crime Agency also indicates that AI services will lower barriers to entry in cybercrime, increasing the number of cybercriminals and enhancing their capabilities.
READ THE STORY: The Record
(CVE-2024-0204) Fortra's GoAnywhere Managed File Transfer (MFT) software
Bottom Line Up Front (BLUF): A critical vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT) software, identified as CVE-2024-0204 with a CVSS score of 9.8, allows unauthorized creation of admin users. Users are urged to upgrade to version 7.4.1 or apply temporary workarounds to mitigate the risk.
Analyst Comments: The discovery of CVE-2024-0204 in Fortra's GoAnywhere MFT software highlights the ongoing challenge of maintaining cybersecurity in enterprise environments. The severity of this flaw underscores the critical nature of regular software updates and vigilant security practices. Given the potential for unauthorized administrative access, this vulnerability poses a significant risk to affected organizations, potentially leading to data breaches or further network compromise. The proactive response by Fortra, coupled with the contributions of cybersecurity researchers, demonstrates the importance of collaboration in identifying and addressing such vulnerabilities.
FROM THE MEDIA: As reported by The Hacker News, the critical flaw in Fortra's GoAnywhere MFT software allows an unauthorized user to create an admin account, leading to a significant security risk. Discovered by Mohammed Eldeeb and Islam Elrfai of Spark Engineering Consultants, this vulnerability was reported in December 2023. Horizon3.ai has released a proof-of-concept exploit, highlighting the ease with which this flaw can be exploited. While there is currently no evidence of active exploitation, a similar flaw in the same product was leveraged by the Cl0p ransomware group in the past. The severity of this issue necessitates immediate attention from organizations using GoAnywhere MFT to prevent potential cyberattacks or data breaches.
READ THE STORY: THN // PoC: CVE-2024-0204
Microsoft's Copilot Pro Faces Mixed Reception Over Performance and Cost
Bottom Line Up Front (BLUF): Microsoft's recent rollout of Copilot Pro, a premium AI assistant service, has received a lukewarm response from users citing performance issues and concerns over its cost-effectiveness. The service, an extension of Microsoft's AI offerings, aims to enhance productivity but faces skepticism about its practical utility and value proposition.
Analyst Comments: The mixed reception of Copilot Pro underscores the challenges tech companies face in integrating AI into mainstream products. User feedback points to a gap between expectations and reality, highlighting the need for balancing innovation with user-centric design and practical functionality. The varying opinions on AI's role in system improvements reflect a broader debate about the direction and pace of AI integration in everyday technology. Microsoft's strategy of heavily promoting AI capabilities, as seen with GitHub Copilot and now Copilot Pro, signals a significant shift towards AI-centric product development. However, the company's approach also highlights the risks of overemphasis on AI at the expense of other critical aspects of user experience. As AI continues to evolve, its successful integration into products like Copilot Pro will depend on addressing performance issues, ensuring cost-effectiveness, and aligning with user needs.
FROM THE MEDIA: Richard Speed, reporting for The Register, notes that Microsoft's Copilot Pro, unveiled just over a week ago, has encountered user complaints about its performance and questions about its value for money. Users and administrators on social media have expressed disappointment, with some finding it difficult to justify the service's $30 per user per month cost. While some features, like summarizing chats and emails, have been well-received, users are struggling to find broader use cases for the AI assistant. Mikhail Parakhin, head of advertising and web services at Microsoft, acknowledged these concerns but suggested browser issues could be affecting performance. The service is still in its early stages, and Microsoft is expected to continue refining Copilot and Copilot Pro.
READ THE STORY: The Register
Suspected Use of Pegasus Spyware Against Journalists in Togo
Bottom Line Up Front (BLUF): Reporters Without Borders (RSF) has identified traces of spyware, resembling the Pegasus surveillance tool, on the phones of two journalists in Togo. The journalists, currently on trial for defaming a government minister, have reportedly been under extensive cyber-espionage.
Analyst Comments: The suspected use of Pegasus spyware against journalists in Togo raises significant concerns about government surveillance and the suppression of press freedom. This incident is indicative of a broader pattern where repressive regimes leverage advanced spyware tools to target journalists, human rights defenders, and political opposition. The deployment of such tools in Togo, a country under the control of a single ruling family since 1963, highlights the challenges faced by journalists in environments with limited political and press freedoms. The involvement of international organizations like RSF and Amnesty International underscores the global attention and condemnation such practices attract.
FROM THE MEDIA: Suzanne Smalley, reporting for The Record, reveals that RSF has found traces of Pegasus-like spyware on the phones of Loïc Lawson and Anani Sossou, two Togolese journalists. Lawson experienced 23 spyware intrusions in the first half of 2021, while Sossou was targeted later that year. This surveillance aligns with the journalists' ongoing trial for allegedly defaming Togo’s minister of urban planning. RSF's Digital Security Lab conducted an extensive investigation into the phone tampering, with Amnesty International’s Security Lab corroborating the findings. The use of Pegasus in Togo adds to the global concern over the misuse of surveillance technologies to suppress dissent and target media professionals. The case represents the first proven instance of spyware being used against journalists in Togo, contributing to the growing list of countries where Pegasus has been deployed to undermine journalistic efforts and civil liberties.
READ THE STORY: The Record
Items of interest
VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates
Bottom Line Up Front (BLUF): VexTrio, a cybercrime affiliate network, has been identified as a major broker of malicious traffic, supporting over 60 affiliates including ClearFake and SocGholish. Operating since at least 2017, VexTrio is involved in distributing scams, riskware, and malware using a sophisticated Domain Name System-based traffic distribution system.
Analyst Comments: The revelation of VexTrio's extensive operations in the cybercrime world illustrates the evolving sophistication and organization within the cybercriminal ecosystem. The use of advanced traffic distribution systems and the partnership with numerous affiliates reflect a business-like approach to cybercrime, signifying a shift towards more coordinated and large-scale malicious activities. This evolution in cybercrime underlines the need for robust cybersecurity measures and international cooperation to combat such highly organized networks.
FROM THE MEDIA: VexTrio has been active in distributing various types of malware, including the Glupteba malware, via compromised WordPress websites. It operates using a Domain Name System protocol to control web traffic and has a network of over 70,000 known domains. The group's methodology involves using a traffic distribution system to route site visitors to fraudulent sites based on profile attributes like geolocation and browser settings. This network is extremely complex, making it difficult for security professionals to precisely classify and attribute its activities. Infoblox has highlighted the breadth of VexTrio's activities and its depth of connections within the cybercrime industry, describing it as the "single largest malicious traffic broker described in security literature." VexTrio's operations are a stark reminder of the advanced and organized nature of modern cybercriminal enterprises.
READ THE STORY: THN
A Researchers Story: Uncovering the Omnatour Malvertising Network (Video)
FROM THE MEDIA: To deliver malware, threat actors depend on techniques like phishing and malvertising, but malvertising doesn’t get as much visibility. To address this imbalance, we’ve invited Chance Tudor, an official “Threat Hunter” in the Infoblox threat research group, to talk about his recent work uncovering the Omnatour Malvertising network, an unusually large and persistent threat delivery system. Our discussion will focus on the behind-the-scenes investigation work, starting with how they even knew a threat even needed to be investigated.
Center Stage: Persistent Infrastructure Threat Actors (Video)
FROM THE MEDIA: While it is easy to get distracted by the ‘threat of the day,’ there are those of us actively hunting instead for the infrastructures that drive and support those kinds of attacks before they are launched so that you can be prepared for the ‘threat of tomorrow.’ Renee Burton, Head of Threat Intelligence for Infoblox, presented on this at the recent RSA conference and joins ThreatTalk to share what her team is learning about these infrastructures, the actors behind them, and why this matters so much.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.