Tuesday Morning Threat Report: Oct 31, 2023
Where the news is always bad, but the analysis is always good.
Good morning all and happy Tuesday!
Forget ghouls and ghosts! Phone vulnerabilities and data breaches are enough to give anyone the creeps this Halloween. Let’s dive in!
Top Stories:
This week’s biggest headlines. Analysis section below.
Would Be Spy Busted: A former employee of the NSA, Jareh Dalke, has pleaded guilty for trying to sell U.S. national defense secrets. Dalke thought he was selling the documents to a Russian official, but instead sold them to an undercover FBI agent.
Apple Patches: Apple has rolled out patches for both iOS and macOS. The iOS patch fixes over 21+ security flaws in the iPhone, none of which are known to have been exploited in the wild.
Google AI Bug Bounty: Google announced it will expand its “Vulnerability Rewards Program” (VRP) to include attacks on its AI systems. This will allow ethical hackers to be paid for finding and reporting vulnerabilities in Google’s AI.
University of Michigan Data Breach: The University of Michigan has revealed a data breach occurred at the end of August 2023. Personal information on students, alumni, employees, and contractors was accessed by the attackers during the breach.
UK Passes Online Safety Act: The U.K. has ratified the Online Safety Act into law, which will punish companies for distributing illegal content. The most contentious section of the act would have banned end-to-end encryption, but there is no enforcement mechanism for that section.
Top Phones Hacked At Pwn2Own: Pwn2Own is a hacking conference that occurs twice per year. At this year’s Pwn2Own, security researchers have unveiled hacks on numerous phones including the Samsung Galaxy S23, iPhone 14, and Google Pixel 7.
Amazon Launches European Cloud: In an attempt to placate fears about European data sovereignty, Amazon has launched an independent European AWS cloud. This cloud is designed for the public sector and for private companies in highly regulated spaces.
Security Copilot Early Access: Microsoft has unveiled early access for their AI-powered cybersecurity tool: Security Copilot. Microsoft claims the tool will make security staff up to 40% more efficient and help upskill new employees.
My Takeaways
Analysis based on this week’s news and my experience in the industry. More headlines below in the Lower Echelon.
Productivity gAIns: Microsoft’s recently unveiled Security Copilot has the chance to make a real impact. Security Copilot will integrate with numerous other Microsoft cybersecurity tools (Sentinel, 365 Defender, Defender Threat Intelligence, etc). From there, the AI-powered Copilot will be able to analyze the signals coming in from various sources in real time and evaluate the situation.
Security Copilot comes with the claim that it will make security professionals, “up to 40% more efficient.” Efficiency is increasingly important in the cybersecurity space, as there is a talent gap of an estimated 3.4 million professionals. With too much work to do, and not enough people to do it, AI cybersecurity tools can go a long way to help increase productivity. Security Copilot also comes with a ChatGPT-like interface that allows for questions to be asked in natural language. Security Copilot will be able to answer these questions and give advice to the human employees interacting with it. This will also help address the talent gap, as Security Copilot can serve as a tutor for junior security engineers.
As hackers continue to leverage AI to become more productive, it is increasingly important that cyber defenders do the same. As threats continue to evolve and become more complex, AI allows the “good guys” to do more with less.
Not just in cybersecurity, but more broadly in society, there is a fear that, “AI will replace people at their job.” However, that has not been the trend. AI tends not to replace workers, but instead makes workers using it significantly more productive. I view it as unlikely AI will replace workers; however, workers who use AI and become much more productive may replace those not using it. I would encourage everyone to play with ChatGPT, Google Bard, You.com, and other free AI services. See how it can make you more productive and what additional creative work can be done with new found free time.
The Lower Echelon:
Interesting cybersecurity news that didn’t quite make the cut to be a top story.
OAuth Vulnerability: OAuth is leveraged on websites that allow users to sign in with Google or Facebook. Cybersecurity researchers at Salt Labs have discovered vulnerabilities in numerous OAuth implementations that allow for full account takeover.
Privacy Browser Raises $100M: With a valuation of $1.5 billion, Island raised $100 million for a specialized browser that protects users and information. The browser is specifically designed for corporations.
Okta Breach Impacts 1Password: Cybersecurity company Okta experienced a breach, which is impacting numerous of its clients, including 1Password. 1Password reports they detected “anomalous activity” in their Okta instance, which they remediated and have found no compromise since.
Spanish Police Arrest 34: The Spanish police arrested 34 suspects believed to be part of a cybergang that stole personal data on four million victims and also stole millions of euros. In addition to the arrests, electronic equipment and databases were seized.
European Government Email Targeted: Pro-Russian hacking group Winter Vivern has been found using a zero-day phishing attack that targets email client Roundcube. Roundcube has issued a patch in response to the vulnerability.
Jumio Fighting Fraud: Jumio has released Jumio 360 Fraud Analytics: an AI-powered service that more accurately predicts fraud. This service looks at billions of data points and can identify behavioral similarities to fight organized fraud rings.
iLeakage: Researchers have issued warnings about vulnerabilities in Apple’s Safari browser. The vulnerability stems from “speculative execution” and allows for sensitive information to be stolen from the device.
Mirth Connect Vulnerability: Mirth Connect is an open-source platform by NextGen HealthCare. NextGen is urging customers to patch after an “easily exploitable” vulnerability has been uncovered that can be used to steal sensitive healthcare information.
AI Cybersecurity Architect: Darktrace has unveiled an AI solution that can analyze cloud architectures and recommend security improvements. With an estimated 99% of cloud breaches stemming from misconfigurations, this tool can help find and remediate those issues.
On the right side of this page, you can follow and subscribe to receive this newsletter to your inbox weekly (no Medium account needed, just sign in with Google)!
Thanks for reading! See everyone next week!
About the author: Mark is a cybersecurity architect and consultant for leading cybersecurity consultancy Aujas.
