Archive for September 29, 2023

Malwarebytes Discovers That The Bing AI Chatbot Delivers Ads With Malicious Links

Posted in Commentary with tags , on September 29, 2023 by itnerd

Malwarebytes has research on Bing and its AI Chatbot being leveraged by threat actors to deliver ads with malicious links. In short, it’s a malvertizing campaign in which attackers take over the ad accounts of legitimate businesses to create targeted malicious ads:

Ads can be inserted into a Bing Chat conversation in various ways. One of those is when a user hovers over a link and an ad is displayed first before the organic result. In the example below, we asked where we could download a program called Advanced IP Scanner used by network administrators. When we place our cursor over the first sentence, a dialog appears showing an ad and the official website for this program right below it:

Users have the choice of visiting either link, although the first one may be more likely to be clicked on because of its position. Even though there is a small ‘Ad’ label next to this link, it would be easy to miss and view the link as a regular search result.

Upon clicking the first link, users are taken to a website (mynetfoldersip[.]cfd) whose purpose is to filter traffic and separate real victims from bots, sandboxes, or security researchers. It does that by checking your IP address, time zone, and various other system settings such as web rendering that identifies virtual machines.

Real humans are redirected to a fake site (advenced-ip-scanner[.]com) that mimics the official one while others are sent to a decoy page. The next step is for victims to download the supposed installer and run it.

The MSI installer contains three different files but only one is malicious and is a heavily obfuscated script:

Upon execution, the script reaches out to an external IP address (65.21.119[.]59) presumably to announce itself and receive an additional payload.

Lovely.

Emily Phelps, Director, Cyware had this comment:

   “With advancing technologies and a rapidly evolving digital landscape, threat actors are able to exploit human trust in established entities at scale. Addressing these risks requires more than awareness training and traditional security controls. End users must understand the risks and proceed with caution, but platforms must also bolster their security posture to adapt to these threats. It’s critical to employ continuous and rigorous testing to ensure they remain a step ahead of potential online adversaries.”

Add this to the attack surface that you have to defend yourself against as I didn’t have “malware delivered by ads on an AI chatbot” on my cybersecurity BINGO card. But I should have expected it as threat actors are getting very crafty these days.

Leave a comment »

NSA + DoD Open AI Security Center

Posted in Commentary with tags , on September 29, 2023 by itnerd

The news is out that the DoD and the NSA is about to open an AI Security Center. Here’s why they are doing this:

The AI Security Center will become the focal point for developing best practices, evaluation methodology and risk frameworks with the aim of promoting the secure adoption of new AI capabilities across the national security enterprise and the defense industrial base.  

The new entity will consolidate the agency’s various artificial intelligence, security-related activities.  

“The AI Security Center will work closely with U.S. Industry, national labs, academia across the [intelligence community] and Department of Defense and select foreign partners,” Nakasone said during a discussion hosted by the National Press Club in Washington.

Emily Phelps, Director, Cyware had this comment:

   “In an era where technological advancements are both an advantage and a potential threat, centralizing expertise and capabilities can foster rapid development while ensuring that vulnerabilities are addressed quickly. Collaborative initiatives with the Defense Department, intelligence community, academia, and international partners can provide a holistic approach to AI-supported security. It’s crucial for the US to not only maintain but enhance its leadership in AI, ensuring that its innovative capabilities remain protected.”

This is a really good move by the NSA. It puts the smartest minds on the topic in one place. Which will make it way easier to respond to whatever curve balls that AI has in store for all of us.

Leave a comment »

Elon Musk Goes The Border And Tries To Livestream It On Twitter…. The Livestream Failed Miserably

Posted in Commentary with tags on September 29, 2023 by itnerd

It sucks to be Elon Musk right now. In what I am guessing is a political stunt of some sort, Elon made a visit to the US/Mexican border, and it all went sideways when he tried to livestream it on his own platform:

The X owner’s livestream lasted just four minutes before it crashed on Thursday. Mr Musk was later able to start a new feed and complete his thoughts, before the feed crashed again after 11 minutes.

Mr Musk reportedly sent a company-wide email to his staff at X following the disastrous livestream. “Please fix this,” he instructed staff, according to New York Times tech reporter Ryan Mac.

Thursday’s livestream was not the first time the billionaire’s attempts to use his own platform have been thwarted by tech issues. Mr Musk previously attempted to host Ron DeSantis‘s presidential campaign launch on X, but the two men were forced to abort the live stream after it was marred by repeated collapse of the connection.

This pretty much shows what a clown show Twitter (I refuse to call it “X”) is under the leadership of Elon. If he can’t use his own platform for whatever nefarious needs that he has, how on Earth does he expect anyone else to use it? Never mind getting anyone other than his “bros” to pay $8 a month for it?

Sucks to be you Elon.

Leave a comment »

Johnson Controls Gets Pwned By Ransomware

Posted in Commentary with tags on September 29, 2023 by itnerd

It seems that tech giant Johnson Controls has been pwned by hackers who via ransomware have made a huge score on said tech giant:

An 8-K form filed by the company this week with the Securities and Exchange Commission (SEC) revealed that some of its internal IT infrastructure and applications were disrupted as a result of a cybersecurity incident. 

An investigation has been launched to determine what type of information may have been compromised. 

“To date, many of the Company’s applications are largely unaffected and remain operational. To the extent possible, and in line with its business continuity plans, the Company implemented workarounds for certain operations to mitigate disruptions and continue servicing its customers. However, the incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,” Johnson Controls said in the SEC filing.

The incident could force the company to delay the release of its fourth quarter and full fiscal year financial results.

Johnson Controls provides HVAC, automation, security, safety, smart home, retail, industrial refrigeration, and energy solutions and services. The company has more than 100,000 employees across 150 countries.

The pwnage was confirmed by VX Underground:

Who are Dark Angels? Let me help you with that:

The Dark Angels gang emerged in May 2022, using both data theft and file-encrypting malware to convince victims to pay a ransom. The hackers have attacked several major organizations in the United States over the past months.

The group has created its ransomware using leaked Babuk source code, which has been used by several threat actors to create their own malware. 

John Gunn, CEO, Token had this comment:

There is absolutely a trend emerging in ransomware attacks with cyber criminals going deeper into their victims’ systems to deal a more crippling blow, while raising the stakes and demanding ransoms in the tens of millions of dollars instead of just the millions.

Seeing as this is now public via an 8K, I imagine that we’ll get more details on this over the coming weeks. Thus you might want to keep an eye on this story.

Leave a comment »

In Depth: Judy Security

Posted in Commentary with tags on September 29, 2023 by itnerd

Here’s the thing. When it comes to cybersecurity, enterprise businesses are shown all the love because they have options galore. But Small/Medium Businesses (SMBs) don’t get the same love when it comes to cybersecurity as their options are rather limited. Not only that, they don’t have the people to focus on cybersecurity even if they did have an abundance of options. Which means that it’s more likely that SMB’s are going to get pwned by threat actors.

That’s where a company called Judy Security hopes to change things. Having been around for five years, Judy Security is completely aimed at the SMB market as that’s a huge market. And Judy Security can empower that market by using a combination of AI and Managed Service Providers/Managed Service Security Providers (which operate in the US, South Africa, India, Australia, and UK by the way) to do the heavy lifting for small businesses. Here’s a video that goes into a bit more detail on that.

Judy Security’s story is more than just cybersecurity. Representation, inclusion and diversity is important to Judy Security. Taking a look at this page illustrates that as there’s a significant amount of representation from women, visible minorities and other groups. That impressed me as there’s often a lack representation, inclusion and diversity in many companies in general, and in cybersecurity specifically.

According to Raffaele Mautone who is Judy Security’s Chief Executive Officer & Founder, Judy Security will stay out in front as nobody wants to truly take on the SMB space. That’s because the enterprise is where their competitors want to be. And the SMB space is often just a passing interest for said competitors. Thus, keeping an eye on Judy Security and where they’re going in this space and what they’re doing is a very good idea. And if you’re a small business in need of a cybersecurity security solution, Judy Security should be your first place to look.

Leave a comment »

Elon Musk Quietly Removes Twitter Feature To Report Election Misinformation

Posted in Commentary with tags on September 29, 2023 by itnerd

Twitter, likely on the orders of Elon Musk has quietly removed a feature that allowed users in some locations to report election misinformation according to Reuters

Elon Musk’s X, formerly called Twitter, disabled a feature that let users report misinformation about elections, a research organisation said on Wednesday, throwing fresh concern about false claims spreading just before major U.S. and Australian votes.

After introducing a feature in 2022 for users to report a post they considered misleading about politics, X in the past week removed the “politics” category from its drop-down menu in every jurisdiction but the European Union, said the researcher Reset.Tech Australia.

Users could still report posts to X globally for a host of other complaints such as promoting violence or hate speech, the researcher added.

X was not immediately available for comment.

I’m guessing that this feature wasn’t removed in the EU because Elon is afraid that he’d be pummelled by the EU the second they found out that it was gone. Which illustrates that at some level, he’s afraid of the EU. But that may still happen given how mad the EU is at him at the moment. And the EU are the last people on the planet that you want to get mad. What this highlights is that Elon is not an honest broker. And that his plans for Twitter aren’t wrapped in some high minded ideal related to free speech. Which is why on top of him firing the election integrity team, there is zero reason for you to use Twitter at all as it’s gone from town hall to cesspool of hate and misinformation under Elon’s watch.

Leave a comment »

Ex-Twitter Trust And Safety Head Has A Warning For Twitter’s Current CEO: “Be Worried”

Posted in Commentary with tags on September 29, 2023 by itnerd

Ex-Twitter executive Yoel Roth who ran Trust and Safety for Twitter took the stage at the last minute replacement for GM CEO Mary Barra at Vox Media’s Code 2023 conference. In this interview, he shares a lot of information about what went on behind the scenes at Twitter and the fact that he had to flee his home when Elon Musk via the “Twitter Files” misrepresented his academic work. But the most mind blowing moment of the interview was this warning for current Twitter CEO Linda Yaccarino:

“If not for yourself, for your family, for your friends for those that you love, be worried,” 

And:

“You should be worried. I wish I had been more worried.”

I wonder how that hit Yaccarino who was waiting off stage to be interviewed next. In her Interview (you can watch it here) she said that she felt “well protected”. Whatever that means. But if you watch her Interview, it was pretty tense. And I for one would be mass emailing my CV to anyone who might hire me if I were in her position.

I encourage you to watch the entire interview with Roth and draw your own conclusions:

Leave a comment »

The CEO Of Twitter Doesn’t Have The Twitter App On The Home Screen Of Her iPhone… No Really… She Doesn’t

Posted in Commentary with tags on September 29, 2023 by itnerd

From the “this is a bit odd” category comes this tidbit via an interview with Twitter (I won’t be calling it “X”) Linda Yaccarino at Vox Media’s Code 2023 conference. At one point in the interview she decided to show her iPhone to the audience. This is what they saw:

If you look at her Home Screen, the Twitter app isn’t on there. Is that odd? Maybe. One would expect the CEO of Twitter to have the Twitter app on her phone for everyone to see. But apparently not. Pixel peeping indicates that she does have the following apps on her Home Screen:

  • Starbucks
  • Gmail
  • Signal
  • Messages
  • FaceTime
  • Wallet
  • Camera
  • Calendar
  • Settings
  • Stocks
  • Photos
  • Safari
  • Maps
  • Instagram
  • Facebook

There were a couple of apps that I could not identify. But I think you get my point. Now it is possible that she has the Twitter app in the app drawer or on her second or third page of the iPhone. But considering that she has two Meta apps on her Home Screen which are from a company that directly competes with Twitter, this all seems a bit weird.

One suspects that now that this is out, she’s going to get a phone call from Elon Musk about this. Sucks to be her. In any case, you can watch the full interview here:

Leave a comment »