A bipartisan pair of House lawmakers is pressing for more details about the breach of a water facility in Texas that was carried out by a group with suspected ties to the Russian government.

In an April 23 letter, Reps. Pat Fallon (R-TX) and Ruben Gallego (D-AZ) asked Homeland Security Secretary Alejandro Mayorkas for a briefing on the January incident, which caused a tank at a water facility in Muleshoe, Texas, to overflow.

The Google-owned security firm Mandiant later issued a report that said the group purportedly behind the attack, the Cyber Army of Russia, is linked to a Russian state actor, Sandworm — which has gained global notoriety for its past, and present, digital assaults on Ukraine.

The group has since claimed credit for a cyberattack on an Indiana water plant.

“As you may know, much of the American West is experiencing a historic, long-term drought that makes fortifying water supplies from vulnerabilities like adversary disruption efforts all the more important,” the duo wrote.

“Should a hack similar to the Texas incident occur in Arizona or other states that may lack sufficient water supply, it could disrupt operations across the region with devastating effects,” they added.

The pair asked Mayorkas to answer a series of questions, including what DHS is doing to respond to the incident; how the agency is coordinating with international, state and local partners; and if it needs additional authorities to protect the nation’s water supply,

Gallego and Rep. Jim Banks (R-IN) — both of whom are running for Senate — sent a similar letter to Mayorkas late last year after the Irank-linked Cyber Av3ngers group claimed responsibility for striking a water authority in Pennsylvania.

A former NSA employee has been sentenced to 262 months in prison for attempting to freelance as a Russian spy.

In his trial yesterday, Jareh Sebastian Dalke pleaded guilty to six counts of attempted transmission of top-secret info to a foreign agent as announced by the US Department of Justice.

He had worked at the NSA as an information systems security designer for just under a month from June to July 2022, making quick work of the short period by accumulating top secret documents with national defense information (NDI).

Between August and September that year, shortly after leaving the NSA, Dalke made contact with a person he thought was a Russian agent. To prove his "legitimate access and willingness to share," he then emailed the apparent spy snippets of three top secret, classified documents with NDI. Dalke then said he'd be willing to sell the full documents and more for just $85k.

A former NSA employee has been sentenced to 262 months in prison for attempting to freelance as a Russian spy.

In his trial yesterday, Jareh Sebastian Dalke pleaded guilty to six counts of attempted transmission of top-secret info to a foreign agent as announced by the US Department of Justice.

He had worked at the NSA as an information systems security designer for just under a month from June to July 2022, making quick work of the short period by accumulating top secret documents with national defense information (NDI).

Between August and September that year, shortly after leaving the NSA, Dalke made contact with a person he thought was a Russian agent. To prove his "legitimate access and willingness to share," he then emailed the apparent spy snippets of three top secret, classified documents with NDI. Dalke then said he'd be willing to sell the full documents and more for just $85k.

Only there was one problem: he was talking to an undercover FBI agent.

Dalke and the FBI agent then arranged a time and place to hand over the documents. On September 28, the former NSA worker took his laptop to Union Station in Denver and sent the documents to the FBI agent over the internet. Dalke also included a letter in Russian that said, among other things, "My friends! I am very happy to finally provide this information to you… I look forward to our friendship and shared benefit."

Of course, the FBI agent was not his friend and the whole thing was a sting operation, and the former NSA employee was arrested just after he sent the classified materials. Dalke pleaded guilty from the outset.

"This defendant, who had sworn an oath to defend our country, believed he was selling classified national security information to a Russian agent, when in fact, he was outing himself to the FBI," Attorney General Merrick Garland said. "This sentence demonstrates that those who seek to betray our country will be held accountable for their crimes."

A former NSA employee has been sentenced to 262 months in prison for attempting to freelance as a Russian spy.

In his trial yesterday, Jareh Sebastian Dalke pleaded guilty to six counts of attempted transmission of top-secret info to a foreign agent as announced by the US Department of Justice.

He had worked at the NSA as an information systems security designer for just under a month from June to July 2022, making quick work of the short period by accumulating top secret documents with national defense information (NDI).

Between August and September that year, shortly after leaving the NSA, Dalke made contact with a person he thought was a Russian agent. To prove his "legitimate access and willingness to share," he then emailed the apparent spy snippets of three top secret, classified documents with NDI. Dalke then said he'd be willing to sell the full documents and more for just $85k.

Only there was one problem: he was talking to an undercover FBI agent.

Dalke and the FBI agent then arranged a time and place to hand over the documents. On September 28, the former NSA worker took his laptop to Union Station in Denver and sent the documents to the FBI agent over the internet. Dalke also included a letter in Russian that said, among other things, "My friends! I am very happy to finally provide this information to you… I look forward to our friendship and shared benefit."

Of course, the FBI agent was not his friend and the whole thing was a sting operation, and the former NSA employee was arrested just after he sent the classified materials. Dalke pleaded guilty from the outset.

"This defendant, who had sworn an oath to defend our country, believed he was selling classified national security information to a Russian agent, when in fact, he was outing himself to the FBI," Attorney General Merrick Garland said. "This sentence demonstrates that those who seek to betray our country will be held accountable for their crimes."

Sentencing law is somewhat complex, but assuming Dalke can't serve any of his counts concurrently and that he doesn't get out early, he'll be getting out in January 2046, and he'll be 53 or 54.

The NSA employee turned failed Russian informant was remarkably unsuccessful in his attempt to give Russia a helping hand, though it is a little concerning that Dalke had NDI material in his possession at all. The incident isn't unlike the Teixeira leaks from last month, especially since both Dalke and Teixeira were seemingly completely incompetent in leaking info. Maybe the US government should review who gets access to classified materials, as it seems neither person had any real business handling these docs.

NATO will establish a new cyber center at its military headquarters in Mons, Belgium, a senior official confirmed to Recorded Future News on Wednesday. The new facility, details about which have not previously been reported, marks the fruition of a significant doctrinal shift in how the alliance approaches operations in cyberspace.

The shift, as officially set out in NATO’s Strategic Concept (2022), states that “cyberspace is contested at all times,” meaning it cannot just be a concern for the military alliance during moments of crisis or conflict. NATO needs to constantly engage with adversaries on computer networks — not just when Article 4 or Article 5 are triggered by allies.

Although allies last year endorsed the creation of a NATO cyber center during the cyber defense conference in Berlin, at that time the exact plan was unclear. Suggestions ranged from an institution that would help develop cyber competencies among allies through to a tactical-level command for combined operations, similar to NATO’s maritime (MARCOM), air (AIRCOM), and land (LANDCOM) command centers.

Speaking to Recorded Future News at the ENISA Cybersecurity Policy Conference in Brussels, James Appathurai, NATO’s deputy assistant secretary general for innovation, hybrid and cyber, said the structural changes that are being made flow from that doctrine about cyberspace. He said the model for the center was the United Kingdom’s National Cyber Security Centre — where civilian experts could work alongside those from industry, the military, and NATO’s political corps — to address potential threats.

The working name for the new facility is the NATO Integrated Cyber Centre (NICC).

The idea is the NICC would physically co-locate personnel in Mons to provide the Supreme Allied Commander Europe (SACEUR) — effectively NATO’s most senior military official, historically always a senior U.S. military officer — with 24/7 visibility over both NATO enterprise networks and other networks beyond where incidents risk impacting military operations in Europe.

SACEUR “needs to have visibility over what cyberspace looks like for him at all times. That’s the logic behind this, and that’s where we will get to in time for the summit, which is in only a few weeks,” explained Appathurai.

Delivering his keynote to the conference, Appathurai said: “For example, a port in Europe has been under a sustained cyberattack to try to lock the locks. So we have ships transiting through, [the attackers] try to lock it and drain the water to drop the ship inside of the lock, which would damage the ship and block the port.”

Appathurai did not name the port and did not confirm the port when asked by Recorded Future News. But for a major seaport such as Rotterdam, the potential impact of such an attack could severely disrupt the supply of critical military and civilian materiel. Officials in the United States are warning that cyberattacks pose a significant threat to ports.

“There is a lot more risk and a lot more capabilities out there. So what are we doing about it? First we have to recognise and act on it,” said Appathurai.

“We need to break down, in the NATO sense, bureaucratic barriers. For us, we have the military, we have the civilians, we have the intelligence world, we have industry. We are working on bringing them all together.

“I would commend for an example the U.K. National Cyber Security Centre, where they have everybody together in one building, with a less secure and then a more secure tier. And industry is there full-time with everybody else, with information on their networks, providing it and receiving intelligence or other forms of support. So aggregating what is disaggregated, and breaking down the barriers between the two,” he said.

No delineation between peacetime and conflict

Acknowledging that “cyberspace is contested at all times” was “the most fundamental shift we’ve made in the last year,” said Appathurai. “Allies have now codified the understanding that unlike in other environments, you cannot have a clear delineation between peacetime, crisis, and conflict [in cyberspace].”

The concept is a comfortable one for some of NATO’s more mature cyber powers, particularly the United States has proactively conducted what it calls persistent engagement for a number of years — alongside similar operational activities by the United Kingdom and the Netherlands.

But among some allies, the prescription that the concept calls for — engaging with adversaries in cyberspace — remains controversial. Appathurai said that key to understanding the prescription, and to understanding the risk facing Europe in general, was the conflict in Ukraine.

“It’s really important that people understand how important cyberdefense has been for Ukrainians. Without it, their military command and control wouldn’t work. Their civilian communications would not work. They would not have banks operating and providing people money. People wouldn’t know where to go and what to do when something happens. And President Zelensky would not be on the air motivating us to provide weapons — which we need to do faster — helping his people to have courage in this situation.”

Cyberdefense “underpins everything in our doctrine,” said the NATO official. This was also why the new cyber center would not be a command in the style of MARCOM or LANDCOM, because cyber underpins the other domains.

The ultimate structure of the center hasn’t been finalized, Appathurai told Recorded Future News, explaining that the plan was to get everything completed ahead of the summit in Washington in July, adding that “literally this morning was another meeting of our committee that’s looking at our political-military advice.”

“The direction we’ve already been given is clear, that we have to integrate political and military tools to give us a better picture of military and civilian networks, that this should be for deterrence and defense, so that’s very much the framework in which it’s in,” he explained.

“But also that this will parallel and complement a separate track of decisions that we’re taking in time for the summit, to give NATO a stronger role when it comes to, for example, enforcing cyber norms when it comes to allies, allies being able to work in other international bodies, to strengthen standards. So there’s a political aspect that will be strengthened as well as this very practical center, or whatever we end up calling it.”

“We’re working on the mechanics of the center. How exactly staff will relate to each other, who exactly, which parts exactly, but this is all mechanics and it can be worked out so there’s no problem there. So I’m actually 100% confident that we will arrive at a good solution.

“Then there’s the implementation. That’s always a bureaucratic struggle, but we’ll get through it, and we’ll get through it pretty fast because it’s NATO and you can give orders,” he said.

Intel CPU cores remain vulnerable to Spectre data-leaking attacks, say academics at VU Amsterdam.

We're told mitigations put in place at the software and silicon level by the x86 giant to thwart Spectre-style exploitation of its processors' speculative execution can be bypassed, allowing malware or rogue users on a vulnerable machine to steal sensitive information – such as passwords and keys – out of kernel memory and other areas of RAM that should be off limits.

The boffins say they have developed a tool called InSpectre Gadget that can find snippets of code, known as gadgets, within an operating system kernel that on vulnerable hardware can be abused to obtain secret data, even on chips that have Spectre protections baked in.

InSpectre Gadget was used, as an example, to find a way to side-step FineIBT, a security feature built into Intel microprocessors intended to limit Spectre-style speculative execution exploitation, and successfully pull off a Native Branch History Injection (Native BHI) attack to steal data from protected kernel memory.

"We show that our tool can not only uncover new (unconventionally) exploitable gadgets in the Linux kernel, but that those gadgets are sufficient to bypass all deployed Intel mitigations," the VU Amsterdam team said this week. "As a demonstration, we present the first native Spectre-v2 exploit against the Linux kernel on last-generation Intel CPUs, based on the recent BHI variant and able to leak arbitrary kernel memory at 3.5 kB/sec."

A quick video demonstrating that Native BHI-based attack to grab the /etc/shadow file of usernames and hashed passwords out of RAM on a 13th-gen Intel Core processor is below. We're told the technique, tagged CVE-2024-2201, will work on any Intel CPU core.

The VU Amsterdam team — Sander Wiebing, Alvise de Faveri Tron, Herbert Bos and Cristiano Giuffrida — have now open sourced InSpectre Gadget, an angr-based analyzer, plus a database of gadgets found for Linux Kernel 6.6-rc4 on GitHub.

"Our efforts led to the discovery of 1,511 Spectre gadgets and 2,105 so-called 'dispatch gadgets,'" the academics added. "The latter are very useful for an attacker, as they can be used to chain gadgets and direct speculation towards a Spectre gadget."

These numbers suggest a "nontrivial attack surface," said the researchers, who pointed to an Intel security advisory that includes updated software-level mitigations for these kinds of Native BHI attacks.

As we understand things, Intel in 2022 addressed BHI attacks with hardware and software-level protections as well as recommendations like not allowing unprivileged eBPF use.

Now an updated exploit, dubbed Native BHI, was developed using InSpectre Gadget that defeats those defense mechanisms, leading to the x86 titan issuing updated advice for developers and patches for the Linux kernel to block exploitation of CVE-2024-2201 – we assume other operating systems will need fixing up, too.

"External academic researchers reported new techniques to identify BHI sequences that could allow a local attacker who can already execute code to possibly infer the contents of Linux kernel memory," an Intel spokesperson told The Register today.

"Intel has previously shared mitigation guidance for BHI and intra-mode BTI attacks. In light of this new report, Intel is releasing updated guidance to assist in broader deployment of these mitigations."

AMD and Arm cores are not vulnerable to Native BHI, according to the VU Amsterdam team. AMD has since confirmed this in an advisory

History lesson

InSpectre Gadget, and the related research and Native BHI exploit, builds on the boffins' earlier work exploiting the Spectre variant BHI.

Spectre emerged in public in early 2018, along the related Meltdown design blunder, which The Register first reported. Over the years various variants of Spectre have been found, prompting engineers to shore up the security around performance-boosting speculative execution units.

After the aforementioned steps were taken to shut down BHI-style attacks, "this mitigation left us with a dangling question: 'Is finding 'native' Spectre gadgets for BHI, ie, not implanted through eBPF, feasible?'" the academics asked.

The short answer is yes. A technical paper [PDF] describing Native BHI is due to be presented at the USENIX Security Symposium.

Apple has sent a new batch of threat notifications to users in 92 countries who may have been targeted by mercenary spyware attacks, according to several media reports.

The alerts were sent on Wednesday, warning users that attackers tried to remotely compromise their iPhones. On the same day, Apple also updated its support page, explaining how threat notifications work and what targeted users should do if they receive one.

In previous alerts, the company described such incidents as “state-sponsored,” but according to its updated policy, it will now refer to them as “mercenary spyware attacks.” Common sources of spyware include private companies such as NSO Group and Cytrox.

According to Reuters, Apple's removal of the term "state-sponsored" from its description of threat notifications comes after it repeatedly faced pressure from the Indian government because of linking such breaches to nation-state actors. Sources told Reuters that Apple held extensive talks with Indian officials before releasing the latest set of alerts.

Spyware attacks affect a very small number of specific individuals — often journalists, activists, politicians, and diplomats — and are extremely costly, sophisticated and hard to detect, Apple explained. Since 2021, the company has sent threat notifications to users in over 150 countries.

Apple didn't reveal who was on the list of targets in the latest set of alerts, but sources told The Economic Times, an Indian English-language newspaper, that Indian users were among those included.

Last October, Apple warned over half a dozen Indian lawmakers from Prime Minister Narendra Modi’s main opposition party about spyware attacks. These attacks were reportedly part of an espionage campaign preceding this year’s general elections, held in seven phases between April 19 and June 1.

The company stated that it relies solely on internal threat intelligence to detect such attacks. Other organizations, such as the Canada-based Citizen Lab, also produce reports about spyware infections on Apple devices.

“Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously,”' the company said in an update.

Apple typically notifies users multiple times a year in two ways: by displaying an alert at the top of the page after the user signs into their Apple ID, or by sending an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.

The company said that it cannot provide more information about what causes the company to send this notification, as that may help attackers adapt their behavior to evade detection in the future.

Earlier in February, Poland’s prime minister stated that he had uncovered documents confirming that the prior administration illegally deployed Pegasus spyware. Poland’s investigators claimed that the country’s 2019 elections were unfair due to the deployment of Pegasus, which is sold to governments worldwide by the Israel-based NSO Group. The company says it only supports lawful use of its products.

In September, the phones of prominent Russian journalists and critics of the Kremlin were infected with Pegasus spyware. Among the targets was Galina Timchenko, owner of the Russian independent media outlet Meduza.

She was infected with Pegasus while in Berlin for a private conference with other Russian independent journalists living in exile. This marked the first documented case of a Pegasus infection targeting a Russian citizen.

Cybersecurity giant Palo Alto Networks is alerting customers that a zero-day vulnerability in its firewall tool is being exploited by hackers.

The company released an advisory on Friday morning about CVE-2024-3400 — a vulnerability in the popular GlobalProtect VPN product that was unknown to researchers until this week. The bug carries the highest severity score possible of 10.

Palo Alto Networks said that it “is aware of a limited number of attacks that leverage the exploitation of this vulnerability.”

The company did not respond to requests for comment about how many customers were affected, where they are based or who was behind the attacks.

A patch will be available to customers by Sunday, the advisory said. In the meantime, Palo Alto Networks provided several mitigations customers can take to protect themselves.

The bug was discovered by researchers at cybersecurity firm Volexity. That company’s president, Steven Adair, said Friday on social media that it discovered the initial attacks two days ago.

The Cybersecurity and Infrastructure Security Agency (CISA) added the GlobalProtect flaw to its list of known exploited vulnerabilities almost immediately, signaling urgency in the need for federal agencies to patch the bug.

In a rare move, CISA gave federal civilian agencies just seven days to apply mitigations, a shortened timeline compared to the three weeks given to most bugs.

VPN products have become frequent targets for attack by threat actors in recent years due to the expansion of remote work and the widespread use of the tools among governments.

Palo Alto was previously affected by a vulnerability affecting its firewall product in 2022 that was used in a distributed denial-of-service (DDoS) attack.

Polish prosecutors are now actively building a case against current and former government officials believed to have deployed powerful commercial spyware against opposition party members and their allies in a rapidly unfolding spyware investigation.

In recent days, prosecutors have asked 31 victims whom they believe were likely targeted by Pegasus spyware to share their stories. Senior government officials have said the investigation could lead to arrests.

A probe into abuse of powers and dereliction of duties began on March 18 and is homing in on how officials used Pegasus from 2017 to 2022, according to Polish news reports citing a spokesperson for the prosecutor’s office.

The prior Polish ruling party, known as Law and Justice (PiS), is said to have targeted opposition leaders and others with the spyware, including amid the country’s election season. The spyware scandal has rocked the country since it first came to light in December 2021.

In September, Poland's Senate released the results of a special commission’s probe into the spyware’s usage, paying particular attention to the hack of an opposition politician in 2019, describing "gross violations of constitutional standards.”

The commission revealed at the time that it had alerted prosecutors to the potential for criminal charges against former and current Polish ministers for using or abetting the use of spyware.

Current Polish President Andrzej Duda is a former PiS member who is thought to remain loyal to the party, but the country has elected the leader of a different and more centrist party, Donald Tusk, as its new prime minister. Duda has served as president since 2015.

Tusk, who became prime minister in December, said in February that he can prove state authorities used the powerful spyware to monitor a “very long” list of individuals.

The prime minister also revealed at the time that he had found documents which “confirm 100%” the prior administration illegally used Pegasus, according to local news reporting at the time.

Spyware has long been a scourge in Europe with prior scandals enveloping Spain, Greece, Hungary and Serbia. Mercenary spyware is also used on a global scale. On Wednesday, Apple sent alerts to users in 92 countries, warning they may have been targeted by foreign commercial surveillance tools like Pegasus, primarily through attempts to compromise iPhones from afar.

John Scott-Railton, a security researcher at the Canada-based Citizen Lab who helped surface the Polish spyware problem, said he is watching the proceedings carefully.

“Poland has gone from being a troubling centerpiece in EU spyware scandals to showing clear signs of a concerted effort towards accountability,” Scott-Railton said via text message, citing the country’s recent decision to join a White House-led coalition of 17 countries working to fight the spread and use of spyware. “The recent developments would have been deeply unthinkable until the election.”

He added that Poland’s quest for accountability has “already gone further than most investigations in the EU.”

Scott-Railton said the fact that opposition party leader Krzysztof Brejza was hit with Pegasus during parliamentary elections in which he played a key role in setting strategy is an “ominous sign of potential election interference.”

The Polish scandal and the aftermath of its investigation will send an important signal across the continent, he said.

“As authoritarianism grows and dangers to EU democracy fueled by Russia increase, ensuring that European democracies are free from the danger of spyware abuse could not be more critical,” he said.

A second expert, white-hat hacker Runa Sandvik, said the 31 victims called to appear as witnesses may represent just a small fraction of the total scale of spyware abuse in Poland.

“It’s important to remember that this number — 31 — is the number the National Prosecutor’s Office has decided to release,” said Sandvik, who founded Granitt, a startup focused on helping journalists, human rights activists and other vulnerable populations targeted by spyware.

Sandvik said she believes the Polish government also likely used spyware to investigate crime, corruption and terrorism meaning the total number of people hit with Pegasus could be much higher.

“The number on its own does not tell us how many people were targeted, or for what purpose,” Sandvik said via email. “I hope the investigation will help shed some light on this.”

Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI.

Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned. If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.

According to Bar Lanyado, security researcher at Lasso Security, one of the businesses fooled by AI into incorporating the package is Alibaba, which at the time of writing still includes a pip command to download the Python package huggingface-cli in its GraphTranslator installation instructions.

There is a legit huggingface-cli, installed using pip install -U "huggingface_hub[cli]".

But the huggingface-cli distributed via the Python Package Index (PyPI) and required by Alibaba's GraphTranslator – installed using pip install huggingface-cli – is fake, imagined by AI and turned real by Lanyado as an experiment.

He created huggingface-cli in December after seeing it repeatedly hallucinated by generative AI; by February this year, Alibaba was referring to it in GraphTranslator's README instructions rather than the real Hugging Face CLI tool. Study

Lanyado did so to explore whether these kinds of hallucinated software packages – package names invented by generative AI models, presumably during project development – persist over time and to test whether invented package names could be co-opted and used to distribute malicious code by writing actual packages that use the names of code dreamed up by AIs.

The idea here being that someone nefarious could ask models for code advice, make a note of imagined packages AI systems repeatedly recommend, and then implement those dependencies so that other programmers, when using the same models and getting the same suggestions, end up pulling in those libraries, which may be poisoned with malware.

Last year, through security firm Vulcan Cyber, Lanyado published research detailing how one might pose a coding question to an AI model like ChatGPT and receive an answer that recommends the use of a software library, package, or framework that doesn't exist.

"When an attacker runs such a campaign, he will ask the model for packages that solve a coding problem, then he will receive some packages that don’t exist," Lanyado explained to The Register. "He will upload malicious packages with the same names to the appropriate registries, and from that point on, all he has to do is wait for people to download the packages." Dangerous assumptions

The willingness of AI models to confidently cite non-existent court cases is now well known and has caused no small amount of embarrassment among attorneys unaware of this tendency. And as it turns out, generative AI models will do the same for software packages.

As Lanyado noted previously, a miscreant might use an AI-invented name for a malicious package uploaded to some repository in the hope others might download the malware. But for this to be a meaningful attack vector, AI models would need to repeatedly recommend the co-opted name.

That's what Lanyado set out to test. Armed with thousands of "how to" questions, he queried four AI models (GPT-3.5-Turbo, GPT-4, Gemini Pro aka Bard, and Command [Cohere]) regarding programming challenges in five different programming languages/runtimes (Python, Node.js, Go, .Net, and Ruby), each of which has its own packaging system.

It turns out a portion of the names these chatbots pull out of thin air are persistent, some across different models. And persistence – the repetition of the fake name – is the key to turning AI whimsy into a functional attack. The attacker needs the AI model to repeat the names of hallucinated packages in its responses to users for malware created under those names to be sought and downloaded.

Lanyado chose 20 questions at random for zero-shot hallucinations, and posed them 100 times to each model. His goal was to assess how often the hallucinated package name remained the same. The results of his test reveal that names are persistent often enough for this to be a functional attack vector, though not all the time, and in some packaging ecosystems more than others.

With GPT-4, 24.2 percent of question responses produced hallucinated packages, of which 19.6 percent were repetitive, according to Lanyado. A table provided to The Register, below, shows a more detailed breakdown of GPT-4 responses.

With GPT-3.5, 22.2 percent of question responses elicited hallucinations, with 13.6 percent repetitiveness. For Gemini, 64.5 of questions brought invented names, some 14 percent of which repeated. And for Cohere, it was 29.1 percent hallucination, 24.2 percent repetition.

Even so, the packaging ecosystems in Go and .Net have been built in ways that limit the potential for exploitation by denying attackers access to certain paths and names.

"In Go and .Net we received hallucinated packages but many of them couldn't be used for attack (in Go the numbers were much more significant than in .Net), each language for its own reason," Lanyado explained to The Register. "In Python and npm it isn't the case, as the model recommends us with packages that don’t exist and nothing prevents us from uploading packages with these names, so definitely it is much easier to run this kind of attack on languages such Python and Node.js." Seeding PoC malware

Lanyado made that point by distributing proof-of-concept malware – a harmless set of files in the Python ecosystem. Based on ChatGPT's advice to run pip install huggingface-cli, he uploaded an empty package under the same name to PyPI – the one mentioned above – and created a dummy package named blabladsa123 to help separate package registry scanning from actual download attempts.

The result, he claims, is that huggingface-cli received more than 15,000 authentic downloads in the three months it has been available.

"In addition, we conducted a search on GitHub to determine whether this package was utilized within other companies' repositories," Lanyado said in the write-up for his experiment.

"Our findings revealed that several large companies either use or recommend this package in their repositories. For instance, instructions for installing this package can be found in the README of a repository dedicated to research conducted by Alibaba."

Alibaba did not respond to a request for comment.

Lanyado also said that there was a Hugging Face-owned project that incorporated the fake huggingface-cli, but that was removed after he alerted the biz.

So far at least, this technique hasn't been used in an actual attack that Lanyado is aware of.

"Besides our hallucinated package (our package is not malicious it is just an example of how easy and dangerous it could be to leverage this technique), I have yet to identify an exploit of this attack technique by malicious actors," he said. "It is important to note that it’s complicated to identify such an attack, as it doesn’t leave a lot of footsteps."

To spy on rival Snapchat and get data on how the app was being used, Meta – when it was operating as Facebook – allegedly initiated a program called Project Ghostbusters, which intercepted data traffic from mobile apps. And it used that data to harm its competitors' ad business.

The name of the program was "an apparent reference to Snapchat's corporate logo, a white ghost on a yellow background," according to a recently unsealed court document [PDF].

Project Ghostbusters was run by Onavo, acquired by Facebook in 2013 and described by the US Federal Trade Commission as a "user surveillance company." Onavo offered a notional VPN service that was shut down in 2019 for – ironically – its lack of privacy.

The Snapchat data-interception scheme is described in that newly unsealed court document as a "man-in-the-middle" approach, in which Facebook essentially paid people to snoop on their mobile phones.

Facebook ran low-key studies with groups of willing participants – from teenagers to adults – who were rewarded for installing an Onavo-made research app that monitored their smartphone usage [PDF] to give the tech giant a better idea of how folks used their devices. That app, it's alleged, installed a root Certificate Authority allowing Facebook to intercept and analyze panel participants' internet usage.

Not only did it enable Facebook to issue itself digital certificates to intercept people's encrypted SSL/TLS connections, it also quietly redirected Snapchat analytics traffic (and subsequently Amazon and YouTube analytics) to Onavo's servers. Once there, the data could be decrypted and analyzed for commercial gain, then re-encrypted and passed back to Snapchat without the pic-sharing app maker's knowledge, according to the complaint.

If this sounds familiar, it's because that's why the Onavo VPN was ultimately shut down: the team behind it built Facebook's own research apps that snaffled panel participants' internet usage data. And when this all came to light in 2019 and sparked outrage, the tech giant was forced to pull the plug on the operation.

It's all part of a four-year-old lawsuit [PDF] brought against Meta in California by Facebook advertisers who allege, among other things, that Meta/Facebook's anticompetitive behavior – including data interception and arrangements with other companies – increased prices for ads and harmed competition.

That suit was filed six days before the US Federal Trade Commission sued Facebook [PDF] on December 9, 2020 alleging years of anticompetitive conduct to monopolize the social media advertising market. Both lawsuits remain ongoing, with the advertiser case likely to reach trial by 2025 if there's no prior settlement.

In a June 9, 2016 email, surfaced by the advertisers' legal challenge, Facebook CEO Mark Zuckerberg directed Alex Schultz, presently chief marketing officer and VP of analytics, and COO Javier Olivan, to figure out how to get reliable analytics from Snapchat – which had become a serious competitive threat in the eyes of some executives.

In a letter [PDF] to Judge James Donato, dated May 31, 2023, the plaintiffs' co-lead counsel Brian J Dunne explained: "In July 2016, the Onavo team's proposed solution was presented to senior management, including now-COO Javier Olivan: Facebook developed 'kits' that can be installed on iOS and Android that intercept traffic for specific sub-domains, allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage."

The passage Dunne quoted about the "kits" is from an email that Danny Ferrante – then director of core data science and growth research at Facebook – wrote to Olivan. The email went on to describe how Facebook planned to distribute these kits under other brands in a way that wouldn't reveal the involvement of The Social Network™️.

"Our plan is to work with a third party – like GFK, SSI, YouGov, uTest, etc – who will recruit panelists and distribute kits under their own branding," the email read. "We already have proposals from several of these providers. The panelists won't see Onavo in the NUX [new user experience] or in the phone settings. They could see Onavo using specialized tools (eg Wireshark)."

It's claimed this data collection scheme was one element in a larger initiative – described as Facebook's In-App Action Panel (IAAP) program – which allegedly ran from June 2016 through May 2019. As a note cited in Dunne's letter observed, the Android research app, for example, "currently includes SSL decryption giving us the capability to read all traffic on device."

"The company’s highest-level engineering executives thought the IAAP Program was a legal, technical, and security nightmare," wrote Dunne in a June 15, 2023 letter [PDF]. He cited remarks to this effect attributed to Pedro Canahuati, then-head of security engineering: "I can’t think of a good argument for why this is okay. No security person is ever comfortable with this, no matter what consent we get from the general public. The general public just doesn't know how this stuff works."

Nonetheless, according to Dunne's May letter, during this period Facebook "expanded its IAAP program to also intercept, decrypt, and analyze encrypted analytics from YouTube and Amazon."

Dunne argued that on the evidence Meta/Facebook's actions should be considered criminal wiretapping. "Meta's IAAP program didn't just harm competition, but criminally violated 18 U.S.C. § 2511(1)(a) and (d) by intentionally intercepting SSL-protected analytics traffic addressed to secure Snapchat, YouTube, and Amazon servers," he explained in a footnote.

n a separate letter [PDF], Dunne alleged that Meta's IAAP competitive intelligence program – which may also have captured Twitter data – raised prices for advertisers.

"The intelligence Meta gleaned from this project was described both internally and externally as devastating to Snapchat's ads business," he wrote, "allowing Meta to hike North American ad prices companywide 60 percent between 2016 and 2018."

Meta's use of machine learning and AI is also "central" to the advertisers' case, according to another unsealed letter [PDF] from attorney Yavar Bathaee of Bathaee Dunne LLP.

"Advertisers will prove at trial, among other things, that Meta (a) changed the data sources for its neural network models as part of agreements with eBay and with Netflix, including in ways that were technically and economically irrational but for the anticompetitive effect of the agreements; (b) gathered and integrated signals/features/user data from across its business, including from WhatsApp and Instagram, into F3 [an internal AI data repository], all while contemporaneously misleading the FTC to avoid divestiture; and (c) used sensitive data deceptively taken from users' mobile devices to validate Meta's offsite identity-matching AI/ML systems."

The claim here is that Meta was not only tracking online activities but using its AI systems to identify people.

The GoFetch vulnerability found on Apple M-series and Intel Raptor Lake CPUs has been further unpacked by the researchers who first disclosed it.

GoFetch is a security exploit that takes advantage of data memory-dependent prefetchers (DMPs), not unlike speculative execution vulnerabilities such as Spectre. Essentially, data can be leaked out of a core's cache when DMP is enabled, creating a potential attack vector for hackers.

DMPs are present on all Apple M-series CPUs and Intel's Raptor Lake processors, and the dedicated website for GoFetch now shows how exactly the exploit is carried out. Within minutes (the footage is sped up so it's hard to say exactly how many), 560 bits of data was leaked from an RSA-protected server.

The GoFetch exploit isn't earth-shattering, as it's in a similar vein to Spectre, Meltdown, and other vectors that rely on a CPU's performance-boosting prediction features. Normally, there are software-based patches for chips that have hardware-level exploits, and usually that just involves disabling the speculative feature (and thus decreasing performance), but in the case of M1 and M2 CPUs, researchers say that's not possible.

The researchers address the common question of whether DMP can be disabled, explaining that yes, but only on some processors. "We observe that the DIT bit set on M3 CPUs effectively disables the DMP. This is not the case for the M1 and M2." So, GoFetch can be solved with a software patch for M3 and Raptor Lake CPUs, but not for M1 and M2 chips since DMP will run no matter what.

It's never good when a feature that increases performance has to be disabled because it leaks potentially sensitive data, but not being able to disable that feature at all is even worse. One workaround is to just blind the DMP to sensitive data whenever it's being stored to or loaded from memory, but the GoFetch paper [PDF] says this would require broad code rewrites and performance penalties in some cases.

However, there is one workaround that doesn't require any code rewrites. Like many modern CPUs, Apple's M-series have two types of cores: big Firestorm cores and little Icestorm cores. The DMP-based GoFetch exploit only works on Firestorm cores, including for M1 and M2 CPUs, and the GoFetch paper suggests all cryptographic work should solely be run on the Icestorm cores for the time being. Running anything on the efficiency-focused Icestorm cores is bound to be slower, but at least it should be secure.

Even this approach might not be foolproof though. If Apple comes out with a future M processor with DMP enabled in its efficiency cores, then there's nowhere that code can be run without potentially exposing sensitive data. Of course, given that DMP is not entirely secure, we'd hope that Apple either fixes it, removes it, or finds an alternative feature before making its next generation CPUs even more vulnerable.

The upstream release tarballs for xz version 5.6.0 and 5.6.1 contain malicious code which adds a backdoor.

ArchLinux and most rolling release distro are affected.

Debian Testing/Sid/Experimental are affected, Debian Stable ISN'T AFFECTED.

Short summary by the ArchLinux team: https://archlinux.org/news/the-xz-package-has-been-backdoored/

Your distro should have a blog post/message to tell you what to do, either update (if they provide an updated version) or downgrade to a known-good version.

Analysis: https://www.openwall.com/lists/oss-security/2024/03/29/4

More Infos: https://archlinux.org/news/the-xz-package-has-been-backdoored/ https://lists.debian.org/debian-security-announce/2024/msg00057.html https://github.com/tukaani-project/xz/issues/92

The lawmakers say that numerous modems with no known function were uncovered from ship-to-shore (STS) cranes, which are used to unload cargo at the nation’s largest ports.

All of the cranes in question were manufactured by Shanghai Zhenhua Heavy Industries (ZPMC), a subsidiary of the state-owned China Communications Construction Co.

Relatedly, the lawmakers noted that ZPMC’s manufacturing facility is located adjacent to China’s most advanced ship-making facility, where the regime builds its aircraft carriers and houses advanced intelligence capabilities.

In a letter (pdf) addressed to the president and chairman of ZPMC, the lawmakers demand to know the purpose of the cellular modems discovered on crane components and in a U.S. seaport’s server room that houses firewall and networking equipment.

“These components do not contribute to the operation of the STS cranes or maritime infrastructure and are not part of any existing contract between ZPMC and the receiving U.S. maritime port,” the letter said.

“The Committees have serious concerns that this proximity to the [Chinese military’s] main shipyard provides malicious CCP [Chinese Communist Party] entities, including its intelligence agencies and security services, with ample opportunity to modify U.S.-bound maritime equipment, exploit it to malfunction, or otherwise facilitate cyber espionage thereby compromising U.S. maritime critical infrastructure.”

U.S. Coast Guard Rear Adm. John Vann, who leads the Coast Guard’s Cyber Command, told reporters last month that there were over 200 China-manufactured cranes operating across U.S. ports and regulated facilities.

At that time, Coast Guard cyber protection teams had assessed the cybersecurity or hunted for threats on 92 of those cranes, he said.

The discovery comes amid an ongoing congressional investigation into the operation of cranes manufactured in China and operating at U.S. ports.

Though the investigation is still ongoing, the committees identified serious concerns regarding ZPMC’s relationship with the CCP, particularly given the recent discovery of Chinese malware on vital infrastructure related to the port system.

As part of another cybersecurity investigation, some of the modems in question were also found to have active connections to the operational components of the STS cranes, suggesting they could be remotely controlled by a device no one previously knew was there.

Speaking to reporters last month, White House Deputy National Security Adviser Anne Neuberger said the cranes were designed to be serviceable from a remote location, which leaves them open to such exploitation.

“By design, these cranes may be controlled, serviced, and programmed from remote locations,” Ms. Neuberger said. “These features potentially leave [China]-manufactured cranes vulnerable to exploitation.

As such, the letter suggests that every U.S. seaport with ZPMC cranes could already be, or is at risk of being, compromised by the CCP.

Retired Army Col. John Mills told The Epoch Times that the cranes were effectively an extension of the CCP’s global cybercrime operation, which could be used during an invasion of Taiwan to sow chaos in the United States.

“Those container cranes are not cranes,” Mr. Mills said. “They’re IP endpoints on a worldwide intelligence collection system.”

To that end, he said that the cranes’ operational and safety features could likely be overridden remotely. This would allow the CCP to potentially trick one of the giant cranes into shifting its counterbalance in such a way that would cause it to crash into ships or containers in the nation’s busiest ports.

Complicating the issue all the more, he said, was the fact that the niche nature of the cargo cranes and their programming means it is unlikely a tailored cyber response to secure the systems will be created anytime soon.

To counter the threat in the long term, he added, the United States would need to ensure that it manufactured such vital equipment in its own territory.

“As things play out, they’re [the CCP] going to start initiating the hitting of target sets in cyber. The port cranes are a perfect example,” Mr. Mills said.

“This is the importance of making things here. If you want to reduce the Chinese threat, start making things here.”

North Korean hackers exploited a previously unknown vulnerability in a Windows security feature, allowing them to gain the highest level of access to targeted systems.

A zero-day flaw in AppLocker — a service that helps administrators control which applications are allowed to run on a system — was discovered by researchers at the Czech cybersecurity firm Avast and patched by Microsoft earlier this month.

By exploiting this bug, tracked as CVE-2024-21338, hackers with administrative privileges could escalate their access to the kernel level — the highest level of access in the operating system, reserved for performing critical system functions.

“With kernel-level access, an attacker might disrupt security software, conceal indicators of infection, turn off mitigations, and more,” Avast said.

To carry out malicious activities within the victim’s system, hackers believed to be a part of North Korea’s infamous Lazarus group used the FudModule rootkit — a type of malware designed to provide unauthorized access to a computer while concealing its presence.

Researchers said that the hackers improved the rootkit's functionality, making it stealthier. Some of the malware techniques, for example, were designed to evade detection and disable security protections, including Windows Defender, CrowdStrike Falcon and HitmanPro.

Avast said that the FudModule rootkit is “one of the most complex tools Lazarus holds in their arsenal.” Recent updates to the malware also show Lazarus’ commitment to keep actively developing the rootkit, researchers said.

The report does not mention which organizations were targeted in the latest Lazarus campaign or how successful it was.

Lazarus remains among “the most prolific and long-standing” advanced hacker groups, according to Avast. “Though their signature tactics and techniques are well-recognized by now, they still occasionally manage to surprise us with an unexpected level of technical sophistication,” researchers said.

Earlier this week, Japanese researchers discovered that Lazarus targeted software developers with malicious open-source software packages uploaded to a repository used by the Python community. The malicious packages were downloaded hundreds of times, according to researchers.

Earlier in February, Germany and South Korea's intelligence agencies issued a joint advisory, warning of an ongoing North Korean cyber-espionage operation targeting the global defense sector. Lazarus was among the threat actors mentioned in the advisory. The report emphasized that the techniques used by the group to target the defense sector were similar to those employed in attacks against cryptocurrency firms and software developers.

Lazarus was also targeting the judicial system in South Korea. In February, South Korean police confiscated servers from the country's Supreme Court that were allegedly hacked by Lazarus last year. The servers are still under investigation.

According to the latest report by crypto analytics firm Chainalysis, North Korean hackers, including Lazarus, hacked more crypto platforms than ever last year, with the number of stolen assets reaching $1 billion.

A malware distribution campaign that began last May with a handful of malicious software packages uploaded to the Python Package Index (PyPI) has spread to GitHub and expanded to reach at least 100,000 compromised repositories.

According to security firm Apiiro, the campaign to poison code involves cloning legitimate repos, infecting them with malware loaders, uploading the altered files to GitHub under the same name, then forking the poisoned repo thousands of times and promoting the compromised code in forums and on social media channels.

Developers looking for useful code may therefore find a repo that’s describes as useful and at first glance appears appropriate, only to have their personal data pilfered by a hidden payload that runs malicious Python code and a binary executable.

"The malicious code (largely a modified version of BlackCap-Grabber) would then collect login credentials from different apps, browser passwords and cookies, and other confidential data," said Matan Giladi, security researcher, and Gil David, head of AI, in a report. "It then sends it back to the malicious actors' C&C (command-and-control) server and performs a long series of additional malicious activities."

A Trend Micro analysis of the malicious code describes how it employs clever techniques to conceal its true nature. For example, the code hides its use of the exec function – for dynamically executing code – through a technique dubbed “exec smuggling”.

Such attacks add hundreds of whitespace characters (521 of them) to push the exec function offscreen as a defense against manual scrutiny.

GitHub says it's aware that not all's well.

"GitHub hosts over 100 million developers building across over 420 million repositories, and is committed to providing a safe and secure platform for developers," a spokesperson told The Register.

"We have teams dedicated to detecting, analyzing, and removing content and accounts that violate our Acceptable Use Policies. We employ manual reviews and at-scale detections that use machine learning and constantly evolve and adapt to adversarial tactics. We also encourage customers and community members to report abuse and spam."

Awareness and automated scanning is all very well – but Apiiro’s Giladi and David observed that GitHub missed many automated repo forks, as well as the manually uploaded ones.

"Because the whole attack chain seems to be mostly automated on a large scale, the one percent that survive still amount to thousands of malicious repos," the authors wrote, adding that if you count removed repos in the total, the campaign probably involved millions of malicious clones and forks.

They also point out that the scale of the attack is large enough to benefit from network effects, specifically developers who fork malicious repos without intending to use the software and don't realize they're validating and propagating malware.

GitHub, the researchers say, presents an effective way to compromise the software supply chain due to its support for the automatic generation of accounts and repos, its friendly APIs and soft rate limits, and its size.

The Biden administration had pushed for stronger software supply chain security through the National Institute of Standards and Technology's Cybersecurity Framework 2.0 and efforts to get organizations to publish their software bill of materials. But clearly there's work left to do.

WhatsApp notched a major victory against the spyware producer NSO Group last week when a California federal judge ordered the Israeli company to turn over its highly protected secret code as part of discovery in a years-long lawsuit.

The case could have major repercussions for NSO Group, whose Pegasus spyware has been used to spy on human rights activists, journalists and opposition politicians across the world.

Judge Phyllis Hamilton ordered NSO Group to produce its code, specifically directing it to unveil relevant spyware from the year leading up to when WhatsApp users were allegedly victimized in 2019 through May 2020 until a year after the alleged attack ended.

WhatsApp has alleged that NSO Group exploited an audio calling vulnerability in its system to attach Pegasus to phones targeted by NSO Group clients.

It sued the company in 2019, alleging the spyware purveyor had facilitated surveillance of about 1,400 WhatsApp users over the course of two weeks, including journalists, human rights activists, political dissidents, diplomats and other senior foreign government officials.

According to WhatsApp’s complaint, NSO Group complained to a WhatsApp employee in a message when the vulnerability was fixed, saying, “you just closed our biggest remote for cellular … It’s on the news all over the world.”

In her opinion, Hamilton said she weighed an NSO Group argument that the discovery requirements should be modified but ultimately dismissed the claim.

“The court rejects defendants’ argument that their production should be limited to the installation layer of the alleged spyware, and instead concludes that defendants must produce information concerning the full functionality of the relevant spyware,” Hamilton’s decision said. “The complaint contains numerous instances alleging not only that spyware was installed on users’ devices, but also that information was accessed and/or extracted from those devices.”

News of the order was first reported by The Guardian.

A spokesperson for WhatsApp said the court ruling is an “important milestone in our long running goal of protecting WhatsApp users against unlawful attacks.

“Spyware companies and other malicious actors need to understand they can be caught and will not be able to ignore the law.”

Not everything went WhatsApp’s way, however. Hamilton ruled that NSO does not have to reveal its client names or provide details of its server architecture.

NSO Group did not respond to a request for comment.

In January, a federal judge denied a NSO motion to dismiss an Apple lawsuit alleging Pegasus spyware broke computer fraud laws.

Pegasus and other powerful spyware has recently been used in several European countries to marginalize opposition politicians and spy on journalists. Recent scandals in Poland, Spain, Greece, Serbia and Hungary have alarmed government officials across Europe. Just last week, in advance of June elections, spyware was found on the phones of members and staff of Europe’s Parliament.

The spyware is easily placed on victim’s phones without their knowledge, not even requiring them to click on links sent by unknown contacts. Once a phone is overtaken by the spyware it can see through the camera, activate the microphone, read emails and text messages and otherwise fully access the phone’s contents.

The U.S. government blacklisted NSO in 2021. The company has long claimed that Pegasus is designed to help governments fight terrorism but a long string of abuses have undermined its reputation and led to pressure on Israel’s government to stop supporting it.

The German Ministry of Defense (Bundeswehr) has confirmed that a recording of a call between high-ranking officials discussing war efforts in Ukraine, leaked by Russian media, is legitimate.

Senior government officials have also confirmed Russian reports that the call was hosted on and tapped via Cisco's WebEx video conferencing platform rather than any kind of secure, military-grade comms.

Roderich Kiesewetter, deputy chairman of the German parliament's oversight committee, said the Bundeswehr leak was possibly caused by a Russian agent inside the WebEx call or the Bundeswehr's implementation of it, but the country is still working on discovering how the intrusion took place.

Likewise, the ministry released a statement to wider media saying: "According to our assessment, a conversation in the air force division was intercepted. We are currently unable to say for certain whether changes were made to the recorded or transcribed version that is circulating on social media."

Cisco has distanced itself from the situation. A spokesperson told The Register: "Cisco does not publicly discuss customer information and we refer your request to the organization in question."

The 38-minute recording was first published by Margarita Simonyan, editor-in-chief at the Russian state-controlled RT news outlet, and has since been shared widely online. It was supposedly handed to her by "sources" in Russian intelligence.

RT said it identified two of the four German military officials on the call, including the head of Air Force Operations Brigadier General Frank Graefe, and Air Force Chief Lieutenant General Ingo Gerhartz.

RT has since made a number of claims after publishing the call, including that the conversation provides proof that Germany was planning to help Ukraine to destroy the Kerch Bridge that connects Russia to the illegally annexed Crimea.

Discussions also involved a potential delivery of Taurus long-range missiles to Ukraine for use in the attacks and how Germany could supply these without appearing to be directly involved in the conflict.

Taurus missiles have a range of around 310 miles, far greater than the Storm Shadow cruise missiles supplied to Ukraine by the UK, which have a range of around 155 miles.

Ukraine has long asked Germany to deliver Taurus missiles, but Chancellor Olaf Scholz has repeatedly declined to do so out of fears that the ongoing conflict could escalate.

Kiesewetter told broadcaster ZDF that more recordings are likely to have been intercepted and could well be released at a later date, all to Russia's benefit.

It's likely the recent release was designed to pressure Germany to drop talks over Taurus missile deliveries.

On Friday, Dmitry Medvedev, deputy head of Russia's Security Council, said via Telegram: "After all, our eternal opponents – the Germans – have again turned into sworn enemies."

"Germany is preparing for war with Russia," he said in a second message on Sunday, both of which were lengthy and included several Nazi-themed slurs against the German military.

Maria Zakharova, spokesperson for Russia's Foreign Ministry, said Germany must "promptly" explain the nature of the audio, adding that a failure to respond will be seen as an admission of guilt.

Scholz said on Saturday that the leak was "a very serious matter" and is now being investigated thoroughly and quickly.

Asked about developments in the investigation, the Bundeswehr told The Register it had nothing further to add, but pointed to defense minister Boris Pistorius's comments on Sunday, calling the leak an act of "information war."

"It is a hybrid disinformation attack. It is about division. It is about undermining our unity," he said.

• Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year.
• GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.
• The GhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries.
• GhostLocker and Stormous ransomware have started a new ransomware-as-a-service (RaaS) program STMX_GhostLocker, providing various options for their affiliates.
• Talos also discovered two new tools in GhostSec arsenal, the “GhostSec Deep Scan tool” and “GhostPresser,” both likely being used in the attacks against websites.

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data Change reportedly paid the group to destroy. Meanwhile, the affiliate’s disclosure appears to have prompted BlackCat to cease operations entirely.

Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited.

In typical Apple fashion, it's keeping most of the interesting details under wraps, but both have the potential to access data in the protected kernel.

The consumer tech giant registered the vulnerability as CVE-2024-23225 and said that an attacker would already need to have kernel read and write capabilities to bypass the kernel memory protections. The issue was fixed with improved validation, Apple said.

It's a similar story with CVE-2024-23296, the second zero-day disclosed in the round of updates. Affecting RTKit, Apple's real-time operating system that runs on various devices like AirPods, Apple Watch, and more, its description closely mirrors that of CVE-2024-23225.

Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited.

In typical Apple fashion, it's keeping most of the interesting details under wraps, but both have the potential to access data in the protected kernel.

The consumer tech giant registered the vulnerability as CVE-2024-23225 and said that an attacker would already need to have kernel read and write capabilities to bypass the kernel memory protections. The issue was fixed with improved validation, Apple said.

It's a similar story with CVE-2024-23296, the second zero-day disclosed in the round of updates. Affecting RTKit, Apple's real-time operating system that runs on various devices like AirPods, Apple Watch, and more, its description closely mirrors that of CVE-2024-23225.

Attackers would again need kernel read and write capabilities to exploit it, and it too allows miscreants to bypass kernel memory protections. It was also fixed with improved validation.

There are, however, slight differences between the two. While Apple's latest iOS and iPadOS 17.4 updates protect users from the vulnerabilities, Cupertino's security engineers were also forced to develop a patch for devices running iOS and iPadOS version 16.x.

Indeed, CVE-2024-23225 also affects devices such as the iPhone 8, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation – devices that are no longer supported by Apple's latest OS releases.

Unfortunately, there are no details on offer in terms of what attacks the exploited zero-days were involved in or how severe the vulnerabilities are. At the time of writing, the National Vulnerability Database (NVD) is still analyzing the flaws and hasn't yet assigned either a CVSS severity rating.

Usually, when vendors register for CVEs they also provide a provisional CVSS rating of their own which appears alongside the NVD's assessment, but it's rare that Apple submits its own, in our experience.

Apple has also withheld attribution for the zero-days' discovery, revealing nothing about whether they were found in-house or reported by a third party.

The iOS and iPadOS versions 17.4 were released on March 5 and also brought with them fixes for two other minor-sounding vulnerabilities.

Discovered by Cristian Dinca, student at Tudor Vianu National College of Computer Science in Bucharest, CVE-2024-23243 was registered as a vulnerability that could expose sensitive location information to an app.

"A privacy issue was addressed with improved private data redaction for log entries," said Apple.

Students at the school are aged between 11 and 19 years, which means Dinca may well have a bright future in cybersecurity.

The discovery of CVE-2024-23256 was attributed to one "Om Kothawade," although no credentials were included next to their name.

The vulnerability relates to Safari's private browsing feature and could have seen a user's locked tabs becoming visible for a short time when switching tab groups, only when Locked Private Browsing was enabled.

"A logic issue was addressed with improved state management," said Apple. More than a patch

As we've already covered this week, Apple's iOS and iPadOS 17.4 updates brought more than just security fixes.

Orders per the EU's Digital Markets Act are now in the wild. Apple was compelled by Brussels to give users a choice over their browser engine and from where they download their apps.

Apple met its March 6 deadline early, overhauling previously longstanding rules against app sideloading and browser apps using their own engines on Apple's phones and tablets. Chrome, Firefox, and the rest were all essentially reskins of Apple's Safari running on its WebKit framework.

In the EU, that's no longer the case. Users now see a new setup screen after installing the update prompting them to choose a default browser. They also may be penalized for spending too much time outside of the country, it has emerged, with Apple stating: "If you're gone for too long, you'll lose access to some features, including installing new alternative app marketplaces," Apple said.

The new updates also brought a few other features too, such as automatic podcast transcription, quantum-safe iMessages, and new emojis. ®

Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. The Redmond giant has characterized the intrusion as "ongoing."

In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.

At that time, Microsoft said Midnight Blizzard — the Kremlin-backed grew also known as Cozy Bear and APT29 that was behind the SolarWinds supply chain attack — snooped around in "a very small percentage of Microsoft corporate email accounts" and stole internal messages and files belonging to the leadership team, cybersecurity and legal employees.

"There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems," Redmond said in January.

That has since changed.

"In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access," according to the latest disclosure. "This has included access to some of the company's source code repositories and internal systems."

Microsoft maintains that there's "no evidence" so far that the Russian criminals compromised any customer-facing systems. But that's not for lack of trying.

"It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found," the company admitted. "Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures."

Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. The Redmond giant has characterized the intrusion as "ongoing."

In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.

At that time, Microsoft said Midnight Blizzard — the Kremlin-backed grew also known as Cozy Bear and APT29 that was behind the SolarWinds supply chain attack — snooped around in "a very small percentage of Microsoft corporate email accounts" and stole internal messages and files belonging to the leadership team, cybersecurity and legal employees.

"There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems," Redmond said in January.

That has since changed.

"In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access," according to the latest disclosure. "This has included access to some of the company's source code repositories and internal systems."

Microsoft maintains that there's "no evidence" so far that the Russian criminals compromised any customer-facing systems. But that's not for lack of trying.

"It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found," the company admitted. "Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures."

It also sounds like this is not the last we'll hear about the break-in, which started in November and used password spray attacks to compromise a corporate account that did not have multi-factor authentication enabled.

The spies are still trying to access additional Microsoft accounts, and we're told the volume of password sprays increased ten-fold in February compared to the volume of such attacks seen in January.

The silver lining, according to Microsoft's updated Form 8-K, is that the security snafu hasn't had any financial impact on operations — yet.

Redmond says its investigation is ongoing and promised to share updates.

"Midnight Blizzard's ongoing attack is characterized by a sustained, significant commitment of the threat actor's resources, coordination, and focus," the security updated said. "It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks."

Network-attached storage (NAS) specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November.

The Taiwanese company's coordinated disclosure of the issues with researchers at Unit 42 by Palo Alto Networks has, however, led to some confusion over the severity of the security problem.

QNAP assigned CVE-2023-50358 a middling 5.8-out-of-10 severity score, the breakdown of which revealed it was classified as a high-complexity attack that would have a low impact if exploited successfully.

Unit 42's assessment, on the other hand, was the polar opposite: "These remote code execution vulnerabilities affecting IoT devices exhibit a combination of low attack complexity and critical impact, making them an irresistible target for threat actors. As a result, protecting IoT devices against such threats is an urgent task."

The German Federal Office for Information Security (BSI) also released an emergency alert today warning that successful exploits could lead to "major damage," encouraging users to apply patches quickly.

At the time of writing, the National Vulnerability Database (NVD) is still working to assign the vulnerability an independent rating.

Typically, command injection vulnerabilities that are easy to exploit tend to attract severity scores at the higher end of the scale, so it will be interesting to see what the NVD's score ends up being.

According to Unit42's internet scans of vulnerable devices carried out in mid-January, 289,665 separate IP addresses registered a vulnerable, public-facing device.

Germany and the US were the most exposed, with 42,535 and 36,865 vulnerable devices respectively, while China, Italy, Japan, Taiwan, and France trailed each with over 10,000 devices exposed.

Exploiting CVE-2023-50358

Unlike QNAP, Unit 42 published a technical breakdown of CVE-2023-50358 and how to exploit the vulnerability.

It's classed as a command injection flaw in the quick.cgi component of QNAP's QTS firmware, which runs on most of its NAS devices.

"While setting the HTTP request parameter todo=set_timeinfo, the request handler in quick.cgi saves the value of the parameter SPECIFIC_SERVER into a configuration file /tmp/quick/quick_tmp.conf with the entry name NTP Address," the researchers explained.

"After writing the NTP server address, the component starts time synchronization using the ntpdate utility. The command-line execution is built by reading the NTP Address in quick_tmp.conf, and this string is then executed using system().

"Untrusted data from the SPECIFIC_SERVER parameter is therefore used to build a command line to be executed in the shell resulting in arbitrary command execution."

Double up

QNAP's advisory also detailed fixes for a second command injection flaw, CVE-2023-47218, which was reported by Stephen Fewer, principal security researcher at Rapid7, and has also been given the same 5.8 severity score.

The advisory itself combines both vulnerabilities and provides technical details for neither, so it's difficult to determine what the differences are from this alone.

Rapid7's advisory, however, provides extensive detail on how CVE-2023-47218 also lies in the quick.cgi component, allowing for command injection, and how it can feasibly be exploited using a specially crafted HTTP POST request.

Details of the disclosure timeline also offered a glimpse at what appears to be a slightly ticked-off Rapid7 after QNAP went silent and published its patches earlier than agreed.

After agreeing to a coordinated disclosure date for the vulnerabilities of February 7 back in December, on January 25 QNAP told Rapid7 it had already pushed out the patches. This followed more than two weeks of radio silence from the NAS slinger after Rapid7 requested a progress update.

QNAP also asked Rapid7 to delay the publication of its advisory to February 26, nearly three weeks after the original agreed date, which didn't appear to have been received warmly.

So many patches

Rather than focusing on the technical details of the vulnerabilities, QNAP's main focus with its disclosure appears to be highlighting the different patches available for different firmware versions. QTS, QuTS hero, and QuTAcloud are all impacted differently and each version has its own specific upgrade recommendation.

A single packet can exhaust the processing capacity of a vulnerable DNS server, effectively disabling the machine, by exploiting a 20-plus-year-old design flaw in the DNSSEC specification.

That would make it trivial to take down a DNSSEC-validating DNS resolver that has yet to be patched, upsetting all the clients relying on that service and make it seem as though websites and apps were offline.

The academics who found this flaw – associated with the German National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt – claimed DNS server software makers briefed about the vulnerability described it as "the worst attack on DNS ever discovered."

Identified by Professor Haya Schulmann and Niklas Vogel of the Goethe University Frankfurt; Elias Heftrig of Fraunhofer SIT; and Professor Michael Waidner at the Technical University of Darmstadt and Fraunhofer SIT, the security hole has been named KeyTrap, designated CVE-2023-50387, and assigned a CVSS severity rating of 7.5 out of 10.

As of December 2023, approximately 31 percent of web clients worldwide used DNSSEC-validating DNS resolvers and, like other applications relying on those systems, would feel the effects of a KeyTrap attack: With those DNS servers taken out by the flaw, clients relying on them would be unable to resolve domain and host names to IP addresses to use, resulting in a loss of connectivity.

The researchers said lone DNS packets exploiting KeyTrap could stall public DNSSEC-validated DNS services, such as those provided by Google and Cloudflare, by making them do calculations that overtax server CPU cores.

This disruption of DNS could not only deny people's access to content but could also interfere with other systems, including spam defenses, cryptographic defenses (PKI), and inter-domain routing security (RPKI), the researchers assert.

"Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging," they claimed. "With KeyTrap, an attacker could completely disable large parts of the worldwide internet."

A non-public technical paper on the vulnerability provided to The Register, titled, "The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNS," describes how an assault would be carried out. It basically involves asking a vulnerable DNSSEC-validating DNS resolver to look up an address that causes the server to contact a malicious nameserver that sends a reply that causes the resolver to consume most or all of its own CPU resources.

To initiate the attacks our adversary causes the victim resolver to look up a record in its malicious domain," the due-to-be-published paper states. "The attacker’s nameserver responds to the DNS queries with a malicious record set (RRset), according to the specific attack vector and zone configuration."

The attack works, the paper explains, because the DNSSEC spec follows Postel’s Law: "The nameservers should send all the available cryptographic material, and the resolvers should use any of the cryptographic material they receive until the validation is successful."

This requirement, to ensure availability, means DNSSEC-validating DNS resolvers can be forced to do a lot of work if presented with colliding key-tags and colliding keys that must be validated.

"Our complexity attacks are triggered by feeding the DNS resolvers with specially crafted DNSSEC records, which are constructed in a way that exploits validation vulnerabilities in cryptographic validation logic," the paper explains.

"When the DNS resolvers attempt to validate the DNSSEC records they receive from our nameserver, they get stalled. Our attacks are extremely stealthy, being able to stall resolvers between 170 seconds and 16 hours (depending on the resolver software) with a single DNS response packet."

The ATHENE boffins said they worked with all relevant vendors and major public DNS providers to privately disclose the vulnerability so a coordinated patch release would be possible. The last patch was finished today.

"We are aware of this vulnerability and rolled out a fix in coordination with the reporting researchers," a Google spokesperson told The Register. "There is no evidence of exploitation and no action required by users at this time."

Network research lab NLnet Labs published a patch for its Unbound DNS software, addressing two vulnerabilities, one of which is KeyTrap. The other bug fixed, CVE-2023-50868, referred to as the NSEC3 vulnerability, also allows denial of service through CPU exhaustion.

"The KeyTrap vulnerability works by using a combination of keys (also colliding keys), signatures and number of RRSETs on a malicious zone," NLnet Labs wrote. "Answers from that zone can force a DNSSEC validator down a very CPU intensive and time costly validation path."

PowerDNS, meanwhile, has an update here to thwart KeyTrap exploitation.

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser.

Headquartered in Minnetonka, Minn., U.S. Internet is a regional ISP that provides fiber and wireless Internet service. The ISP’s Securence division bills itself “a leading provider of email filtering and management software that includes email protection and security services for small business, enterprise, educational and government institutions worldwide.”

This page is for anyone trying to find their way in the overwhelming world of open-source intelligence. It's a collection of my favorite OSINT resources, and I hope it helps you find new ways to learn from some amazing people.

Key Findings

• A network of at least 123 websites operated from within the People’s Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL.
• PAPERWALL has similarities with HaiEnergy, an influence operation first reported on in 2022 by the cybersecurity company Mandiant. However, we assess PAPERWALL to be a distinct campaign with different operators and unique techniques, tactics and procedures.
• PAPERWALL draws significant portions of its content from Times Newswire, a newswire service that was previously linked to HaiEnergy. We found evidence that Times Newswire regularly seeds pro-Beijing political content, including ad hominem attacks, by concealing it within large amounts of seemingly benign commercial content.
• A central feature of PAPERWALL, observed across the network of websites, is the ephemeral nature of its most aggressive components, whereby articles attacking Beijing’s critics are routinely removed from these websites some time after they are published.
• We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the firm’s official website and the network.
• While the campaign’s websites enjoyed negligible exposure to date, there is a heightened risk of inadvertent amplification by the local media and target audiences, as a result of the quick multiplication of these websites and their adaptiveness to local languages and content.
• These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the Chinese government to make use of them.

Why Exposing this Type of Campaign Matters

Beijing is increasing its aggressive activities in the spheres of influence operations (IOs), both online and offline. In the online realm, relevant to the findings in this report, Chinese IOs are shifting their tactics and increasing their volume of activity. For example, in November 2023 Meta – owner of the social media platforms Facebook, Instagram, and WhatsApp – announced the removal of five networks engaging in “coordinated inauthentic behavior” (i.e. influence operations) and targeting foreign audiences. Meta noted it as a marked increase in IO activity by China, stating that “for comparison, between 2017 and November 2020, we took down two CIB networks from China, and both mainly focused on the Asia-Pacific region. This represents the most notable change in the threat landscape, when compared with the 2020 [US] election cycle.”

Seeding ad hominem attacks on Beijing’s critics can result in particularly harmful consequences for the targeted individuals, especially when, as in PAPERWALL’s case, it happens within much larger amounts of ostensibly benign news or promotional content that lends credibility to and expands the reach of the attacks. The consequences to these individuals can include, but are not limited to, their delegitimization in the country that hosts them; the loss of professional opportunities; and even verbal or physical harassment and intimidation by communities sympathetic to the Chinese government’s agenda.

This report adds yet more evidence, to what has been reported by other researchers, of the increasingly important role played by private firms in the management of digital IOs on behalf of the Chinese government. For example, an October 2023 blog post by the RAND corporation summarized recent public findings on this issue, and advocated for the disruption of the disinformation-for-hire industry through the use of sanctions or other available legal and policy means.

It should be noted that disinformation-for-hire companies, driven by revenue, not ideology, tend not to be discerning about the motivations of their clients. As major recent press investigations have shown, both their origin and their client base can truly be global. Exposing this actor type, and its tactics, can help understand how governments seek plausible deniability through the hiring of corporate proxies. It can also refocus research on the latter, increasing deterrence by exposing their actions.