Join Snyk's one-hour session on November 19 and learn how to create a powerful Security Champions Program 🔐. We'll cover key strategies for identifying leaders, fostering collaboration, and driving security excellence.

Plus take advantage of this free webinar and earn CPE credits 🎓

Welcome to another_secpro!

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

Bruce Schneier - AI Industry is Trying to Subvert the Definition of “Open Source AI”: The Open Source Initiative haspublished(news articlehere) its definition of “open source AI,” and it’sterrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training dataisthe source code—it’s how the model gets programmed—the definition makes no sense.

Bruce Schneier - Prompt Injection Defenses Against LLM Cyberattacks:Interesting research: “Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks“: "Large language models (LLMs) are increasingly being harnessed to automate cyberattacks, making sophisticated exploits more accessible and scalable. In response, we propose a new defense strategy tailored to counter LLM-driven cyberattacks. We introduce Mantis, a defensive framework that exploits LLMs’ susceptibility to adversarial inputs to undermine malicious operations. Upon detecting an automated cyberattack, Mantis plants carefully crafted inputs into system responses, leading the attacker’s LLM to disrupt their own operations (passive defense) or even compromise the attacker’s machine (active defense)..."

Bruce Schneier - Subverting LLM Coders:Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“: "Abstract: Large Language Models (LLMs) have transformed code completion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter the model outputs. To address this critical security challenge, we introduce CODEBREAKER, a pioneering LLM-assisted backdoor attack framework on code completion models. Unlike recent attacks that embed malicious payloads in detectable or irrelevant sections of the code (e.g., comments), CODEBREAKER leverages LLMs (e.g., GPT-4) for sophisticated payload transformation (without affecting functionalities), ensuring that both the poisoned data for fine-tuning and generated code can evade strong vulnerability detection..."

Checkpoint Research - Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT: "APT36, also known as Transparent Tribe, is a Pakistan-based threat actor notorious for persistently targeting Indian government organizations, diplomatic personnel, and military facilities. APT36 has conducted numerous cyber-espionage campaigns against Windows, Linux, and Android systems. In recent campaigns, APT36 utilized a particularly insidious Windows RAT known as ElizaRAT. First discovered in 2023, ElizaRAT has significantly evolved to enhance its evasion techniques and maintain reliability in its command and control (C2) communication."

CloudSEK - Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave: "The report by CloudSEK uncovers the resurgence of the Mozi botnet in a new form called "Androxgh0st," actively exploiting vulnerabilities across multiple platforms, including IoT devices and web servers. Since January 2024, Androxgh0st has adopted payloads and tactics from Mozi, allowing it to target systems like Cisco ASA, Atlassian JIRA, and PHP frameworks. This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures. Immediate security patches and regular monitoring are advised to mitigate risks from this complex threat, which now combines Mozi’s IoT-targeting abilities with Androxgh0st’s extended attack vector."

Fortinet - New Campaign Uses Remcos RAT to Exploit Victims: "Remcos is a commercial RAT (remote administration tool) sold online. It provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer. However, threat actors have abused Remcos to collect sensitive information from victims and remotely control their computers to perform further malicious acts."

JFROG - Machine Learning Bug Bonanza – Exploiting ML Services: "In our previous research on MLOpswe noted the immaturity of the Machine Learning (ML) field often results in a higher amount of discovered security vulnerabilities in ML-related projects as compared to more established software categories such as DevOps, Web Servers, etc. For example, in the past two years, 15 critical CVEs were published inmlflow vs. just two critical CVEs in Jenkins, which was documented by both public research and our own investigation."

Krebs on Security - Canadian Man Arrested in Snowflake Data Extortions: A 25-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data serviceSnowflake. On October 30, Canadian authorities arrestedAlexander Moucka,a.k.a.Connor Riley Mouckaof Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg firstreportedMoucka’s alleged ties to the Snowflake hacks on Monday.

Krebs on Security - FBI: Spike in Hacked Police Emails, Fake Subpoenas: TheFederal Bureau of Investigation(FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies.

Office of Public Affairs - Bitcoin Fog Operator Sentenced for Money Laundering Conspiracy: "According to court documents and evidence presented at trial, from 2011 through 2021, Roman Sterlingov, 36, was involved in operating Bitcoin Fog, the darknet’s longest-running cryptocurrency “mixer.” Over the course of its decade-long operation, Bitcoin Fog gained notoriety as a go-to money laundering service for criminals seeking to hide their illicit proceeds from law enforcement and processed transactions involving over 1.2 million bitcoin, valued at approximately $400 million at the time the transactions occurred. The bulk of this cryptocurrency came from darknet marketplaces and was tied to illegal narcotics, computer crimes, identity theft, and child sexual abuse material."

goliate/hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes. Simples.

ncorbuk/Python-Ransomware - A Python Ransomware Tutorial with a YouTube tutorial explaining code and showcasing the ransomware with victim/target roles.

ForbiddenProgrammer/conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks.

codesiddhant/Jasmin-Ransomware: Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

19th International Conference for Internet Technology and Secured Transactions (4th-5th November): The 19th International Conference for Internet Technology and Secured Transactions (ICITST-2024) will be held at the St Anne's College, Oxford, from the 4th to 6th of November, 2024. The ICITST is an international refereed conference dedicated to the advancement of theory and practical implementation of secured Internet transactions and to fostering discussions on information technology evolution. The ICITST-2024 aims to provide a highly professional and comparative academic research forum that promotes collaborative excellence between academia and industry.

The Women and Diversity in Tech and Channel Festival (5th November): "The Women and Diversity in Tech and Channel Festival is a celebration of diversity within the tech landscape. Although progress has been made, there is still far to go to make sure that people from every background and gender have avenues to achieve satisfaction and success with a role in tech."

Zywave's Cyber Risk Insights Conference (6th November): "Free Registration is offered to full-time Risk Managers and Insurance Buyers as a courtesy from Zywave. First come first served, of course, and we reserve the right to verify roles as well as to deny this free courtesy based on our sole discretion."

AI-Driven MedTech: Navigating the New Frontier (6th November): "Join us for an insightful webinar where we explore the transformative power of Artificial Intelligence (AI) in the medical and healthcare industries. As we stand on the brink of a new era in MedTech, AI is emerging as a pivotal force, driving innovation and enhancing patient care. This webinar will provide a practical understanding of how AI is becoming an indispensable “member” of the medical team, revolutionizing everything from diagnostics and treatment planning to medical device development."

The 10th IEEE World Forum on Internet of Things (10th-13th November): The IEEE WFIoT2024 continues the legacy of being the premier event hosted by the IEEE IoT Technical Community, uniting diverse expertise intrinsic to the IoT domain. This year, we proudly announce the theme for WFIoT 2024: "Unleashing the Power of IoT with AI." This theme underscores the pivotal role of Artificial Intelligence in augmenting the potential of the Internet of Things.