Researchers from Bishop Fox have reported that organizations using Ray, an open-source framework for scaling Artificial Intelligence (AI) and Machine Learning (ML) workloads, could face attacks due to three unpatched vulnerabilities in the technology. The flaws allow attackers to gain operating system access to all nodes in a Ray cluster, enable Remote Code Execution (RCE), escalate privileges, and more. The Bishop Fox researchers discovered the flaws in August and reported them to Anyscale, which sells a fully managed version of the technology.

Okta recently revealed that hackers stole information on all users of its customer support system in a network breach two months ago.  The company notified customers that it had determined hackers had downloaded a report containing data, including names and email addresses of all clients who use its customer support system.  Okta's shares slumped in October after the company said that the breach allowed some hackers to view files uploaded by certain clients.  Okta provides identity services such as single sign-on and multi-factor authentication.  
 

Google recently announced a security update that addresses a zero-day vulnerability in the Chrome browser.  The high-severity issue tracked as CVE-2023-6345 is described as an integer overflow bug in Skia, the open-source 2D graphics library that serves as the graphics engine in Chrome, Firefox, and other browsers.  Google stated that it is aware that an exploit for CVE-2023-6345 exists in the wild.

Threat intelligence-sharing platform VirusTotal has recently unveiled new research showing how cyber defenders can use AI to enhance malware analysis.  VirusTotal found that AI is extremely effective in analyzing malicious code, identifying 70% more malicious scripts than traditional techniques alone.  VirusTotal also observed that AI was up to 300% more accurate than traditional techniques at detecting attempts by malicious scripts to target a device with a common vulnerability or exploit.

Researchers from the University of Michigan's Computer Science and Engineering (CSE) division are presenting papers at the Association for Computing Machinery Special Interest Group on Security, Audit and Control's (SIGSAC's) Conference on Computer and Communications Security (ACM CCS). The conference gathers experts and practitioners to share their latest ideas, innovations, and findings.

Carnegie Mellon faculty and students are presenting on various topics at the Association for Computing Machinery Special Interest Group on Security, Audit and Control's (SIGSAC's) Conference on Computer and Communications Security (ACM CCS). The conference brings together information security researchers, practitioners, developers, and users worldwide to discuss novel ideas and findings.

Amir Hossein Golshan, 25, of Los Angeles, was recently sentenced to 96 months in prison for perpetrating multiple cybercrime schemes, including one involving SIM swapping.  Between April 2019 and February 2023, Golshan caused roughly $740,000 in losses to hundreds of victims as a result of various online scams and unauthorized access to digital accounts.  According to the Department of Justice (DoJ), Golshan took over victims’ social media accounts, impersonated Apple support, and engaged in Zelle payment fraud schemes.

Researchers have discovered a case of "forced authentication" that threat actors could exploit to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking the victim into opening a specially crafted Microsoft Access file. The attack exploits a legitimate database management system solution feature that enables users to link to external data sources such as a remote SQL Server table. NTLM, a challenge-response authentication protocol introduced by Microsoft in 1993, is used to authenticate users during sign-in.

According to the inaugural SMB Threat Report by Huntress, a company that provides a security platform and services to small and midsize businesses (SMBs) and Managed Service Providers (MSPs), malware-free attacks, attackers' increased reliance on legitimate tools and scripting frameworks, and Business Email Compromise (BEC) scams were the most prominent threats SMBs faced in the third quarter of 2023.

Hackers are targeting CVE-2023-49103, a critical ownCloud vulnerability that exposes admin passwords, mail server credentials, and license keys in containerized deployments. The ownCloud product is a popular open-source file synchronization and sharing solution for those who want to manage and share data through a self-hosted platform. On November 21, the developers of the software released security bulletins for three vulnerabilities that could lead to data breaches, suggesting that ownCloud administrators implement the recommended mitigations.