A critical vulnerability in Kubernetes could enable unauthorized SSH access to a Virtual Machine (VM) that is running an image created with Kubernetes Image Builder. The Kubernetes Image Builder project lets users create VM images for Cluster API (CAPI) providers running the Kubernetes environment, such as Proxmox or Nutanix. These VMs are used to set up nodes that will become part of a Kubernetes cluster. The vulnerability stems from default credentials being enabled during image-building and not being disabled after the process.

Etay Maor, Chief Security Strategist and founding member of the Cyber Threats Research Lab (CTRL) at Cato Networks, has highlighted how both defenders and attackers could use Artificial Intelligence (AI) in their operations. For example, Maor points out that AI models can be applied to augment human researchers and security products by generating a human-readable report of all security events and alerts with one button. Cybercriminals can conduct prompt injection attacks against AI models used in the analysis of malware code.

Google recently announced a fresh Chrome browser update that addresses 17 vulnerabilities, including 13 security defects reported by external researchers.  Google noted that the most severe of the externally reported bugs is CVE-2024-9954, a high-risk use-after-free defect in AI, for which it handed out a $36,000 bug bounty reward.  The browser update resolves five medium-severity use-after-free issues as well, impacting Web Authentication, UI, DevTools, Dawn, and Parcel Tracking.

Apparel giant Varsity Brands recently disclosed a data breach impacting a significant number of individuals. Varsity provides uniforms, apparel, and services for sports teams, schools, and student-athletes.  The company said it detected "unusual activity" on its systems in May 2024 and, upon detection, took certain systems offline and launched an investigation with the assistance of external cybersecurity experts.  The company noted that it also notified law enforcement.

A research team led by Wang Chao from Shanghai University has presented a method involving the use of D-Wave's quantum annealing systems to crack classic encryption. The study titled "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage" describes how D-Wave's machines were used to break RSA encryption and attack symmetric encryption systems. Their method raises significant concerns about the future of cybersecurity.

Researchers at Trend Micro have discovered that threat actors are using the open source "EDRSilencer" tool to evade Endpoint Detection and Response (EDR) systems. According to the researchers, the software designed for red teaming is being used to "silence" EDR solutions. It involves using the Windows Filtering Platform (WFP), which enables the creation of custom rules for monitoring, blocking, and modifying network traffic. This article continues to discuss the use of the EDRSilencer tool by threat actors.

The Entrust Cybersecurity Institute found that many organizations have not begun post-quantum threat preparations despite the National Institute of Standards and Technology's (NIST) recent publication of post-quantum standards. NIST published its first three finalized post-quantum encryption standards in August, providing usage and implementation guidelines for organizations transitioning to quantum cryptography.

According to Fortinet's recent threat report, cybercriminals, hacktivists, and nation-state actors have threatened to disrupt or take advantage of the US election. The report discusses the threat landscape and adversarial activity that could impact this year's election. Fortinet recognizes that the usual threats come from financially motivated criminals, partisan hacktivists, and politically motivated elite nation-state actors. This article continues to discuss the cyber threats to November's Election Day.

Researchers from the University of Texas at Austin's SPARK Lab have identified "ConfusedPilot," a new cyberattack that targets Retrieval-Augmented Generation (RAG)-based Artificial Intelligence (AI) systems such as Microsoft 365 Copilot. Professor Mohit Tiwari, CEO of Symmetry Systems, led the team that discovered how attackers could manipulate AI-generated responses through the introduction of malicious content into documents referenced by the AI. This method could result in misinformation and flawed decision-making by organizations.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.