Threat Report 27.01.25

Critical Vulnerability in Meta's Llama Framework

Meta’s Llama framework, widely used for AI-powered applications, has been found vulnerable to a critical flaw labelled CVE-2024-50050. The issue arises from untrusted data deserialisation, a common vulnerability in software systems, which allows attackers to execute malicious code remotely on the llama-stack inference server.

While its CVSS score is 6.3, supply chain security experts have rated it critical, assigning a severity of 9.3 due to the potential impact on enterprise AI systems. If exploited, this flaw could compromise not only the affected server but also any system relying on it for critical functions.

AI models like Llama are becoming increasingly integrated into critical applications across industries. This vulnerability highlights the importance of maintaining robust security practices for machine learning frameworks.

Recommendations:

• Apply Patches: Ensure all instances of the Llama framework are updated to the latest secure version.
• Secure Input Data: Validate and sanitise all data inputs before processing them through your AI systems.
• Monitor Systems: Use security tools to monitor for suspicious activity on servers running the Llama framework.

Over 100 Security Flaws in LTE and 5G Network Implementations

Researchers have identified 119 security vulnerabilities in LTE and 5G networks, which are vital to modern communication. The flaws, documented under 97 CVEs, range from issues allowing attackers to intercept data to vulnerabilities that could disrupt network services.

These flaws affect both the radio access networks and core network elements, posing risks to users and service providers alike. If exploited, they could enable man-in-the-middle attacks, denial-of-service (DoS), or unauthorised access to network controls.

With 5G adoption accelerating, secure networks are critical for industries relying on IoT, telemedicine, and smart infrastructure. Exploits targeting these flaws could have a ripple effect on connected systems.

Recommendations:

• Vendor Coordination: Collaborate with network equipment vendors to identify and patch vulnerabilities.
• Network Audits: Conduct thorough security assessments of your network infrastructure.
• Zero Trust: Implement zero-trust policies for sensitive network operations to minimise risks.

British Museum's IT Systems Compromised by Former Contractor

A dismissed contractor deliberately disrupted the British Museum’s IT systems, exploiting residual access privileges. The breach, which was identified a week after the individual’s termination, highlights the growing threat of insider attacks.

Insider threats, whether from current or former employees, account for a significant portion of cybersecurity incidents. This case illustrates how failing to revoke access quickly can lead to malicious activity.

Recommendations:

• Automated Access Controls: Immediately deactivate access for terminated employees and contractors.
• Monitor Access Logs: Regularly review system activity for anomalies.
• Employee Vetting: Conduct thorough background checks for sensitive roles.

Hidden Backdoor Discovered in Juniper Routers

A concealed backdoor, triggered by a specific “magic packet,” has been discovered in Juniper routers. This backdoor allows attackers to gain unauthorised access, bypassing standard authentication mechanisms.

Routers are the backbone of corporate networks. A vulnerability like this could allow attackers to intercept traffic, deploy malware, or gain control of critical systems.

Recommendations:

• Firmware Updates: Apply the latest security patches released by Juniper.
• Restrict Network Traffic: Use access control lists (ACLs) to limit packet traffic to trusted sources.
• Segment Networks: Isolate critical systems from general network traffic to reduce exposure.

TalkTalk Investigates Alleged Data Breach

TalkTalk has initiated an investigation into claims of a data breach affecting its systems. While the company asserts that the scale of the breach is likely overstated, the ongoing scrutiny emphasises the importance of transparency and rapid response during such incidents.

The mere perception of a data breach can damage customer trust. A slow or ineffective response can exacerbate the situation, leading to greater repetitional harm.

Recommendations:

• Incident Response Plan: Review and test your incident response procedures regularly.
• Customer Communication: Provide transparent updates to customers during investigations.
• Data Encryption: Ensure all sensitive customer data is encrypted at rest and in transit.

Beware of Your LinkedIn Contacts

A new wave of phishing attacks is targeting professionals on LinkedIn. Attackers impersonate senior executives, recruiters, or colleagues, sending connection requests to gain trust before sharing malicious links or requesting sensitive information.

LinkedIn is a trusted platform for professionals, making it an attractive target for attackers looking to infiltrate corporate networks.

Recommendations:

• Awareness Training: Educate employees to recognise fake profiles and phishing attempts.
• Secure Accounts: Enforce multi-factor authentication (MFA) for LinkedIn accounts.
• Verify Contacts: Always confirm the identity of new connections before sharing information.