UK summit pledge to tackle AI risks, ‘Kill switch’ shuts down Mozi botnet, EU regulator bans Meta’s ad practices
Countries at UK summit pledge to tackle AI risks
On Wednesday, at the global AI safety summit at Bletchley Park, UK, countries including the UK, US, and China pledged to work towards “shared agreement and responsibility” for addressing AI risks, which they say have “potential for serious, even catastrophic, harm.” Recorded remarks from King Charles urged attendees to protect democracies by addressing AI risks with a sense of urgency, unity and collective strength. Elon Musk was in attendance and described AI as one of the biggest threats to humanity, adding it’s not clear whether we can control something that, for the first time in human history, “is far more intelligent than us.” Other high profile attendees offered insights as to how AI should be legislated and whether producers should consider a pause on AI development in order to ensure risks are addressed.
(SecurityWeek and The Guardian)
‘Kill switch’ deliberately shuts down notorious botnet
Researchers at ESET have discovered a “kill switch” that put an end to the Mozi botnet, which infected more than 1.5 million Internet of Things (IoT) devices since 2019. Back in August, the botnet’s activity suddenly ceased in its largest markets, India and China. Researchers discovered that a payload had been sent to the botnet’s infected devices, deactivating the Mozi malware. The researchers believe the takedown was “deliberate and calculated” due to the payload being signed with a private key with a strong connection to the botnet’s original source code. It is not clear who sent the payload though it was likely either the creators of Mozi or Chinese law enforcement. In 2021, China arrested the creators of the botnet.
(The Record and Bleeping Computer)
EU regulator bans Meta’s targeted advertising practices
In an unprecedented shakeup in the European advertising technology space, the European Data Protection Board (EDPB) issued an urgent binding decision to ban Meta’s data processing for behavioral advertising. The decision applies to Meta’s Facebook and Instagram users across EU member states and European Economic Area countries. It stems from a request from Norway to make their previously-issued interim ban permanent and extend its reach to all of Europe. The EDPB said Meta has not complied with orders imposed last year and that it’s “high time for Meta to bring its processing into compliance and to stop unlawful processing.” Meta was notified of the EDPB’s binding decision on Tuesday.
(iapp)
New CVSS v4.0 standard released
The Forum of Incident Response and Security Teams (FIRST) has officially released v4.0 of its Common Vulnerability Scoring System (CVSS) standard which assesses the severity of software vulnerabilities. According to FIRST, the updated standard offers more granular base metrics, removes scoring ambiguity, simplifies threat metrics, while enabling assessment of environment-specific security requirements and compensating controls. In addition, several supplemental vulnerability metrics were added including Automatable (wormable), Recovery (resilience), Value Density, Response Effort and Provider Urgency. One other key enhancement is the added applicability to Operational Technology (OT), Industrial Control Systems (ICS) and IoT devices.?
领英推荐
Huge thanks to our sponsor, Hunters
3,000 vulnerable ActiveMQ servers exposed online
Researchers from ShadowServer found over 3,000 internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) bug (CVE-2023-46604). The flaw is rated a 10.0 CVSS severity and allows attackers to execute arbitrary shell commands by exploiting the OpenWire protocol. Apache ActiveMQ is a scalable open-source message broker that is widely used because it supports a range of secure authentication and authorization mechanisms. China was found to have the most vulnerable instances running (1,400), followed by the US (530) and Germany (153). Technical details for exploiting the vulnerability are publicly available so companies should apply security updates as soon as possible.
Dallas County ‘interrupted’ data exfiltration, prevented encryption after attack
On Monday, the county of nearly 3 million residents confirmed it was dealing with a cybersecurity incident for which the Play ransomware gang claimed responsibility over the weekend. On Tuesday evening, Dallas County provided an update indicating they were able to contain the incident, interrupting data exfiltration from its environment and preventing encryption of its files and systems. They attributed their defensive success to security measures including deployment of endpoint detection and response (EDR) tools, forced password changes, and multi-factor authentication. Dallas county did not clarify how the hackers initially got into their systems and said the initial attack only affected a portion of their network. The county has enlisted an unnamed cybersecurity company to assist in their remediation efforts and an investigation is ongoing.
Dozens of kernel drivers allow attackers to escalate privileges
VMware Carbon Black’s Threat Analysis Unit (TAU) has identified a few hundred file hashes associated with 34 unique, previously unknown vulnerable drivers. Some of the drivers belong to major BIOS, PC and chip makers and all of the vulnerable drivers could allow attackers with non-system privileges to gain full control of targeted devices. The analysis focused on Windows Driver Model (WDM) and Windows Driver Framework (WDF) drivers. VMware notified the developers of the vulnerable drivers back in the spring (of 2023), but said only two developers fixed the vulnerabilities (Phoenix Technologies and Advanced Micro Devices). The company has published a list of the file names associated with the problematic drivers.
Economic conditions continue to sandbag cyber hiring
The 2023 ISC2 Cybersecurity Workforce Study published Tuesday reveals that a shortage of cybersecurity workers combined with tighter security budgets is leading to cybersecurity specialists being overworked and stressed. While there are 1.5 million cybersecurity professionals working in North America, the report indicates there is a shortfall of 522,000 workers. Yet, because of economic uncertainty, companies are not prioritizing filling needed cybersecurity roles, with 47% of companies implementing a hiring freeze, budget cuts, or layoffs. ISC2 says the result is cybersecurity staff working more, businesses delaying cybersecurity products purchases, and security teams being less able to prepare for future threats.