Newsletters

Written content from the Risky Business Media team

Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The developers of a lot of industrial gear and smart devices will have their work cut out for them over the coming months and years to deploy protections against a set of newly discovered and unpatched bugs in the FatFs filesystem driver.

The seven bugs, discovered by security firm runZero, can allow an attacker to use a crafted filesystem image to cause a memory corruption that runs malicious code to jailbreak a targeted device.

Devices that use FatFs for their filesystem are all impacted.

Srsly Risky Biz: America Won't Beat the Distillation Ecosystem

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

Last week Anthropic accused Chinese company Alibaba of conducting what it described as the "largest known distillation attack" against the company's AI models. 

Distillation attacks upskill less capable models by training them on the outputs of more advanced ones. Back in February Google, OpenAI and Anthropic all said that Chinese companies were harvesting their proprietary intellectual property in coordinated campaigns.

Alibaba's latest campaign, Anthropic says, occurred from April 22 to June 5 and used more than 25,000 fraudulent accounts to generate 28.8 million exchanges. Anthropic says it was carried out by operators "affiliated with Alibaba and Alibaba Qwen, Alibaba's AI lab". 

Risky Bulletin: Researcher drops giant cache of zero-day exploits

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

An anonymous security researcher going online by the pseudonym of Bikini has published proof-of-concept exploit code and detailed write-ups for more than a dozen zero-day vulnerabilities in popular open-source projects.

The exploits were published without notifying any of the vendors.

They impact 15 software projects, including some big names like the Linux kernel, Libssh2, Anydesk, FFmpeg, Gogs, Gitea, Ghidra, 7-Zip, MyBB, PHP, OpenVPN, the VLC player, and more.

Risky Bulletin: Microsoft disrupts StegoAd operation

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Microsoft's security team has removed 119 malicious Edge extensions from the official Microsoft Edge Add-ons store that were part of a coordinated operation that sought to steal user credentials, backdoor browsers, and engage in advertising and search affiliate fraud.

The extensions were published through 90+ different developer accounts but shared infrastructure, parts of their codebase, and heavily relied on steganography to hide malicious commands and code.

The StegoAd operation, as Microsoft called it, also had Chrome and Firefox extensions under its umbrella.

Risky Bulletin: Law enforcement agencies and security firms take down Amadey and StealerC

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

An Europol operation aimed at taking down cybercrime operations has added two new victims to its trophy wall in the Amadey malware loader and the StealC infostealer operation. (Technically three, but we already covered the SocGolish botnet takedown last week, so we're gonna pretend it's two.)

The takedown included seven law enforcement agencies (from Europol, Canada, Denmark, Germany, the Netherlands, the UK, and the US) and six security firms (Microsoft, Bitsight, ESET, IBM, Proofpoint, MBSD, and Pillsbury).

Takedown figures include 326 servers, 142 domains, and more than $47 million in illegal cryptocurrency profits.

Srsly Risky Biz: Open Weight Model Advances Make the Mythos Debate Moot

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

This week, the Five Eyes cyber security agencies issued a call-to-action, warning that AI is accelerating "the speed, scale, and sophistication of cyber threats". 

The thinking behind the call-to-action is clear, here. The Five Eyes believe it is no longer possible to limit AI's powerful, offensive cyber security capabilities to benign actors. AI is lowering barriers for malicious actors and shrinking the window between vulnerability discovery and exploitation. Organisations need to be ready, because the genie is out of the bottle.

They're not wrong. Freely available open weights models have closed the gap with frontier models to the extent that they're now extremely useful in orchestrating various offensive cyber security tasks. 

Risky Bulletin: The FortiBleed incident is so much worse than a simple credentials leak

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

FortiBleed, a massive hacking campaign that targeted Fortinet devices this year, was far more sophisticated than security researchers initially thought.

Initial reports painted the picture of a campaign that gained access to Fortinet devices, collected credentials and authentication hashes, cracked the hashes, and then the data mysteriously leaked online.

The reality is that the campaign was far more complex and targeted a lot more things than just Fortinet devices. Compiling data from reports published by Fortinet itself, SOC Radar, CloudSEK, Palo Alto Networks, and Prodaft we have a clear picture of a broad hacking campaign that began in February this year and was initially just an internet mass-scan and brute-forcing operation.

Risky Bulletin: Klue breach impacts security firms

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

At least five security firms have had their Salesforce business accounts pilfered as part of a hacking spree that was traced back to business intelligence platform Klue.

The Klue breach took place last week, the company admitted in a blog post.

Hackers accessed its platform via "a compromised legacy credential associated with an integration service" and then stole OAuth tokens that customers had used to connect Klue to other third-party services, such as Salesforce.

Risky Bulletin: Canada’s spy agency allowed to remove a botnet from Canadian devices

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Canada's main intelligence service obtained a court warrant this week to proactively remove a mysterious botnet's malware from Canadian systems such as servers, home routers, and smart devices.

The devices were allegedly part of an unnamed proxy botnet. These types of botnets are very common these days and allow hackers to disguise the origin of their attacks and their identities, making their malicious traffic appear as coming from a local residential network.

According to a copy of the court order obtained by The Canadian Press, the botnet was allegedly being used by a threat actor to "advance their financial, political, ideological and economic interests."

Srsly Risky Biz: Anthropic Lacks Emotional Intelligence

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The stoush between Anthropic and the US government has erupted once again, this time over concerns about how the release of new AI models is being managed.

Early last week, Anthropic rolled out two new models, Mythos 5 and Fable 5. By Friday, they'd been pulled.

The Wall Street Journal reported their withdrawal was kicked off by conversations on Thursday last week between Amazon CEO Andy Jassy and US officials, including Treasury Secretary Scott Bessent. Jassy raised the possibility that the models could be jailbroken and by Friday evening the Commerce Department told Anthropic that its models would be subject to export controls. These controls prohibit the models from being used by any foreign national, regardless of whether they are inside or outside of the US.