JumpCloud breached by APT
Last week, we reported that the enterprise software company JumpCloud reset all customer API keys, in what it referred to as an “ongoing incident.” Now the company disclosed a a state-backing threat group breached its systems. It discovered an incident on June 27th, finding the attackers gained access a week prior with a spear-phishing attack. The company discovered “unusual activity in the commands framework for a small set of customers” but said it found no evidence the attack impacted any customers. JumpCloud released indicators of compromise from the incident to better allow partners to secure its network.
Wisconsin allegedly hit by LockBit
Langlade County in northern Wisconsin announced a “catastrophic software failure” last week. County officials did not directly attribute this to a ransomware attack. However the LockBit group added the country to its list of victims on its leak site. It threatened to leak county government data if not paid a ransom by August 1st. The incident resulted in all direct phones line to the County Sheriff’s Office becoming non-functional, with 911 calls rerouted. The county’s Health Department and Emergency Management service also seem impacted. Over the last year, LockBit attacked local governments in Colorado, Florida, Ohio, and California, so the Langlade County attack seems credible as well.
Typos leaking military emails
A new report from the Financial Times found that a common domain typo has implications for the US military. That’s because the .mil domain used by the US military often gets typed in as .ml, the country code domain .ml for the West African country Mali. This isn’t theoretical either. Speaking to FT, a Dutch entrepreneur managing the domain, Johannes Zuurbier, set up a system to catch misdirected military emails to .ml addresses. Since January this captured over 117,000 emails, with emails including sensitive medical records, identity documents, military base photos, military itineraries and more. Zuurbier’s contract to manage the domain expired this week, so Mali officials could access misdirected emails going forward.
Why detected AI-generated text remains challenging
When large language models like ChatGPT became readily available, tools like GPTZero quickly followed, claiming to accurately detect text generated with these models. However a study from the University of Maryland empirically demonstrated these tools do not reliable work. Benj Edwards at Ars Technica looked into why they struggle. These tools generally use language models themselves, and look for perplexity and burstiness as indicators of human origin. This approach seems easily defeated by both bland and predictable human writing and increasing large language model complexity. Additionally, users report that foundational text of a given language, like the US Constitution or Bible passages, become flagged as LLM-generated because so much training text becomes based on their idioms.
And now a word from our sponsor, OpenVPN
EU prepares for quantum attacks
A new paper from the European Policy Centre makes recommendations for how the European Union should protect member states from quantum-enabled cyberattacks. The paper calls for a new EU Coordinated Action Plan to prepare for the day quantum computing can easily break traditional encryption, believed to be 5 to 10 years out. The paper credits the US National Institute of Standards and Technology’s work on post-quantum encryption standards. It notes so far EU member states focus on so-called “harvest attacks” where threat actors gather encrypted data in anticipation of a quantum breakthrough.
Binance integrates Bitcoin Lightning Network
The crypto exchange giant announced it completed integration with the Bitcoin Lighting Network. It first indicated plans for this in May before setting up its own Lightning nodes in June. Users can now deposit and withdraw bitcoin using the Layer 2 network, essentially allowing or direct payment channels for cheaper and faster off-chain transactions. These transactions later settle on the main Bitcoin blockchain. The crypto exchanges Kraken and Bitfinex already offered Lighting Network integration, and Coinbase CEO Brian Armostrong also indicated plans to adopt it.
WordPress plugin logged plaintext passwords
Three weeks ago, a user reported that the All-In-One Security WordPress security plugin from the developer Updraft logged plaintext passwords to it’s site database. The plugin shows use on over one million WordPress sites. The plugin not only record the password data, but also times users accessed its site. Initially an Updraft support agent said the issue represented a “known bug” with a fix coming in the next release. The agent offered the user a beta plugin build to resolve the issue, however they noted it still persistent. Subsequently on July 11th, Updraft released a version to no longer save plaintext passwords and clear out old saved ones.
Worker jailed for impersonating ransomware at employer
Ashley Liles worked as an IT security analyst at an Oxford-based company. The firm suffered a ransomware attack, receiving emails with ransom demands. Liles took this opportunity to access private email and alter the original ransom demand email to change the payment address to one he controlled. Effectively he launched a secondary attack against his employer. The company didn’t pay a ransom, and an investigation showed Liles unauthorized access. A judge sentenced him to 43 months in prison “for blackmail and unauthorized access to a computer.”