Australian ports hit with cyberattack
A cyber attack against Australia’s largest supply chain operator, DP World, resulted in it shutting down land operations at ports in Sydney, Melbourne, Fremantle, and Brisbane. This came as a result of DP World proactively disconnecting its IT network. No word on more specifics of the attack from the victim. Media reports remain conflicted. The Sydney Morning Herald claims the attackers did not use ransomware, security researcher Kevin Beaumont say threat actors use CitrixBleed to deploy ransomware. Freight transports remain stuck in port, although ships already docked could unload cargo.
AI companies join on to Christchurch Call to Action
This CTA came in the wake of the 2019 mass killing at a New Zealand mosque, aimed at curbing the spread of terrorist content online. At a summit in Paris, OpenAI and Anthropic announced they joined the project, as well as Discord and Vimeo. While the CTA does not impose reporting requirements on companies and governments, former New Zealand prime minister Jacinda Ardern maintains that using these AI systems can “reduce the human cost of moderation” with more reliability and speed.
(Axios)
Generative AI threatens to dismantle terrorist content detection
With that last story in mind, Wired spoke with Tech Against Terrorism executive director Adam Hadley about how generative AI systems could be used to thwart existing controls around terrorist content. These approaches have relied on hashing systems shared on tech platforms. However Hadley’s organization now sees roughly 5000 pieces of AI-generated or altered terrorist content a week that get around these hashes. The organization also warned that high-quality AI translations could lead to content being quickly shared with more personalized messages across regions. Hadley said it’s working with Microsoft to use its trove of terrorist content to create a system that preemptively looks for newly generated content using that dataset.
(Wired)
Google sues to stop fake Bard ads
The search giant filed a lawsuit in the northern district of California against unnamed actors in India and Vietnam. The lawsuit claims these threat actors target SMBs with Facebook ads, pages and posts claiming to offer a download of its Bard LLM. Google say these ads become particularly confusing as it also advertises its free Bard services on Facebook. These ads install malware that steals social media credentials. Google claims it has already issued over 300 takedown requests for the ads.
(WSJ)
Huge thanks to our sponsor, Sysdig
SSH connection keys vulnerable to attacks
Researchers at the University of California San Diego published a report demonstrating that many cryptographic keys used in SSH traffic can become vulnerable to complete compromise due to computational errors during connection. This impacts keys using the RSA cryptographic algorithm, used in about a third of SSH signatures. Error in those keys results in an exposed private key to the host in about one in a million instances. This opens the door to potentially obtaining a private key through passive observation of traffic.
Hive infrastructure starts buzzing again
A new report from Bitdefender found that the ransomware group Hunters International acquired the source code and underlying infrastructure of the now defunct Hive threat group. A coordinated law enforcement action took down part of Hive back in January. The new group racked up five victims so far, although researchers note it differs from Hive with a greater emphasis on data exfiltration, often leaving some victims unencrypted.
The EU’s cyber support for Ukraine
The EU security agency ENISA formally signed an agreement on cybersecurity support with Ukraine’s National Cybersecurity Coordination Center and Administration of the State Service of Special Communications and Information Protection. While the bulk of this centers around “short-term structure cooperation actions” it also covers long term goals around awareness and resilience, focus on critical infrastructure, and information sharing. This comes after the European Commission invited Ukraine to being membership talks with the EU last week.
Experian takes a pass on identity protection
Last year, security researcher Brian Krebs reported on a flaw in the credit bureau Experian, which could allow anyone to re-register accounts to a different email address. This could be done without any prior notice or authentication from existing credentials, and let an attacker change information on unfreeze credit. Flash forward to today and Krebs found the issue has not been fixed. Someone registered his account under a different email address. Krebs was able to reestablish access using the same flaw. Experian allows for resetting a password using any phone number and a person’s social security number, along with publicly available information like past addresses. While Experian does send notice to an old email address that information changed, it does not seek any verification. Equifax and TransUnion require email verification before accepting any changes.