White House rolls out school cyber initiatives
It’s no secret that cyber attacks against educational institutions have increased over the past few years. We’ve covered many attacks on this show, particularly with ransomware. Now the Biden administration announced new initiatives to help shore up defenses for K-12 schools. This will see the Federal Communications Commission offering a pilot program to shore up cyber defenses in schools, with plans to provide up to $200 million in funding over the next three years. CISA will hold training with K-12 institutions, with regular guidance and monthly digital training. The Department of Education will set up a Government Coordinating Council, which will coordinate between school and government agencies. Several private partnerships will also see access to free tools and grants for cloud computing access.
North Koreans breach Russian missile developer
Reuters and security researchers from Sentinel Labs report that North Korean threat actors installed a backdoor into NPO Mash, a Russian rocket design firm. The Lazarus group used that backdoor in other attacks, although reesarchers attributed the attack to the threat actor ScarCruft. This access persisted for five months until March 2022, although researchers could not determine if it actually exfiltrated data. Reuters notes the North Korean government announced new developments in its ballistic missile program during that time. Sentinel Labs discovered the breach after an NPO Mash staffer accidentally leaked a large cache of internal comms to a widely used security research portal.
(Reuters)
Large language models getting worse at math
Since the release of OpenAI’s GPT-4 model, anecdotal evidence suggested the new models perfornced didn’t live up to its predecessor, GPT-3.5. Now research from Standford University and the University of California, Berkeley backs up these claims, seeing worse accuracy on math questions like identifying prime numbers, as well as medical questions and surveys. In many instances, GPT 3.5 saw performance gains over the same time period. The researchers said the phenomenon of model drift impacted GPT-4’s performance, where changes in the massively complex model to improve it in some areas caused unintended regressions in others.
(WSJ)
Clop using torrents for data downloads
Recently the Clop ransomware organization made news by publishing company leak sites on the clear web, meaning anyone could theoretically visit the site to access the information. These sites provide bulk data downloads, rather than more targeted search lookups offered by threat groups like ALPHV. So these downloads are big and often slow. Now security researcher Dominic Alvieri notes Clop began making these data dumps available as P2P torrents. It even includes instructions on how to use a proper client to start the downloads.
Thanks to our sponsor, Conveyor
One: Let your customers upload their own questions in your trust portal to get AI-generated answers based on the content in your portal.
And Two: It’s not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review.
Try a free proof of concept with your own data to see it in action. Learn more at www.conveyor.com
Zoom will train AI on customer data
Zoom updated its terms of service on July 27th. In the fine print, Zoom clarified it holds the right to use some customer “service-generated data” for training and optimizing its various machine learning models. This will include product usage, telemetry and diagnostic data. Zoom said that training on voice, video, or chat data would be done on users that chose to turn on trials of AI tools, with a transparent consent process. The company will use the data for internal service improvements, saying it will not sell it to third-parties.
(CNBC)
Spyware firm shuts down after breach
The Polish spyware company LetMeSpy published a notice on its site saying that as a result of a June data breach, it will shutter operations at the end of the month. The company confirmed that the breach saw threat actors delete data from its servers, including customer data. LetMeSpy offered a surreptitious call recorder and location tracker Android app. A leaked dataset seen by TechCrunch shows users installed the app on over 13,000 compromised devices.
New ransomware group appears in Vietnam
Researchers from Cisco Talos discovered a new group believed to operate out of Vietnam targeting domestic victims as well as English-speaking countries with a variant of the Yashma ransomware strain, which itself was a rebranded version of Chaos ransomware. The group shows similarities to WannaCry with some similarities in ransom note structure. The researchers date the activity back to at least June 4th.
New malware campaign takes imposter syndrome to a new level
One of the bread and butter tools for credential stuffing campaigns is the pen testing tool OpenBullet. This can easily automate web interaction with a headless browser. However the security firm Kasada spotted threat actors posting malicious OpenBullet config files, seemingly to lure in cyber criminal noobs. These malicious configs install a dropper that ultimately installs malware on a machine to take screenshots and capture crypto wallet information. (The Hacker News)