CISA collaboration initiative on thin ice
CISA launched the Joint Cyber Defense Collaborative in 2021 to enlist outside security experts to share intelligence and help respond to cyber incidents. However several professionals speaking to POLITICO said they and many colleagues either stopped participating or scaled back involvement. Sources cited internal mismanagement and the perception that CISA acts as a politicized censorship body targeting conservatives as reasons for pulling back. A senior technical analyst at SentinelOne went on record saying the initiative “has been dead for a while.” CISA Executive Assistant Director Eric Goldstein said the agency does not see a decrease in external efforts and that it’s long-term planning efforts with private industry and intelligence agencies remains effective.
Iran focusing cyber efforts
A new report from Microsoft’s Threat Analysis Center warned of Iran’s expanding cyber attack strategies. The report examined Iranian-linked efforts sprouting out of the ongoing Israel-Hamas war, finding these efforts quickly escalated from misinformation to more coordinated and destructive tactics. Eventually Islamic Revolutionary Guard Corps Cyber-Electronic Command began targeting organizations and nations believed to be aiding Israel under various threat group personaes. The report warns that increased coordination with Iranian-linked groups could increase challenges in defending the upcoming US elections.
Ransomware payments cross $1 billion in 2023
This finding came from a new report from the cryptocurrency analyst firm Chainalysis, up 94% on the year. Part of the large percentage increase came from a marked decline in ransomware payments in 2022, in part due to the FBI takedown of the Hive ransomware operation. Both 2020 and 2021 saw payments over $900 million, which puts last year as an increase but more part of an existing trend. Blackbasta and ALPHV ransomware strains generated the most revenue in the year, while the Cl0P group represented a newer strain of “big game” ransomware strategies, with less frequent attacks but higher payouts. OVerall Chainalysis found 538 new ransomware variants in the year. The report contains a lot of interesting findings, so look for it in our show notes.
China accelerating data transfer approvals
Reuters’ sources say the Chinese government plans to increase the pace of its approval process for foreign firms to send local-Chinese data offshore. This comes after rules introduced in 2022 require the Cyberspace Administration of China to approve all “important” offshore data transfers. This has become a sore point for many international firms with a large backlog of approvals. Notably, this expedited process will reportedly operate separately from the CAC’s approval process through China’s existing free-trade zones.
Huge thanks to our sponsor, Vanta
Apple open sources image editing LLM
Apple developed this model in collaboration with the University of California, Santa Barbara. The MGIE model stands for MLLM-Guided Image Editing, allowing users to perform pixel-level manipulations of an image with natural language prompts. The model supports global and local edits, able to handle simple color grading to complex manipulations. Apple posted MGIE code and pre-trained models on GitHub, with web demo available on Hugging Face Spaces.
Critical flaw impacts JetBrains TeamCity
JetBrains issued an alert about a vulnerability impacting TeamCity On-Premises CI/CD platform that opens the door for attackers gaining admin control. The flaw impacts TeamCity versions back through 2017. JetBrains released patches for its current version and a patch plugin for all older versions. JetBrains noted that the plugin only patches this specific vulnerability, and advised all users to upgrade to its newest software to ensure patches on any subsequent vulnerabilities. No sign of threat actors exploiting the flaw yet, but a similar vulnerability last year saw exploitation within days of disclosure.
Windows encryption no match for Raspberry Pi
The Register highlighted a YouTube tutorial how easy it can be to circumvent Windows BitLocker encryption. The video uses a Raspberry Pi Pico as a signal analyzer to sniff out a device’s encryption key as it passes from a discrete Trusted Platform Module and the CPU. This requires on-device access and only works on devices without a TPM integrated into the CPU. This isn’t a new security issue for BitLocker, Microsoft acknowledges this type of sniffing as a possibility, but characterized it as requiring a high level of effort with significant device modification.
Fortinet and the security stories that weren’t
The Swiss news site Aargaier Zeitung carried a story that roughly 3 million electric toothbrushes running Java became infected with a botnet and carried out a DDoS attack against a Swiss business. This story made the rounds in cybersecurity media, but Bleeping Computer’s Lawrence Abrams noted that there is no record any attack took place. The original story quoted a Fortinet employee, but there is no report from the firm with any details, and Fortinet did not respond to calls for comment. So no details, no victims, and no confirmation likely means no real story.
In related news, NVD published two advisories on critical command injection vulnerabilities impacting FortiSIEM. Fortinet’s own advisory on the bugs indicated it published details on them back on October 10, 2023 and listed a previously known and patched CVE. Bleeping Computer confirmed these CVEs were generated in error and did not represent new vulnerabilities.
(Bleeping Computer, Bleeping Computer)