Shields Ready Campaign, AI Rules for the Election, ADA for Linux Foundation

US launches “Shields Ready” campaign

DHS, CISA and FEMA announced this new campaign to promote global resilience and security for critical national infrastructure. If it sounds familiar, CISA previously launched a “Shield Up” campaign. Shields Ready focuses on broad strategies to prepare critical infrastructure for outages. Shields Up is more about urgent actions for specific risks. This new campaign asks infrastructure providers to identify the assets most critical to operations, consider a range of disruptive threats and assess their actual risk, develop a risk management plan and maintain a realistic incident response.

(Online CSO)

Microsoft and Meta announced AI imaging rules

Microsoft President Brad Smith announced that the company will offer a new tool to combat the rise of digitally altered images ahead of the 2024 US elections. This will cryptographically tag images and videos, which will allow anyone online to see if an image has been altered or created with AI. Microsoft will initially make the tool available to political candidates for free. It may eventually extend it to more groups after November.

In a similar vein, Meta announced that it will require advertisers to run political ads with altered or software-generated media ahead of the election. The new policy will come into effect in January 2024.

(Bloomberg, WSJ)

App Defense Alliance moves under the Linux Foundation

Google started the App Defense Alliance in 2019, initially to help detect malicious apps on the Play Store. It has since expanded into security assessments for cloud applications and services, as well as malware mitigation. The company announced that ADA will not join the Linux Foundation Joint Development Foundation project as an independent organization. The move will also see Meta and Microsoft join the ADA steering committee. The hope is that the project will collaborate with mobile industry standards to improve application security.

(Google Security Blog)

ICE Devices Attract Addictions

The U.S. Department of Homeland Security’s Office of Inspector General has issued a report on a recent investigation into equipment management and IT policies by Immigration and Customs Enforcement, or ICE. The report found MDM issues that could put sensitive data at risk. It found “thousands” of rogue apps on devices, from third-party file transfer software to VPN apps and messaging platforms. It also included applications formally banned from government IT systems. ICE’s IT policies state that it does not monitor data sent to these user-installed “personal applications.” Before the report was released, ICE implemented some of the auditor’s recommendations, such as disabling prohibited apps.

(The register)

Many thanks to our sponsor, Offsec

And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and the Kali Linux distribution, is hosting a virtual summit for CISOs and cybersecurity leaders called Evolve on November 15.

Join Evolve and get the inside scoop from a former bank hacker. Discover strategies to stretch your security budget and get tips for attracting the crème de la crème of talent. It’s more than just an event – ​​it’s a masterclass that helps you elevate your cybersecurity leadership game.

Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more.

Sign up today and gain the insights you need to help shape the future of your company’s security.

Sign up now at offsec.com/evolve

Microsoft makes more AI moves

The company announced a collaboration with Oracle to use its Oracle Cloud to provide additional compute resources for inference operations as part of Bing Search capabilities. This will use Azure Kubernetes Service to orchestrate GPU nodes on Oracle Cloud.

In other AI news, Microsoft-owned GitHub announced an enterprise subscription tier for Copilot. Previously, it only offered a Copilot subscription to individuals. This new tier will cost $39 per person per month, available in February. Customers can customize Copilot for their specific codebase and make detailed modifications to the models that run it.

(The register, TechCrunch)

WhatsApp callers can hide locations

The popular messaging app has announced a new “Protect IP Address on Calls” feature. With it, users can now choose to hide call locations. These calls will use WhatsApp servers to hide IP address metadata used to estimate location. Even though the call will no longer be made over a direct point-to-point connection, the company said calls will remain end-to-end encrypted. WhatsApp already routes group calls through its servers. This is WhatsApp’s third privacy-focused feature this year. In May, a Chat Lock feature was added to further protect access to confidential conversations. And in June it added a “Silence Unknown Callers” setting.

(Computer beeping)

Crypto mining with Azure Automation

SafeBreach researchers discovered three different methods on how a cloud-based cryptominer could avoid detection when using Microsoft Azure Automation. This included finding a bug in the Azure pricing calculator to allow an attacker to run any number of jobs for free. Microsoft later fixed this issue. Another involved using a test job to mine crypto, but setting its status to “Failed” and then creating another test job for mining. This effectively hid mining, albeit with a limit of one job at a time. The researchers also created a proof-of-concept Python package that could extract cryptography without being detected. Microsoft characterized this as a “by design” implementation.

(Hacker news)

Monero Project Wallet Depleted

A Monero Project maintainer revealed that a threat actor depleted the community’s crowdfunding system wallet in early September. About $437,000 was stolen from the wallet. The attack occurred using nine separate transactions in a matter of minutes. The attack appears similar to recent wallet-draining attacks that impacted Atomic Wallet, which Eliptic analysts attributed to Lazarus Group. The Monero Project’s other portfolios, including its general fund, remain unchanged.

(The register)

Leave a Comment