US launches “Shields Ready” campaign
DHS, CISA and FEMA announced this new campaign to promote global resilience and security for critical national infrastructure. If it sounds familiar, CISA previously launched a “Shield Up” campaign. Shields Ready focuses on broad strategies to prepare critical infrastructure for outages. Shields Up is more about urgent actions for specific risks. This new campaign asks infrastructure providers to identify the assets most critical to operations, consider a range of disruptive threats and assess their actual risk, develop a risk management plan and maintain a realistic incident response.
Microsoft and Meta announced AI imaging rules
Microsoft President Brad Smith announced that the company will offer a new tool to combat the rise of digitally altered images ahead of the 2024 US elections. This will cryptographically tag images and videos, which will allow anyone online to see if an image has been altered or created with AI. Microsoft will initially make the tool available to political candidates for free. It may eventually extend it to more groups after November.
In a similar vein, Meta announced that it will require advertisers to run political ads with altered or software-generated media ahead of the election. The new policy will come into effect in January 2024.
App Defense Alliance moves under the Linux Foundation
Google started the App Defense Alliance in 2019, initially to help detect malicious apps on the Play Store. It has since expanded into security assessments for cloud applications and services, as well as malware mitigation. The company announced that ADA will not join the Linux Foundation Joint Development Foundation project as an independent organization. The move will also see Meta and Microsoft join the ADA steering committee. The hope is that the project will collaborate with mobile industry standards to improve application security.
ICE Devices Attract Addictions
The U.S. Department of Homeland Security’s Office of Inspector General has issued a report on a recent investigation into equipment management and IT policies by Immigration and Customs Enforcement, or ICE. The report found MDM issues that could put sensitive data at risk. It found “thousands” of rogue apps on devices, from third-party file transfer software to VPN apps and messaging platforms. It also included applications formally banned from government IT systems. ICE’s IT policies state that it does not monitor data sent to these user-installed “personal applications.” Before the report was released, ICE implemented some of the auditor’s recommendations, such as disabling prohibited apps.
Many thanks to our sponsor, Offsec
Microsoft makes more AI moves
The company announced a collaboration with Oracle to use its Oracle Cloud to provide additional compute resources for inference operations as part of Bing Search capabilities. This will use Azure Kubernetes Service to orchestrate GPU nodes on Oracle Cloud.
In other AI news, Microsoft-owned GitHub announced an enterprise subscription tier for Copilot. Previously, it only offered a Copilot subscription to individuals. This new tier will cost $39 per person per month, available in February. Customers can customize Copilot for their specific codebase and make detailed modifications to the models that run it.
WhatsApp callers can hide locations
The popular messaging app has announced a new “Protect IP Address on Calls” feature. With it, users can now choose to hide call locations. These calls will use WhatsApp servers to hide IP address metadata used to estimate location. Even though the call will no longer be made over a direct point-to-point connection, the company said calls will remain end-to-end encrypted. WhatsApp already routes group calls through its servers. This is WhatsApp’s third privacy-focused feature this year. In May, a Chat Lock feature was added to further protect access to confidential conversations. And in June it added a “Silence Unknown Callers” setting.
Crypto mining with Azure Automation
SafeBreach researchers discovered three different methods on how a cloud-based cryptominer could avoid detection when using Microsoft Azure Automation. This included finding a bug in the Azure pricing calculator to allow an attacker to run any number of jobs for free. Microsoft later fixed this issue. Another involved using a test job to mine crypto, but setting its status to “Failed” and then creating another test job for mining. This effectively hid mining, albeit with a limit of one job at a time. The researchers also created a proof-of-concept Python package that could extract cryptography without being detected. Microsoft characterized this as a “by design” implementation.
Monero Project Wallet Depleted
A Monero Project maintainer revealed that a threat actor depleted the community’s crowdfunding system wallet in early September. About $437,000 was stolen from the wallet. The attack occurred using nine separate transactions in a matter of minutes. The attack appears similar to recent wallet-draining attacks that impacted Atomic Wallet, which Eliptic analysts attributed to Lazarus Group. The Monero Project’s other portfolios, including its general fund, remain unchanged.