April 2024 - Latest Cyber Security News

Written By Steve Sharer

Each month we post a round-up of cyber security news that we find insightful and contributes to a more full understanding of the world of cyber security.

Attempted Subversion of Open Source Software Library

Andres Freund, a German software developer, recently noticed something peculiar about the behavior of an open source library, XZ Utils, widely used for data compression in major Linux distributions. The developer uncovered evidence that someone had added malicious code to the open source software library that would have made it possible for an attacker to gain remote access to any system running that version of the library, if that system also had the common remote access tool OpenSSH running.

Investigators believe that the software was modified by an actor sponsored by an unknown nation-state’s intelligence agency in an effort to enable access for broad exploitation of computers across the internet. 

While this intentionally-introduced vulnerability was discovered before it could be distributed as a mainstream software update, two open source software organizations have published a statement detailing that this may not be an isolated event. They identified three further open source projects that have been similarly targeted. [Source]

Governments Jointly Publish AI Secure Deployment Best Practices

Cyber security agencies from the US, Canada, UK, Australia, and New Zealand have recently published a best practice guide for deploying and operating AI systems. The intent of this guide is to:

  • Improve the ability for AI systems to maintain the key elements of the security triad (also known as the “CIA” triad - no, not that CIA): confidentiality, integrity, and availability.

  • Help establish processes for mitigating known vulnerabilities in AI systems.

  • Share methods and technical measures designed to protect, detect, and respond to attacks against AI systems and their supporting technologies.

By following the guidance in the guide, the international coalition of governments hope to encourage better security practices that will help protect the users of AI systems, their data, and privacy. [Source]

Popular Firewall and VPN System Vulnerable To A New Zero-Day Exploit

Network company Palo Alto’s GlobalProtect firewalls, installed in at least 150,000 networks across the world, have a critical vulnerability being actively exploited. This vulnerability ranks in severity at a CVSS 10, the most severe rating possible. The vulnerability allows an attacker to remotely gain unfettered access to the firewall, enabling the attacker to gain further access to the network that the firewall protects.

Cyber security researchers observed an attacker exploit a firewall, exfiltrate the firewall’s configuration to learn more about the victim’s IT environment, and access their network.

The firewall’s maker, Palo Alto, has issued a patch and security advisory to help organizations remediate the vulnerability. [Source, Source]

Steve Sharer
Previous

2023 Impact Report
Next

IT Asset Inventory: Cyber Security Benefits