This Month in Cybersecurity - June Edition

Email Authorization Changed By Google

Google has fixed an issue that was reported to them by a security architect by the name of Chris Plummer. The issue allowed a scammer to impersonate delivery service giant UPS through an exploit that fooled the Brand Indicators for Message Identification (BIMI). This email authentication service is used by Google and others to protect brands from spoofing and phishing attacks claiming to be trusted organizations, but has a loophole that was found via a third-party security vulnerability.

Google has since replaced BIMI with a new and more robust authentication requirement know as DomainKeys Identified Mail (DKIM). The email that initially caused the bug to come to light fortunately did not contain any malicious intent, but exploits like these can lead to many dangerous outcomes.

Fortinet Patches VPN Vulnerability Found in FortiGate

Fortinet recently released a patch for a critical vulnerability that targeted their FortiGate firewall SSL. This vulnerability was discovered by a French IT Security firm, Lexfo, who disclosed it to Fortinet. The vulnerability allowed for threat agents to gain access to an organization’s network through the SSL VPN and make changes to the firewall’s settings. This allows the agents to gather information and lock things down from the people who actually use the system.

According to the researchers, the flaw was found on every SSL VPN offered through Fortinet. Fortinet has been involved with many vulnerabilities that have been exploited by threat agents and currently has 10 products on CISA’s Known Exploited Vulnerabilities Catalog.

Azure Down, As Claims of DDoS Attacks Enrapture Microsoft Services

On June 9th, the web portal for the cloud service Azure, provided by Microsoft, was made unavailable as itself and other Microsoft services under went DDoS attacks. Distributed Denial-of-Service (or DDoS) attacks are generally malicious attempts to disrupt traffic to servers or networks by overwhelming them with a flood of traffic (think of a highway being clogged up by too many vehicles).

The attack is being claimed to be by a Sudanese threat agent in a supposed protest to U.S. companies and their involvement in Sudanese internal affairs, but security researchers believe this to be a ruse and point more towards a Russian attack on major internet infrastructure.

Microsoft has not confirmed the reason that the services went down, but as of June 12th, the web portal and services are back up and running.

 

Defensible Strategies

Learn from those who have been attacked

AI Software by NVIDIA Manipulated to Leaking Data

An AI software by chipmaker NVIDIA, known as the NeMo Framework, has been found to reveal private information after being coerced and manipulated to ignore safety restraints programmed into it. The AI has been designed to be used by companies to help with providing responses to questions in a similar manner as a customer service representative would.

Researchers were able to manipulate the language models the AI used to break through the guardrails set up so that the artificial intelligence wouldn’t move on from specific subjects. This allowed the researchers to get personally identifiable information from the database the AI was situated in for the test.

With AI becoming more prevalent, companies such as NVIDIA, Google, and Microsoft work to build public trust, but instances like these show that there is still threat and knowledge to be gained before handing the reigns over to AI.

Swiss Government Faces Possible Data Breach in Cyberattack

Government officials for Switzerland announced on June 8th that some governmental operational data may have been stolen. They believe this due to an attack at a tech firm the country works with to provide software to internal departments.

The company involved, Xplain, were targets of a ransomware attack that gave access to the company’s internal information and contrary to prior reports, this may have included operational data of the Swiss army and customs department.

Ransomware attacks are on the rise that affect not only companies, but also governments and universities and show why an increase in proper security training are imperative.