Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Privacy. Show all posts

AMD Systems Vulnerability Could Threaten Encrypted Data Protection

 


There has been an announcement of a new technique for bypassing key security protections used in AMD chips to gain access to the clients of those services. Researchers believe that hackers will be able to spy on clients through physical access to cloud computing environments. Known as the "badRAM" security flaw, it has been described as a $10 hack that undermines the trust that the cloud has in it. 

This vulnerability was announced on Tuesday. Like other branded vulnerabilities, this vulnerability is being disclosed on a website with a logo and will be explained in a paper to be presented at next May's IEEE Symposium on Security and Privacy 2025. 

There is an increasing use of encryption in today's computers to protect sensitive data in their DRAM, especially in shared cloud environments with multiple data breaches and insider threats, which are commonplace. The Secure Encrypted Virtualization (SEV) technology of AMD enables users to protect privacy and trust in cloud computing by encrypting the memory of virtual machines (VMs) and isolating them from advanced attackers, including those who compromise critical infrastructure like the virtual machine manager and firmware, which is a cutting-edge technology. 

According to researchers, AMD's Secure Encrypted Virtualization (SEV) program, which protects processor memory from prying eyes in virtual machine (VM) environments, is capable of being tricked into letting someone access the contents of its encrypted memory using a test rig which costs less than $10 and does not require additional hardware. It is important to note that AMD is among the first companies to leverage the capabilities of chipset architecture to improve processor performance, efficiency, and flexibility. 

It has been instrumental in extending and building upon Moore's Law performance gains and extending them further. As a result of the firm's research, performance gains under Moore's Law have been extended and built upon, and the company announced in 2018 that the first processor would have a chipset-based x86 CPU design that was available. Researchers at the University of Lübeck, KU Leven, and the University of Birmingham have proposed a conceptually easy and cheap attack called “BadRAM”. 

It consists of a rogue memory module used to trick the CPU into believing that it has more memory than it does. Using this rogue memory module, you get it to write its supposedly secret memory contents into a "ghost" space that is supposed to contain the hidden memory contents. In order to accomplish this task, researchers used a test rig anyone could afford to buy, composed of a Raspberry Pi Pico, which costs a couple of dollars, and a DIMM socket for DDR4/5 RAM modules. 

The first thing they did was manipulate the serial presence detection (SPD) chip within the memory module so that it would misreport the amount of memory onboard when the device was booted up – the “BadRAM” attack. Using reverse engineering techniques to locate these memory aliases, they had access to memory contents by bypassing the system's trusted execution environment (TEE), as this created two physical addresses referencing the same DRAM location. 

According to the CVE description, the issue results from improper input validation of DIM SPD metadata, which could potentially allow an attacker with certain access levels to overwrite guest memory, as the issue is described as a result of improper input validation. It has been deemed a medium severity threat on the CVSS, receiving a 5.3 rating owing to the high level of access that a potential attacker would need to engage to successfully exploit the problem. 

According to AMD, the issue may be a memory implementation issue rather than a product vulnerability, and the barriers to committing the attack are a lot higher than they would be if it were a software product vulnerability. AMD was informed of the vulnerability by the researchers in February, which has been dubbed CVE-2024-21944, as well as relates specifically to the company’s third and fourth-generation EPYC enterprise processors. According to AMD’s advisory, the recommendation is to use memory modules that lock SPD and to follow physical security best practices. 

A firmware update has also been issued, although each OEM's BIOS is different, according to AMD. As the company has stated on several occasions, it will make mitigations more prominent in the system; there is specific information on the condition of a Host OS/Hypervisor, and there is also information available on the condition of a Virtual Machine (Guest) to indicate that mitigation has been applied.

The AMD company has provided an in-depth explanation of the types of access an attacker would need to exploit this issue in a statement given to ITPro, advising clients to follow some mitigation strategies to prevent the problem from becoming a problem. The badRAM website states that this kind of tampering may occur in several ways — either through corrupt or hostile employees at cloud providers or by law enforcement officers with physical access to the computer. 

In addition, the badRAM bug may also be exploited remotely, although the AMD memory modules are not included in this process. All manufacturers, however, that fail to lock the SPD chip in their memory modules, will be at risk of being able to modify their modules after boot as a result of operating system software, and thus by remote hackers who can control them remotely. 

According to Recorded Future News, Oswald has said that there has been no evidence of this vulnerability being exploited in the wild. However, the team discovered that Intel chips already had mitigations against badRAM attacks. They could not test Arm's modules because they were unavailable commercially. An international consortium of experts led by researchers from KU Leuven in Belgium; the University of Luebeck in Germany; and the University of Birmingham in the United Kingdom conducted the research.

Meta's AI Ambitions Raised Privacy and Toxicity Concerns

In a groundbreaking announcement following Meta CEO Mark Zuckerberg's latest earnings report, concerns have been raised over the company's intention to utilize vast troves of user data from Facebook and Instagram to train its own AI systems, potentially creating a competing chatbot. 

Zuckerberg's revelation that Meta possesses more user data than what was employed in training ChatGPT has sparked widespread apprehension regarding privacy and toxicity issues. The decision to harness personal data from Facebook and Instagram posts and comments for the development of a rival chatbot has drawn scrutiny from both privacy advocates and industry observers. 

This move, unveiled by Zuckerberg, has intensified anxieties surrounding the handling of sensitive user information within Meta's ecosystem. As reported by Bloomberg, the disclosure of Meta's strategic shift towards leveraging its extensive user data for AI development has set off a wave of concerns regarding the implications for user privacy and the potential amplification of toxic behaviour within online interactions. 

Additionally, the makers will potentially offer it free of charge to the public which led to different concerns in the tech community. While the prospect of accessible AI technology may seem promising, critics argue that Zuckerberg's ambitious plans lack adequate consideration for the potential consequences and ethical implications. 

Following the new development, Mark Zuckerberg reported to the public that he sees Facebook's continued user growth as an opportunity to leverage data from Facebook and Instagram to develop powerful, general-purpose artificial intelligence. With hundreds of billions of publicly shared images and tens of billions of public videos on these platforms, along with a significant volume of public text posts, Zuckerberg believes this data can provide unique insights and feedback loops to advance AI technology. 

Furthermore, as per Zuckerberg, Meta has access to an even larger dataset than Common Crawl, comprised of user-generated content from Facebook and Instagram, which could potentially enable the development of a more sophisticated chatbot. This advantage extends beyond sheer volume; the interactive nature of the data, particularly from comment threads, is invaluable for training conversational AI agents. This strategy mirrors OpenAI's approach of mining dialogue-rich platforms like Reddit to enhance the capabilities of its chatbot. 

What is Threatening? 

Meta's plan to train its AI on personal posts and conversations from Facebook comments raises significant privacy concerns. Additionally, the internet is rife with toxic content, including personal attacks, insults, racism, and sexism, which poses a challenge for any chatbot training system. Apple, known for its cautious approach, has faced delays in its Siri relaunch due to these issues. However, Meta's situation may be particularly problematic given the nature of its data sources. 

The Pros and Cons of Large Language Models

 


In recent years, the emergence of Large Language Models (LLMs), commonly referred to as Smart Computers, has ushered in a technological revolution with profound implications for various industries. As these models promise to redefine human-computer interactions, it's crucial to explore both their remarkable impacts and the challenges that come with them.

Smart Computers, or LLMs, have become instrumental in expediting software development processes. Their standout capability lies in the swift and efficient generation of source code, enabling developers to bring their ideas to fruition with unprecedented speed and accuracy. Furthermore, these models play a pivotal role in advancing artificial intelligence applications, fostering the development of more intelligent and user-friendly AI-driven systems. Their ability to understand and process natural language has democratized AI, making it accessible to individuals and organizations without extensive technical expertise. With their integration into daily operations, Smart Computers generate vast amounts of data from nuanced user interactions, paving the way for data-driven insights and decision-making across various domains.

Managing Risks and Ensuring Responsible Usage

However, the benefits of Smart Computers are accompanied by inherent risks that necessitate careful management. Privacy concerns loom large, especially regarding the accidental exposure of sensitive information. For instance, models like ChatGPT learn from user interactions, raising the possibility of unintentional disclosure of confidential details. Organisations relying on external model providers, such as Samsung, have responded to these concerns by implementing usage limitations to protect sensitive business information. Privacy and data exposure concerns are further accentuated by default practices, like ChatGPT saving chat history for model training, prompting the need for organizations to thoroughly inquire about data usage, storage, and training processes to safeguard against data leaks.

Addressing Security Challenges

Security concerns encompass malicious usage, where cybercriminals exploit Smart Computers for harmful purposes, potentially evading security measures. The compromise or contamination of training data introduces the risk of biased or manipulated model outputs, posing significant threats to the integrity of AI-generated content. Additionally, the resource-intensive nature of Smart Computers makes them prime targets for Distributed Denial of Service (DDoS) attacks. Organisations must implement proper input validation strategies, selectively restricting characters and words to mitigate potential attacks. API rate controls are essential to prevent overload and potential denial of service, promoting responsible usage by limiting the number of API calls for free memberships.

A Balanced Approach for a Secure Future

To navigate these challenges and anticipate future risks, organisations must adopt a multifaceted approach. Implementing advanced threat detection systems and conducting regular vulnerability assessments of the entire technology stack are essential. Furthermore, active community engagement in industry forums facilitates staying informed about emerging threats and sharing valuable insights with peers, fostering a collaborative approach to security.

All in all, while Smart Computers bring unprecedented opportunities, the careful consideration of risks and the adoption of robust security measures are essential for ensuring a responsible and secure future in the era of these groundbreaking technologies.





Why T-POT Honeypot is the Premier Choice for Organizations

 

In the realm of cybersecurity, the selection of the right tools is crucial. T-POT honeypot distinguishes itself as a premier choice for various reasons. Its multifaceted nature, which encompasses over 20 different honeypots, offers a comprehensive security solution unmatched by other tools. This diversity is pivotal for organizations, as it allows them to simulate a wide range of network services and applications, attracting and capturing a broad spectrum of cyber attacks. 
 
Moreover, the integration with the custom code developed by the Cyber Security and Privacy Foundation is a game-changer. This unique feature enables T-POT to send collected malware samples to the Foundation's threat intel servers for in-depth analysis. The results of this analysis are displayed on an intuitive dashboard, providing organizations with critical insights into the nature and behaviour of the threats they face. This capability not only enhances the honeypot's effectiveness but also provides organizations with actionable intelligence to improve their defence strategies. 
 
The ability of T-POT to provide real-time, actionable insights is invaluable in today’s cybersecurity landscape. It helps organizations stay one step ahead of cybercriminals by offering a clear understanding of emerging threats and attack patterns. This information is crucial for developing robust security strategies and for training cybersecurity personnel in recognizing and responding to real-world threats. 
 
In essence, T-POT stands out not only as a tool for deception but also as a platform for learning and improving an organization’s overall cybersecurity posture. Its versatility, combined with the advanced analysis capabilities provided by the integration with the Cyber Security and Privacy Foundation's code, makes it an indispensable tool for any organization serious about its digital security. The honeypot api analyses malware samples and the result of the honeypot can be seen on the backend dashboard. 
 
Written by: Founder, cyber security and privacy foundation.

Safeguarding Your Work: What Not to Share with ChatGPT

 

ChatGPT, a popular AI language model developed by OpenAI, has gained widespread usage in various industries for its conversational capabilities. However, it is essential for users to be cautious about the information they share with AI models like ChatGPT, particularly when using it for work-related purposes. This article explores the potential risks and considerations for users when sharing sensitive or confidential information with ChatGPT in professional settings.
Potential Risks and Concerns:
  1. Data Privacy and Security: When sharing information with ChatGPT, there is a risk that sensitive data could be compromised or accessed by unauthorized individuals. While OpenAI takes measures to secure user data, it is important to be mindful of the potential vulnerabilities that exist.
  2. Confidentiality Breach: ChatGPT is an AI model trained on a vast amount of data, and there is a possibility that it may generate responses that unintentionally disclose sensitive or confidential information. This can pose a significant risk, especially when discussing proprietary information, trade secrets, or confidential client data.
  3. Compliance and Legal Considerations: Different industries and jurisdictions have specific regulations regarding data privacy and protection. Sharing certain types of information with ChatGPT may potentially violate these regulations, leading to legal and compliance issues.

Best Practices for Using ChatGPT in a Work Environment:

  1. Avoid Sharing Proprietary Information: Refrain from discussing or sharing trade secrets, confidential business strategies, or proprietary data with ChatGPT. It is important to maintain a clear boundary between sensitive company information and AI models.
  2. Protect Personal Identifiable Information (PII): Be cautious when sharing personal information, such as social security numbers, addresses, or financial details, as these can be targeted by malicious actors or result in privacy breaches.
  3. Verify the Purpose and Security of Conversations: If using a third-party platform or integration to access ChatGPT, ensure that the platform has adequate security measures in place. Verify that the conversations and data shared are stored securely and are not accessible to unauthorized parties.
  4. Be Mindful of Compliance Requirements: Understand and adhere to industry-specific regulations and compliance standards, such as GDPR or HIPAA, when sharing any data through ChatGPT. Stay informed about any updates or guidelines regarding the use of AI models in your particular industry.
While ChatGPT and similar AI language models offer valuable assistance, it is crucial to exercise caution and prudence when using them in professional settings. Users must prioritize data privacy, security, and compliance by refraining from sharing sensitive or confidential information that could potentially compromise their organizations. By adopting best practices and maintaining awareness of the risks involved, users can harness the benefits of AI models like ChatGPT while safeguarding their valuable information.

Tech Issues Persist at Minneapolis Public Schools

 


Students and staff from Minneapolis Public Schools returned to their school buildings this week. However, the ongoing issues resulting from a cyberattack that occurred in the district caused disruptions to continue for the remainder of the week. 

There was an update to the district's attendance and grades system on Tuesday, and the system was working without a hitch. There are still some teachers who have difficulty logging into the programs, said Greta Callahan, the teacher chapter president of the Minneapolis Federation of Teachers. It was decided to cancel Monday's after-school activities because there was a problem that needed to be addressed. 

There have been a few email updates from district officials to parents regarding the "technical difficulties" that have occurred due to an "encryption event", but they have not explained what caused them to have these difficulties. So far, some of the district's information systems have been unavailable for a week as a result of these problems. 

The description of an "encryption event" may seem vague, but a ransomware attack could be what was happening, according to Matthew Wolfe, vice president of cybersecurity operations at Impero Software, a company that provides education software among other things. 

School districts have become more and more targeted in recent years as a result of terrorist attacks. As a result of the rapid transition to distance learning at the beginning of the pandemic, Wolfe believes districts became easier targets for the aforementioned disease. 

"With the increase in the number of devices, more areas are likely to be affected," Mr. Alexander explained, adding that because of the push to make e-learning accessible to all students at home, protection is often pushed to the back burner. 

The recent spate of cyberattacks has made headlines repeatedly in recent months: A cyberattack in January forced schools in the Des Moines area to cancel classes. Los Angeles Unified, the country's second-largest school district, has been attacked by ransomware, reportedly from Vice Society, in the wake of the alleged attack. The dark web has been crawled by about 2,000 students following that incident, with their psychological examinations being uploaded. 

There had not been any update from the Minneapolis district by the end of the school day Tuesday about what caused the incident and its cause. At a closed meeting held Tuesday night, a presentation on security issues related to IT would be made to the school board members. 

The Minneapolis district has released an update on its investigation into whether personal information was compromised, and it has found no evidence of this. 

However, the staff was tasked with resetting the passwords and guiding students through the procedure. 

On Monday, as a result of teacher frustration, Callahan reported that teachers were having difficulties resetting student passwords. As a result, teachers had to come up with creative ways to come up with a wide variety of workshops and activities for the students since printers were also down. 

There is a need for more transparency in the district's administration, according to Callahan. There does not seem to be anything else involved in this process other than just hoping everything works out by Monday. 

Parents have repeatedly been informed that district officials have worked with external IT specialists and school IT personnel "around the clock" to investigate the root cause of this attack and to understand what is transpiring on the computer systems as a result of it. 

When a cyberattack occurs at any time of day or night, school IT professionals are unavoidably overwhelmed and try to protect their schools constantly. "They're going through a really tough time right now for a district and it's going to be a long process," he said. 

Despite recent events that indicate Minneapolis schools may have been targeted, Wolfe said he believes it's likely that the schools have been targeted because of a 2020 incident that nearly caused the school district to incur a $50,000 loss. It is cyber fraud that occurs when payments are made to a fraudulent account to defraud a legitimate contractor. 

Minneapolis Public Schools said in a statement that the money had been safely returned to the district. They added that additional protocols had been implemented as a result. 

That incident was covered in a Fox 9 report that was published in February. In his testimony, Wolfe stated that a hacker engaged in a targeted attack is looking for vulnerabilities in a potential target. 

Several stories have been reported in the news about staffing shortages in Minneapolis. These include the district's financial outlook, as well as the absence of a permanent superintendent in the district, Wolfe said. As Wolfe pointed out, even the fact that the district is preparing to launch a new website to the public may garner hacker interest. 

"There is no doubt that this is an easy target to steal from because of all those digital footprints," Wolfe told.