Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Malicious Codes. Show all posts

Adopting ChatGPT Securely: Best Practices for Enterprises

As businesses continue to embrace the power of artificial intelligence (AI), chatbots are becoming increasingly popular. One of the most advanced chatbots available today is ChatGPT, a language model developed by OpenAI that uses deep learning to generate human-like responses to text-based queries. While ChatGPT can be a powerful tool for businesses, it is important to adopt it securely to avoid any potential risks to sensitive data.

Here are some tips for enterprises looking to adopt ChatGPT securely:
  • Conduct a risk assessment: Before implementing ChatGPT, it is important to conduct a comprehensive risk assessment to identify any potential vulnerabilities that could be exploited by attackers. This will help organizations to develop a plan to mitigate risks and ensure that their data is protected.
  • Use secure channels: To prevent unauthorized access to ChatGPT, it is important to use secure channels to communicate with the chatbot. This includes using encrypted communication channels and secure APIs.
  • Monitor access: It is important to monitor who has access to ChatGPT and ensure that access is granted only to authorized individuals. This can be done by implementing strong access controls and monitoring access logs.
  • Train employees: Employees should be trained on the proper use of ChatGPT and the potential risks associated with its use. This includes ensuring that employees do not share sensitive data with the chatbot and that they are aware of the potential for social engineering attacks.
  • Implement zero-trust security: Zero-trust security is an approach that assumes that every user and device on a network is a potential threat. This means that access to resources should be granted only on a need-to-know basis and after proper authentication.
By adopting these best practices, enterprises can ensure that ChatGPT is used securely and that their data is protected. However, it is important to note that AI technology is constantly evolving, and businesses must stay up-to-date with the latest security trends to stay ahead of potential threats.

Does ChatGPT Bot Empower Cyber Crime?

Security experts have cautioned that a new AI bot called ChatGPT may be employed by cybercriminals to educate them on how to plan attacks and even develop ransomware. It was launched by the artificial intelligence r&d company OpenAI last month. 

Computer security expert Brendan Dolan-Gavitt questioned if he could command an AI-powered chatbot to create malicious code when the ChatGPT application first allowed users to communicate. Then he gave the program a basic capture-the-flag mission to complete.

The code featured a buffer overflow vulnerability, which ChatGPT accurately identified and created a piece of code to capitalize it. The program would have addressed the issue flawlessly if not for a small error—the number of characters in the input. 

The fact that ChatGPT failed Dolan Gavitt's task, which he would have given students at the start of a vulnerability analysis course, does not instill trust in massive language models' capacity to generate high-quality code. However, after identifying the mistake, Dolan-Gavitt asked the model to review the response, and this time, ChatGPT did it right. 

Security researchers have used ChatGPT to rapidly complete a variety of offensive and defensive cybersecurity tasks, including creating refined or persuading phishing emails, creating workable Yara rules, identifying buffer overflows in code, creating evasion code that could be utilized by attackers to avoid threat detection, and even writing malware. 

Dr. Suleyman Ozarslan, a security researcher and co-founder of Picus Security, claimed that he was able to program the program to carry out a variety of aggressive and defensive cybersecurity tasks, like the creation of a World Cup-themed email in perfect English and the generation of both evasion code that can get around detection rules as well as Sigma detection rules to find cybersecurity anomalies. 

Reinforcement learning is the foundation of ChatGPT. As a result, it acquires new knowledge through interaction with people and user-generated prompts. Additionally, it implies that over time, the program might pick up on some of the tricks researchers have employed to get around its ethical checks, either through user input or improvements made by its administrators. 

Multiple researchers have discovered a technique to get beyond ChatGPT's limitations, which stops it from doing things that are malicious, including providing instructions on how to make a bomb or writing malicious code. For the present term, ChatGPT's coding could be more optimal and demonstrates many of the drawbacks of relying solely on AI tools. However, as these models develop in complexity, they are likely to become more crucial in creating malicious software. 

In 2021, Ransomware Threats were Self-Installed

 

According to Expel, a managed detection and response (MDR) company, the majority of ransomware assaults in 2021 were self-installed. The revelation was made in the annual report on cybersecurity trends and predictions, 'Great eXpeltations'. 

Eight out of ten ransomware outbreaks were caused by victims unintentionally opening a zipped file containing malicious code. While, 3% of all ransomware cases were produced via abusing third-party access, and some 4% were caused by exploiting a software weakness on the perimeter. 

Ransomware is a sort of software that locks users out of the computer and demands payment in exchange for access. The data on the computer could be stolen, destroyed, or hidden, or the computer itself could be locked; some ransomware may try to infect other computers on the network.

BEC (business email compromise) efforts accounted for 50% of cases, with SaaS apps being the most common target. More than 90% of the attacks targeted Microsoft Office 365, with attacks against Google Workspace accounting for less than 1% of all events. Okta was the objective of the remaining 9%. 

Ransomware was responsible for 13% of all opportunistic attacks. Legal services, communications, financial services, real estate, and entertainment were the top five industries attacked. Furthermore, Expel discovered that 35 percent of web app hacks resulted in the deployment of a crypto miner.

Is the user at risk of being a victim of a ransomware assault due to security flaws?

  • The device in use is no longer cutting-edge. 
  • The device's software is out of date. 
  • No longer are browsers and/or operating systems patched. 
  • There is no suitable backup plan in place. 
  • Cybersecurity has received insufficient attention, and no solid plan has been put in place. 

How to Protect Oneself against Ransomware: 

  • Set up a firewall.
  • Have immutable backups. 
  • Staff Awareness Through Network Segmentation. 
  • Password Strengthening.
  •  Security Enhance Endpoint Security. 
  • Increase the Security of Your Email.
  • Use the Least Privilege Principle. 
  • Install ad blockers.

When it comes to combating ransomware, caution and the deployment of effective protection software, like with other forms of malware, are a good start. The development of backups is especially important when dealing with this form of malware, as it allows users to be well prepared even in the worst-case scenario.

Experts Reported Data Theft in Dozens of Companies Through Modified 1C Modules

 

RTM Group found the malicious code in the finalized 1C software by outsourced programmers. Experts estimate that with its help the fraudsters could steal the data of several dozens of companies. 1C called the described scheme technically imperfect and recognized that the platform modules can be finalized by third-party specialists and subsequently used by criminals. 

A representative of the information security company RTM Group said that the data of several dozen companies were stolen through malicious code in 1C modules, which were being finalized by programmers on outsourcing. 

According to him, at least a third of 1C users order the completion of some modules from third-party programmers who can embed malicious code in them. As a result, such modules, when checking the license key, send the data available in them about customers, payments, and potential contracts to an email address that is pre-registered. 

The victims of the scheme were several dozen companies engaged in the trade or distribution of software. The representative of the RTM Group noted that the materials were sent to law enforcement agencies. 

The representative of 1C called the described scheme technically imperfect since the license check is performed at the "core" level of the system, the code of which is closed. At the same time, he acknowledged that the platform modules can be modified by third-party specialists and used by attackers in the future. 

According to IDC, the share of 1C software in the corporate market in Russia in 2020 was 39.2%. Small and medium-sized businesses, which do not have money for their own IT departments, and they turn to small firms, are at risk of getting to scammers first of all.

“There are hundreds of thousands of 1C programmers in Russia, some of them can really be intruders, especially in the current deteriorating economic environment,” explained Pavel Korostelev, head of the Security Code company’s product promotion department. 

Alexander Dvoryansky, Director of Strategic Communications at Infosecurity a Softline Company, noted that such incidents do not always occur maliciously, as programmers when finalizing the module may use third-party or free software, the source code of which already contains malicious code.

DoppelPaymer Searches for and Terminates Windows Processes

 

Crowdstrike Intelligence claimed in a July 2019 blog post on DoppelPaymer that ProcessHacker was being hijacked to terminate a list of targeted processes and obtain access, providing a "critical hit." DoppelPaymer is a descendant of the BitPaymer ransomware and a member of the Dridex malware family. It's presently being delivered in a variety of ways, including phishing or spam emails with attachments containing malicious code - either JavaScript or VBScript. 

DoppelPaymer places the ProcessHacker executable, the KProcessHacker driver, and the malicious stager DLL under a subdirectory of %APPDATA% to start ProcessHacker. The subdirectory name, as well as the executable and driver file names, are all a unique string of alphanumeric characters. Following the creation of those two files, one of the DLLs loaded by ProcessHacker must be hijacked using a technique known as "DLL search order hijacking."

DoppelPaymer sends the ProcessHacker process two arguments: the name of the KProcessHacker.sys driver and an integer that will be used for inter-process communication (IPC) between the DoppelPaymer and ProcessHacker processes.

DoppelPaymer, like Dridex, exploits DLL search order hijacking to exploit the DLL loading behavior of Windows programs. When the operating system PE loader loads a binary, it must also load the DLL files needed for the PE to function. When seeking for DLL files to load, MS Windows takes a certain path by default. Before checking the Windows system directories, Windows looks for Windows system DLLs in the same directory as the target program. In this situation, DoppelPaymer, a malicious process, can drop a malicious version of a DLL in that directory, which will be loaded by the target application. 

DoppelPaymer searches the module name list in the ProcessHacker binary's Import Address Table (IAT) to decide which DLL to hijack. Each name is hashed using the CRC32 algorithm and compared to a hardcoded list of hashes, if a match is found, the name is added to a list data structure. To select one of the three names from the list, a random number generator is employed. 

After selecting a DLL, the authentic Windows version of the DLL is read into a memory buffer. This DLL serves as a template for creating the malicious stager DLL. The file is saved in the same folder as the ProcessHacker executable and has the same name as the hijacked DLL.

11 Malicious Python Packages Uncovered by Researchers

 

Researchers have found 11 malicious Python packages which have been installed more than 41,000 times from the Python Package Index (PyPI) repository that might be used to obtain Discord access tokens, passwords, and even stage dependency misunderstanding attacks. 

These Python packages have now been withdrawn from the repository as a result of JFrog's responsible disclosure —
  • important package / important-package 
  • pptest 
  • ipboards 
  • owlmoon 
  • DiscordSafety 
  • \trrfab 
  • 10Cent10 / 10Cent11 
  • yandex-yt 
  • yiffparty 

Two of the programs ("importantpackage," "10Cent10," and their variants) were discovered to gain a reverse shell upon that compromised system, granting the attacker total control over an affected system. Using a technique known as dependency confusion or namespace confusion, two additional packages, "ipboards" as well as "trrfab" masqueraded as valid dependencies intended to be immediately imported. 

Apart from typosquatting attacks, in which a threat actor purposefully discloses packages with misspelled names of popular variants, dependency confusion works by posting poisoned elements with the same names as valid internal private packages, although with a higher version as well as posted online to public repositories, basically forcing the target's package manager to download and install the nefarious module. 

The dependency "importantpackage" is particularly notable for its new network-based detection technique, which involves exploiting Fastly's the content delivery network (CDN) to disguise connections with the attacker-controlled server as interactions with pypi[.]org. 

The malicious code "causes an HTTPS request to be sent to pypi.python[.]org (which is indistinguishable from a legitimate request to PyPI), which later gets rerouted by the CDN as an HTTP request to the [command-and-control] server," JFrog researchers Andrey Polkovnychenko and Shachar Menashe noted. 

Eventually, both "ipboards" and a fifth package known as "pptest" were revealed to use DNS tunneling as a data exfiltration technique, depending on DNS requests as a means of communicating between both the victim PC and the remote server. According to JFrog, this is the first time the approach has been discovered in malware posted to PyPI. 

Targeting prominent code registries such as Node Package Manager (NPM) JavaScript registry, PyPI, and RubyGems has become routine, opening up a new arena for a variety of assaults. 

"Package managers are a growing and powerful vector for the unintentional installation of malicious code, and […] attackers are getting more sophisticated in their approach," said Menashe, JFrog's senior director of research. "The advanced evasion techniques used in these malware packages, such as novel exfiltration or even DNS tunneling signal a disturbing trend that attackers are becoming stealthier in their attacks on open-source software."

Malicious Code Injected in Popular 'coa' and 'rc' Open Source Libraries

 

Coa, a popular library from npm, a manager for the JavaScript programming language, has been hijacked by hackers who published new versions equipped with password-stealing malware.

The 'coa' library, short for Command-Option-Argument, gets around 9 million downloads a week on npm, and is used by almost 5 million open-source GitHub repositories. The assault on coa will severely impact countless React pipelines around the globe, Bleeping Computer reported. 

Soon after spotting the hijack, security researchers also uncovered another popular npm component- 'rc'- also being impacted. The 'rc' library nets 14 million downloads a week on average. According to the security team of the npm, both packages were compromised simultaneously and were the result of threat actors securing access to a package developer’s account. 

Once inside, the hacker adds a post-installation script to the original codebase, which runs an obfuscated TypeScript used for downloading a Windows batch or Linux bash script depending on the OS of the machine running the software. The compromised coa versions are 2.0.3, 2.0.4, 2.1.1, 2.1.3, 3.0.1, 3.1.3, while compromised rc versions are 1.2.9, 1.3.9, 2.3.9

The last stable coa version 2.0.2 was released in December 2018, but developers around the world were left surprised when several suspicious versions 2.0.3, 2.0.4, 2.1.1, 2.1.3, and 3.1.3 began appearing on npm as of a few hours ago, breaking React packages that depend on 'coa'. 

The security team of the NPM has reportedly disabled the compromised versions of coa. “Users of affected versions (2.0.3 and above) should downgrade to 2.0.2 as soon as possible and check their systems for suspicious activity. See this issue for details as they unfold. Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it,” the maintainers stated.

Magnitude Exploit Kit Adds Rare Chrome Attack Chain to Target Chrome Users

 

The handlers of the Magnitude exploit kit (EK) have added two new exploits in their arsenal, capable of targeting chromium-based browsers operating on Windows systems. It is a very rare sight since the very few exploit kits that are still active have mainly focused on Microsoft’s Internet Explorer over the past few years. 

Security experts with Avast uncovered a new chain of exploits for attacks on users of the Chrome browser. The two new exploits CVE-2021-21224 and CVE-2021-31956 affect the Google Chrome browser and Microsoft Windows platform, respectively.

The first exploit in the chain CVE-2021-21224, which Google patched in April 2021, is a type confusion vulnerability in the V8 rendering engine that allows remote attackers to execute arbitrary code inside a sandbox via a crafted HTML page.

The second exploit CVE-2021-31956 is a privilege escalation vulnerability in Windows that leads attackers to bypass Chrome’s sandbox and secure system privileges. The vulnerability was addressed in June 2021. The two flaws were previously chained in malicious activity that Kaspersky named PuzzleMaker, but it couldn’t be linked to any known adversary. 

“The attacks we have seen so far are targeting only Windows builds 18362, 18363, 19041, and 19042 (19H1–20H2). Build 19043 (21H1) is not targeted. The exploit for CVE-2021-31956 contains hardcoded syscall numbers relevant just for these builds. For the time being, the activity doesn’t appear to involve the use of a malicious payload, although it does lead to the victim’s Windows build number being exfiltrated,” Avast said. 

“Since Magnitude typically tests newly implemented exploits in this manner, it’s likely that malicious attacks will follow soon, likely deploying the Magniber ransomware,” Avast added. First discovered in 2017, Magniber was attributed right from the start with Magnitude, and was believed to be developed by the EK’s handlers. 

While the discovery of Avast is important because of a rare sighting of an exploit kit going after Chrome and Chromium-related browsers, other questions still remain, such as how the “half-dead” EK group got its hands on such a high-grade exploit chain and how effective is the exploit chain, to begin with. Fortunately, the Windows exploit is not universal and will only work against a small number of Windows 10 versions.

Newly Discovered Flaw in GitHub Actions Allows Code to Bypass Review Mechanism

 

A newly uncovered security vulnerability in GitHub Actions allows software code to bypass the required reviews mechanism to a secured branch, allowing it into the pipeline to production. 

Omer Gil and his team of researchers at security startup Cider Security discovered the flaw in GitHub actions during research into novel attack vectors in the arena of DevSecOps, which evades security protections and exists even in the installations of companies that have not enabled the recently introduced feature.

"An attacker compromising a GitHub user account, or simply a developer that wants to bypass this restriction, can simply push code to a protected branch. Since code in protected branches is usually used in production systems by many users or by other systems, the impact is high," Gil explained.

Vulnerability in GitHub Actions 

GitHub Actions is GitHub's continuous integration/continuous delivery offering, which offers a mechanism to automate, customize and implement software development workflows right in the repository from development to production systems, Cider Security explained in a blog post on Medium. 

Furthermore, the GitHub Actions is installed by default on any GitHub organization, and on all of its repositories, and any user who has the privilege to push code to the repositories can design a workflow that operates when code is pushed. 

“Anyone with write access to a repository can modify the permissions granted to the GITHUB_TOKEN, adding or removing access as required, by editing the permissions key in the workflow file,” Cider Security explained.

“As the PR is created, it cannot be merged since approval is required. However, the workflow immediately runs and the PR is approved by the GitHub-actions bot, which the GITHUB_TOKEN belongs to. It’s not an organization member, but counts as PR approval, and effectively allows the attacker to approve their own PR, basically bypassing the branch protection rules.,” Cider Security further said.

"The issue is not fixed. GitHub said they'll work on fixing it. I believe adversaries can definitely take advantage of this issue in their attempts to reach production systems and expand their hold in their victims' assets," Gil noted. 

To mitigate the risks, Cider Security has advised organizations to consider disabling GitHub Actions across their whole enterprise or for particular (more sensitive) repositories. Additionally, the issue can be solved by requiring the approval of Code Owners, or by requiring two or more approvals to merge a pull request.

PoC Exploit Code Published for macOS Gatekeeper Bypass Vulnerability

 

Cybersecurity researcher Rasmus of F-Secure has published a proof-of-concept (PoC) exploit code for a macOS Gatekeeper bypass vulnerability that Apple fixed earlier this year in April. 

The PoC exploit code targets CVE-2021-1810, a flaw that can lead to the bypass of all three protections that Apple executed against downloading malicious files in macOS – file quarantine, Gatekeeper, and notarization. 

The vulnerability was spotted in the Archive Utility component of macOS Big Sur and Catalina and can be abused via a specially designed ZIP file. To successfully exploit the flaw, an attacker must trick a user into installing and opening an archive to implement malicious code inside. 

By exploiting the flaw, the attacker can implement unsigned binaries on macOS devices, even if the Gatekeeper enforces code signing or warn user of the malicious code implementation . According to Sten, the flaw is related to the way in which the Archive Utility handles file paths. Particularly, for paths longer than 886 characters, the com.apple.quarantine extended attribute would no longer apply, resulting in a Gatekeeper bypass for the files. 

While researching edge cases with long path filenames, the researcher identified that some macOS components acted surprisingly when the total path length reached a certain limit. Finally, Sten identified that it was feasible to design an archive with a hierarchical structure for which the path length was long enough so that Safari would call Archive Utility to unpack it and that Archive Utility would not apply the com.apple.quarantine attribute, but short enough to be browsable using Finder and for macOS to execute the code within. 

“In order to make it more appealing to the user, the archive folder structure could be hidden (prefixed with a full stop) with a symbolic link in the root which was almost indistinguishable from a single app bundle in the archive root,” the researcher explained in his blog post. 

The researcher also published a video demo of the exploit that creates the archive with the path length necessary to bypass CVE-2021-1810, along with a symbolic link to make the ZIP file look normal. The flaw was addressed with the release of macOS Big Sur 11.3 and Security Update 2021-002 for Catalina.

QNAP Patched a Flaw that Allowed Attackers to Remotely Execute Malicious Commands

 

QNAP, a Taiwanese NAS manufacturer, has issued security updates for numerous vulnerabilities that might allow attackers to remotely inject and execute malicious code and commands on susceptible NAS systems. File sharing, virtualization, storage management, and surveillance applications all employ network-attached storage (NAS) appliances. The headquarters of QNAP is located in the Xizhi District of New Taipei City, Taiwan. QNAP began as a department of the IEI Integration Corporation, a Taiwan-based industrial computer services provider. 

Three high-severity stored cross-site scripting (XSS) vulnerabilities (recorded as CVE-2021-34354, CVE-2021-34356, and CVE-2021-34355) affect devices running unpatched Photo Station software (releases before 5.4.10, 5.7.13, or 6.0.18), according to QNAP.

In addition, QNAP fixed a stored XSS Image2PDF problem that affected devices running software versions prior to Image2PDF 2.1.5. Threat actors can use stored XSS attacks to inject malicious code remotely and store it on the targeted servers indefinitely after successful exploitation.

Stored attacks are ones in which the injected script is kept on the target servers indefinitely, such as in a database, a chat forum, a visitor log, a comment field, and so on. When the victim requests information from the server, the malicious script is downloaded. 

A command injection bug (CVE-2021-34352) affecting some QNAP end-of-life (EOL) devices running the QVR IP video surveillance software was also fixed, allowing attackers to run arbitrary operations. Successful attacks leveraging the CVE-2021-34352 bug could result in NAS devices being completely taken over.

In April, QNAP NAS operating systems QTS and QuTS Hero were patched for a command injection vulnerability (CVE-2020-2509). The other critical flaw (CVE-2020-36195), which affected any QNAP NAS devices running Multimedia Console or the Media Streaming add-on, was also patched in the same batch of firmware upgrades.

 “Both vulnerabilities are simple to exploit if you know the exact technical details,” said Yaniv Puyeski, a security researcher of SAM Seamless Network. 

 The significant, pre-authenticated flaws, which require only network access to the susceptible services, highlight an insecure, all-too-common way of using the devices, according to Puyeski. “Unfortunately, a lot of QNAP owners expose their device to the internet through port forwarding which puts them at very high risk to be hacked,” he explained.

To Disseminate Malware, Hackers are Increasingly Relying on DaaS Platforms

 

According to cybersecurity specialists, malware authors are increasingly depending on dropper-as-a-service (DaaS) platforms to propagate their malicious inventions. Sophos recently published a report detailing the rise of DaaS platforms that infect victims who visit piracy websites in search of cracked versions of major business and consumer software. 

A dropper is a programme that, when run, executes malicious code as a payload. The dropper is similar to a trojan, and it may have additional functions, but its primary goal is to get malware onto a victim's computer, which can be downloaded over the internet or unpacked from data within the dropper.

A customer pays for a dropper-as-a-service to deliver their malware to these systems through droppers. Typically, the DaaS employs a network of websites to transmit droppers to victims' computers, which then install and execute the customer's malware. Droppers could be camouflaged as legitimate or cracked software that netizens are fooled into installing. 

“During our recent investigation into an ongoing Raccoon Stealer (an information-stealing malware) campaign, we found that the malware was being distributed by a network of websites acting as a “dropper as a service,” serving up a variety of other malware packages,” Sophos researchers Sean Gallagher, Yusuf Polat shared in a joint blog post. 

The Sophos duo, who were assisted by Anand Ajjan and Andrew Brandt, dubbed this part of the "malware-industrial complex," saying that such services made it "very inexpensive for would-be cybercriminals with limited expertise to get started" in the criminal underworld. For 1,000 virus installs using droppers, some of these firms charge as little as $2. 

The researchers point out that DaaS frequently bundles a variety of unrelated malware in a single dropper, including click-fraud bots, information stealers, and even ransomware.

The Raccoon Stealer campaign was not the only one that used DaaS, according to the researchers. Sophos continued to see more malware and other dangerous information transmitted over the same network of sites even after the campaign had stopped. “We discovered multiple networks using the same basic tactics in our research. All of these networks use search engine optimization to put a “bait” webpage on the first page of results for search engine queries seeking “crack” versions of a variety of software products,” said the researchers.

Hackers can ‘Poison’ Open-source Code on the Internet

 

A Cornell University Tech team with researchers discovered a new kind of backdoor attack that can modify natural-language modelling systems to generate false outputs and bypass any known protection. 

The Cornell Tech team believes the assaults may affect algorithmic trading, email accounts, and other services. The research was supported by the NSF and the Schmidt Futures initiative, and Google Faculty Research Award. 

According to research published on Thursday, the backdoor may alter natural-language modelling systems without requiring access to the original code or model by uploading malicious code to open-source sites commonly used by numerous organisations and programmers. 

During a presentation at the USENIX Security conference on Thursday, the researchers termed the attacks "code poisoning." The attack would offer people or organisations immense authority over a wide range of things, including movie reviews or an investment bank's machine learning model, disregarding news that may affect a company's stock. 

The report explained, "The attack is blind: the attacker does not need to observe the execution of his code, nor the weights of the backdoored model during or after training. The attack synthesizes poisoning inputs 'on the fly,' as the model is training, and uses multi-objective optimization to achieve high accuracy simultaneously on the main and backdoor tasks." 

"We showed how this attack can be used to inject single-pixel and physical backdoors into ImageNet models, backdoors that switch the model to a covert functionality, and backdoors that do not require the attacker to modify the input at inference time. We then demonstrated that code-poisoning attacks can evade any known defence, and proposed a new defence based on detecting deviations from the model's trusted computational graph." 

Eugene Bagdasaryan, a computer science PhD candidate at Cornell Tech and co-author of the new paper with professor Vitaly Shmatikov, mentioned that many companies and programmers use models and codes from open-source sites on the internet. This study highlights the importance of reviewing and verifying materials before incorporating them into any systems.

"If hackers can implement code poisoning, they could manipulate models that automate supply chains and propaganda, as well as resume screening and toxic comment deletion," he added. 

Shmatikov further explained that similarly to prior assaults, the hacker must gain access to the model or data during training or deployment, which involves breaking into the victim's machine learning infrastructure. 

"With this new attack, the attack can be done in advance, before the model even exists or before the data is even collected -- and a single attack can actually target multiple victims," Shmatikov said. 

The paper focuses further on the ways for "injecting backdoors into machine learning models, based on compromising the loss-value computation in the model-training code." The team used a sentiment analysis model for the particular task of always classifying as positive all reviews of the infamously bad movies directed by Ed Wood. 

"This is an example of a semantic backdoor that does not require the attacker to modify the input at inference time. The backdoor is triggered by unmodified reviews written by anyone, as long as they mention the attacker-chosen name," the paper discovered. 

"Machine learning pipelines include code from open-source and proprietary repositories, managed via build and integration tools. Code management platforms are known vectors for malicious code injection, enabling attackers to directly modify the source and binary code." 

To counter the attack:
The researchers suggested a technique that could identify changes from the original code of the model. However, Shmatikov claims that because AI and machine learning tools have grown so popular, many non-expert users create their models with code they hardly comprehend. "We've shown that this can have devastating security consequences." 

In the future, the team aims to investigate how code-poisoning links to summarisation and even propaganda automation, which may have far-reaching consequences for the future of hacking.

They will also strive to create robust protections that will eradicate this entire class of attacks and make AI and machine learning secure even for non-expert users," according to Shmatikov.

Security Researcher Discovers Serious Flaw in Chromium, Bags $15,000 Reward

 

A recently patched vulnerability in the Chromium project enabled malicious parties to inject code in embedded site pages, despite the fact that these resources were separated from the parent website. 

Chromium is an open-source browser project that intends to make the web a safer, faster, and more stable experience for everyone. The site provides design documents, architecture overviews, testing information to assists users in learning to build and work with the Chromium source code.

The security researcher who initially discovered the vulnerability presented a proof of concept that illustrates an attacker-controlled website abusing the vulnerability to manipulate the information of an embedded website, despite the fact that the target and destinations are on different servers. 

As illustrated in a recent post on the Chromium website, the vulnerability may be leveraged even if the web browser "site isolation" feature is turned on. Site isolation is a security feature that divides each website into its own process to increase security. 

According to the expert, inter-process communication of isolated processes featured a race condition, which is an attack that targets systems that must execute the task in several phases. If the system is susceptible for a brief period of time between execution steps, the attacker can take advantage of the security vulnerability to make destructive changes. Among other exploits, this flaw may allow intruders to insert malicious code into embedded sites or steal personal information from users. 

The vulnerability was discovered in late March and resolved before the end of April. The security researcher received $15,000 from Google's Vulnerability Rewards Program for his finding. The vulnerability has been demonstrated as a “site isolation break because of double fetch of shared buffer”. 

“We always appreciate working with the research community through our Vulnerability Rewards Program, and thanks to this report we were able to patch the issue in Chrome 90,” a Google spokesman stated The Daily Swig.