Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Supply Chain Assaults. Show all posts

Hugging Face's AI Supply Chain Escapes Near Breach by Hackers

 

A recent report from VentureBeat reveals that HuggingFace, a prominent AI leader specializing in pre-trained models and datasets, narrowly escaped a potential devastating cyberattack on its supply chain. The incident underscores existing vulnerabilities in the rapidly expanding field of generative AI.

Lasso Security researchers conducted a security audit on GitHub and HuggingFace repositories, uncovering more than 1,600 compromised API tokens. These tokens, if exploited, could have granted threat actors the ability to launch an attack with full access, allowing them to manipulate widely-used AI models utilized by millions of downstream applications.

The seriousness of the situation was emphasized by the Lasso research team, stating, "With control over an organization boasting millions of downloads, we now possess the capability to manipulate existing models, potentially turning them into malicious entities."

HuggingFace, known for its open-source Transformers library hosting over 500,000 models, has become a high-value target due to its widespread use in natural language processing, computer vision, and other AI tasks. The potential impact of compromising HuggingFace's data and models could extend across various industries implementing AI.

The focus of Lasso's audit centered on API tokens, acting as keys for accessing proprietary models and sensitive data. The researchers identified numerous exposed tokens, some providing write access or full admin privileges over private assets. With control over these tokens, attackers could have compromised or stolen AI models and supporting data.

This discovery aligns with three emerging risk areas outlined in OWASP's new Top 10 list for AI security: supply chain attacks, data poisoning, and model theft. As AI continues to integrate into business and government functions, ensuring security throughout the entire supply chain—from data to models to applications—becomes crucial.

Lasso Security recommends that companies like HuggingFace implement automatic scans for exposed API tokens, enforce access controls, and discourage the use of hardcoded tokens in public repositories. Treating individual tokens as identities and securing them through multifactor authentication and zero-trust principles is also advised.

The incident highlights the necessity for continual monitoring to validate security measures for all users of generative AI. Simply being vigilant may not be sufficient to thwart determined efforts by attackers. Robust authentication and implementing least privilege controls, even at the API token level, are essential precautions for maintaining security in the evolving landscape of AI technology.

Popular Python and PHP LIbraries Hijacked to Steal AWS Keys

 

A software supply chain assault has compromised the PyPI module 'ctx,' which is downloaded over 20,000 times per week, with malicious versions collecting the developer's environment variables. The threat actor even replaced older, secure versions of 'ctx' with code that gathers secrets like Amazon AWS keys and credentials by exfiltrating the developer's environment variables. 

In addition, versions of a 'phpass' fork released to the PHP/Composer package repository Packagist had been modified in a similar way to steal secrets. Over the course of its existence, the PHPass framework has had over 2.5 million downloads from the Packagist repository—though malicious variants are thought to have received significantly fewer downloads. 

The widely used PyPI package 'ctx' was hacked earlier this month, with newer released versions leaking environment variables to an external server. 'ctx' is a small Python module that allows programmers to manipulate dictionary ('dict') objects in various ways. Despite its popularity, the package's developer had not touched it since 2014, according to BleepingComputer. Newer versions, which were released between May 15th and this week, contained dangerous malware. 

The corrupted 'ctx' package was initially discovered by Reddit user jimtk. Somdev Sangwan, an ethical hacker, also revealed that the PHP package 'phpass' had been infiltrated, with tainted copies of the library taking developers' AWS secret keys. Although the malicious 'ctx' versions have been removed from PyPI, copies acquired from Sonatype's malware archives show the presence of harmful code in all 'ctx' versions. 

It's also worth noting that the 0.1.2 version, which hadn't been updated since 2014, was replaced this week with a malicious payload. Once installed, these versions gather all your environment variables and upload these values to the following Heroku endpoint: https://anti-theft-web.herokuapp[.]com/hacked/. At the time of analysis, the endpoint was no longer active. 

In a similar attack, the fork of 'hautelook/phpass,' a hugely popular Composer/PHP package, was hacked with malicious versions released to the Packagist repository. PHPass is an open-source password hashing framework that may be used in PHP applications by developers. The framework was first released in 2005 and has since been downloaded over 2.5 million times on Packagist. 

This week, BleepingComputer discovered malicious commits to the PHPass project that stole environment variables in the same way. The modified 'PasswordHash.php' file in PHPass looks for the values 'AWS ACCESS KEY' and 'AWS SECRET KEY' in your environment. Following that, the secrets are uploaded to the same Heroku endpoint. The presence of similar functionality and Heroku endpoints in both the PyPI and PHP packages suggests that both hijacks were perpetrated by the same threat actor. 

According to the researchers, the attacker's identity is evident. However, this could have been a proof-of-concept experiment gone wrong, and it would be irresponsible to name the individual behind the 'ctx' and 'phpass' hijack until additional information becomes available. Furthermore, while the malicious PyPI package 'ctx' remained active until later today, the impact of malicious 'PHPass' versions appears to have been far more limited after Packagist co-founder Jordi Boggiano marked the hijacked repository as "abandoned" and advised everyone to use bordoni/phpass instead. 

The hijacking of PyPI package 'ctx' is said to have been caused by a maintainer account compromise, but the true cause has yet to be discovered. The attacker claiming a previously abandoned GitHub repository and reviving it to publish altered 'phpass' versions to the Packagist registry has been ascribed to the hack of hautepass/phpass. 

Security Innovation, a cybersecurity organisation, previously dubbed this type of attack "repo jacking." Intezer and Checkmarx recently produced a joint study based on this research and how it can affect Go projects, termed it "chainjacking." This hijacking comes on the back of a PyPI typosquat being detected deploying backdoors on Windows, Linux, and Macs.

SureMDM Vulnerabilities Expose Organizations to Supply Chain Attacks

A chain of vulnerabilities in 42Gears' SureMDM device management products could have led to a supply chain disruption via the platform. 42Gears, based in Bangalore, was established in 2009 and offers mobile device management and productivity products for organizations with an extensive mobile workforce. 

The website's list consists of major customers, which include Deloitte, Saab, Lufthansa, Thales, Tesco, Intel, etc. Experts at Immersive Labs found and revealed the first flaws to 42Gears on July 6, 2021. A series of extra bugs disclosure along with 'failed' private security patches. 

It means efficient public security fixes were not issued until November 2021 and January 2022. 
"An authentication method can be turned on by the user, but an oversight in the setup allows Linux and Mac devices to bypass the authentication step. This has been fixed in the latest patch, but it is still not the default setting and requires the user to manually enable it," reports Security Week. Earlier in January, 42Gears told Immersive that they continuously applied additional patches beyond the reports by the experts. 

At this moment, Immersive thought that everything necessary for ensuring principles of trustworthy disclosure was done, and they could publicize their discovery. The identified vulnerabilities include a few that affect the 42Gears web console and also other Linux agents. 

But most critical are the web console vulnerabilities. Chaining these will allow a hacker to shut down security tools and enable malware into macOS, Linux, or Android devices that installed SureMDM. The Linux agent flaws can allow an attacker to execute remote code on the systems, mirroring the root user. 

Hackers can use authentication methods against the users via an oversight in the setup that lets Mac and Linux devices evade the authentication level. Security Week reports, "the SureMDM agent vulnerabilities include command injection on the Linux agent. Users with physical access to a device can use a hidden key sequence to launch SureLock (kiosk software included with SureMDM) as the root user. The attacker can then use command injection to gain local privilege escalation."

Supply Chain Assaults Possible Due to Critical SAP Bug

 

SAP security solutions vendor SecurityBridge warns that a critical bug recently addressed in SAP NetWeaver AS ABAP and ABAP Platform might be exploited to launch supply chain assaults. 

The critical bug identified as CVE-2021-38178 with a CVSS score of 9.1, was fixed on the SAP Patch Day in October 2021. SecurityBridge researchers described the vulnerability as an improper authorization issue, which allows threat actors to tamper with transport requests, thus evading quality gates and transmitting code artifacts to production systems. 

Typical SAP production systems exist at the end of a line of systems consisting of SAP instances that are used for development, testing, and sometimes integration. All instances often share a single transport directory, where files needed for deploying changes from development to production are kept.

Transport requests are used to distribute modifications throughout the SAP system line, and once exported, these requests are thought to be unmodifiable. As a result, each new modification would necessitate a new request. However, SecurityBridge uncovered that standard SAP deployments include a program that does allow employees with specific authorization levels to change the header attributes of SAP transport requests. 

As a result, an attacker or a malicious insider with sufficient permissions on an exploited system has a window of opportunity between the export of transport requests and their import into production units, when they could change the release status from ” Released” to ” Modifiable.”

A transport request can be tampered with after it has passed all quality gates, and the attacker could add a payload to be executed after import into a target system, thus opening the door to supply chain attacks.

“Attackers may introduce malicious code into the SAP development stage, unseen, even into requests that have already been imported into the test stage. They could alter the transport request content just before promotion into production, allowing for code execution,” SecurityBridge explained. 

All SAP environments that employ a single transport directory at multiple staging levels are susceptible and organizations are advised to apply the available patches and check for manipulations of transport requests before importing into production.