Cyber Bakery Chronicles

Keeping Up with Cybersecurity News with CyberBakery.net....Your Weekly Update.

Cyber Bakery Chronicles

Your Weekly Cybersecurity Update (08 November 2024)

  • OWASP Releases GenAI Security Guidelines
  • Canada orders TikTok to shut down over national risk concerns
  • North Korean Hackers Deploy Hidden Risk Malware to Attack Crypto Firms on macOS
  • Australia Halts Satellite Project Amid Fears of New Space Weaponry
  • Schneider Electric Confirms Development Platform Breach Following Data Theft by Hacker

OWASP Releases GenAI Security Guidelines

The Open Web Application Security Project (OWASP) Top 10 for LLM Application Security Project, a collaborative effort focused on Large Language Models (LLMs) and Generative AI (GenAI) security, has announced new resources to guide organizations in securely adopting and deploying these technologies.

Since its launch in 2023, the project has become a leading source for best practices in LLM security. Now, the initiative caters to a broader audience, encompassing developers, data scientists, security professionals, CISOs, and compliance officers.

New Resources for Secure AI Development:

  • Guide for Preparing and Responding to Deepfake Events: This resource addresses the growing threat of deepfakes and provides practical defence strategies to ensure organizational security against these increasingly sophisticated forgeries.
  • Center of Excellence Guide: This guide outlines best practices for establishing a collaborative "Center of Excellence" within an organization. This centre would oversee GenAI security adoption and risk management by fostering cooperation between security, legal, data science, and operational teams.
  • AI Security Solution Landscape Guide: This comprehensive guide offers insights into both open-source and commercial solutions for securing LLMs and GenAI applications. It helps organizations identify and address vulnerabilities highlighted in the OWASP Top 10 list.

These new resources highlight the OWASP project's evolving focus. They aim to equip organizations with a comprehensive strategy for governing, mitigating risks, and implementing secure AI practices throughout the LLM/GenAI development and deployment lifecycle. The project's commitment to ongoing research and collaboration ensures that organizations adopting these powerful AI tools can do so responsibly and securely.

Canada orders TikTok to shut down over national risk concerns

The Canadian government has mandated the dissolution of TikTok Technology Canada after a comprehensive security review highlighted the company as a national risk. This decision, informed by insights from Canada’s security and intelligence agencies, does not ban Canadians from accessing TikTok or producing content on the platform.

The statement noted that the government acted to counter specific national security concerns related to ByteDance Ltd.’s activities in Canada, although no detailed explanation of these risks was provided. TikTok has faced scrutiny from various countries, particularly the U.S., over fears of potential data collection that could be exploited by the Chinese government.

Canada’s government emphasized that while it supports foreign investment, it will intervene when national security is at stake. TikTok, in response, declared its intent to legally contest the order, arguing that the shutdown jeopardizes numerous jobs and offers no real benefits.

Minister François-Philippe Champagne reassured that the decision does not restrict Canadians’ use of TikTok, stating that using the platform remains a personal choice. Canadians are urged to review privacy policies, manage app permissions, and understand where data is stored to ensure their online safety.

North Korean Hackers Deploy Hidden Risk Malware to Attack Crypto Firms on macOS

A threat actor associated with North Korea, known as BlueNoroff, has been targeting cryptocurrency businesses with multi-stage malware capable of affecting Apple macOS devices. SentinelOne, which labelled the campaign as a “Hidden Risk,” links it to previous malware types such as RustBucket and KANDYKORN. The campaign, active since July 2024, uses phishing emails containing fake cryptocurrency news to distribute a malicious application disguised as a PDF file.

The FBI previously described these campaigns as sophisticated social engineering aimed at cryptocurrency and decentralized finance employees. The attackers use fake job offers and investments to build trust before deploying malware. In October 2024, SentinelOne found a phishing attempt involving a malicious app called “Hidden Risk Behind New Surge of Bitcoin Price.app,” signed by an Apple developer ID but later revoked.

This malware launches a decoy PDF while secretly downloading and executing a second-stage backdoor. The backdoor’s persistence mechanism involves exploiting the zshenv configuration file, bypassing macOS notifications designed to alert users to background activity.

BlueNoroff has also used domain registrars like Namecheap to create cryptocurrency-related infrastructure. Their approach shows overlaps with past campaigns, such as one noted by Kandji in August 2024. The group’s use of valid Apple developer accounts for notarizing malware is particularly concerning.

Other North Korean campaigns have targeted Western companies using methods like booby-trapped codebases and fake job challenges. Campaigns like “Wagemole” and “Contagious Interview,” attributed to Famous Chollima and associated with the Lazarus Group, focus on targeting freelance developers to facilitate cryptocurrency theft. These activities showcase North Korea’s evolving tactics, combining various obfuscation and multi-platform methods to breach defences and steal data, posing a significant threat to businesses and individuals.

Australia Halts Satellite Project Amid Fears of New Space Weaponry

Australia recently decided to abandon a planned satellite project due to concerns over emerging technological threats that could undermine its security and functionality. This decision highlights the rapid evolution of military and space capabilities, with the new technology enabling potential adversaries to target and disable satellites.

The scrapped project involved launching a surveillance satellite aimed at enhancing Australia’s defence and intelligence capabilities. However, advancements in anti-satellite (ASAT) technology, such as directed-energy weapons or missile systems capable of shooting down satellites, have made space assets more vulnerable than ever before. These developments underscore a significant shift in global defence strategies, where space infrastructure is increasingly viewed as contested territory.

Australia’s move reflects a broader trend among nations to reassess space investments in light of these new threats. This trend points to a shift toward more resilient or diversified space strategies, such as satellite constellations with decentralised and redundant networks, which are harder to disrupt or target compared to single, larger satellites.

The decision also signals the growing importance of adapting to the evolving landscape of military technologies and ensuring that investments in space assets are not only strategically sound but also secure against emerging countermeasures.

Schneider Electric Confirms Development Platform Breach Following Data Theft by Hacker

Schneider Electric, a major energy and automation company, confirmed a breach of its internal developer platform after a hacker known as “Grep” claimed to have stolen 40GB of data from the company’s JIRA server. The hacker accessed the server using exposed credentials and scraped 400,000 rows of data, including the names and email addresses of about 75,000 employees and customers, through a MiniOrange REST API. The stolen data also includes project files, issues, and plugins.

The hacker demanded a $125,000 ransom in a dark web post to prevent the data from being leaked. Schneider Electric stated that its products and services were not affected and mobilized its Global Incident Response team to investigate and contain the breach. This incident underscores the importance of stringent cybersecurity measures and the risks of exposed credentials and API vulnerabilities.

Post by threat actor about Schneider Electric
Post by threat actor about Schneider Electric Source: BleepingComputer

As a French multinational company whose products are integral to energy, industrial automation, and building systems, Schneider Electric’s breach could have far-reaching implications. Although the company asserts that its main product lines and services have not been impacted, the theft of such extensive internal data could lead to reputational damage, intellectual property risks, and potential exposure of sensitive information related to projects and clients.


Quick favour: Let’s spread the value! If you find this newsletter useful, don’t keep it to yourself. 👉 Share it with friends and colleagues who could benefit from it.

Remember, one share could spark insight, ignite inspiration, or lead to a breakthrough for someone else.

Let’s make 2024 the year of shared knowledge and community growth!