Improvements to AI Led Vulnerability Research

Plus: LockBit lies about hacking the US Federal Reserve

Not only is Toys “R” Us still a thing, but they also decided to dip their toe into the GenAI game. They partnered with an ad agency that used OpenAI’s Sora video generation tool to create this AI-generated video, which was summarized well by Avengers filmmaker Joe Russo who said, "TOYS ‘R US released an AI commercial and it fucking sucks."

Tell us how you really feel, Joe.

Today in the cyber world, we’re covering:

  • Cyber naps are delightful, dangerous

  • Go home LockBit, you’re drunk

  • TeamViewer possibly averts a supply-chain disaster

-Jason

AI Spotlight
Cyber Naps Are Dangerous

Security nerds are lazy always seeking more efficiencies. Google’s Project Zero, a group of security researchers whose mission is to “make the discovery and exploitation of security vulnerabilities more difficult” is no exception.

Their latest research, dubbed Project Naptime, use Large Language Models (LLMs) to make vulnerability research more efficient. Or, in their own words, “take regular naps while it helps us out with our jobs.“

They’re using recent improvements in LLMs’ ability to analyze code and giving the LLMs access to task-specific tools to improve their ability to find vulnerabilities. The task-specific tools include:

Code Browser: Navigate the target source code. Important when you’re searching for vulnerabilities.

Debugger: Interact with the program and observe its behavior under different inputs. This is a critical step in identifying vulnerabilities.

Python: Allows running Python scripts for testing.

Reporter: This provides a structured mechanism for the agent to communicate its progress to the Controller, who can verify whether success criteria are met.

You can see how this all comes together in this diagram:

What does all of that mean? It essentially takes all of the different workflows and tools a human security researcher uses in their analysis and gives them to an LLM. The LLM consumes the target source code and looks for vulnerabilities while the security researchers take a nap.

Security Deep Dive
Go Home LockBit, You’re Drunk

LockBit won’t die, even after law enforcement’s multiple takedown attempts since February. And now, they’re just saying things that make no sense. On Sunday, June 23rd, LockBit posted the Federal Reserve to their leaksite.

And as part of that, they claimed they stole 33 terabytes of “juicy banking information containing Americans’ banking secrets.” You can see their posting below.

Now, let’s be real here for a second. If an attacker went after US banking, they should probably fear more than just jail time. The US wouldn’t take kindly to the crippling of their entire financial backbone.

Because of this, there was a lot of doubt around LockBit’s claims. And for good reason. Nothing seemed to be broken.

As the timer ticked closer and closer to zero, we finally got our answer. A LockBit affiliate had actually hacked Evolve Bank, which released a statement on the attack. The news headlines then lambasted LockBit for lying…

Coincidentally, or maybe not, a week before the LockBit posting, the Federal Reserve issued an enforcement action against Evolve Bank for deficiencies in the bank’s anti-money laundering, risk management, and consumer compliance programs. The detailed report includes remediation items related to IT and Security…

Even though LockBit is a liar, they’re still sticking around to bother us for a bit longer.

Security News
What Else is Happening?

🖥️ TeamViewer, the company behind the popular remote desktop application, reported an “irregularity” in their internal corporate IT network. They claim to have quickly identified and remediated the cyber attack and attributed it to Russia. Of course, anytime you see a big-name software provider like TeamViewer report a security incident, you can’t help but wonder if it’s another SolarWinds scenario…

🔱 Attackers continue to use Google Ads to deploy Mac malware. The latest one, dubbed Poseiden, hides behind advertisements for the Arc web browser. It functions as a stealer with standard password theft, but interestingly, it also steals configuration information for Fortinet and OpenVPN VPNs. I wonder what they would use that for…

🇨🇳 Researchers at SentinelOne and Recorded Future claim that attackers associated with the Chinese government are deploying ransomware to cause disruption and cover their espionage operations. It might be too early to call this a trend or even accurate, but it’s a tactic that has long been touted as happening.

🪪 Chrome is testing a new Android feature that will securely verify your ID with websites. Google will store your identity documents securely on the device and allow websites to verify your identity securely without you uploading the documents to the website. This sounds great in theory and is something I honestly would use. But I eagerly await the pitchforks on Big Tech not securing our data…even if it stays on the local device.

🇨🇳 Yep, China again. They continue to test the waters with AI-generated videos and images in influence operations. One group, dubbed DRAGONBRIDGE 🐉, has been using AI-generated newscasters to promote their narrative.

If you enjoyed this, forward it to a fellow cyber nerd.

If you’re that fellow cyber nerd, subscribe here.

See you next week!

Reply

or to participate.