This week’s Department of Know is hosted by Rich Stroffolinowith guests Gary ChanCISO, SSM Health and Peter LiebertCISO, Salesloft.
Missed the live show? Check it out on YouTube.
The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com.
In this week’s cybersecurity news…
BitLocker zero-day accesses protected drives
A researcher known as Chaotic Eclipse or Nightmare Eclipse released proof-of-concept exploits for two unpatched Windows zero-days dubbed YellowKey and GreenPlasma, including a BitLocker bypass that can expose encrypted drives through the Windows Recovery Environment. Security researchers confirmed parts of the YellowKey exploit, which abuses NTFS transaction logs to launch a command shell with access to unlocked BitLocker volumes on TPM-only systems. The disclosure follows earlier leaked Windows exploits from the same researcher.
Fake OpenAI repository on Hugging Face pushes infostealer malware
“A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing malware to Windows users.” It accumulated 244,000 downloads before the platform responded to reports and removed it. Hugging Face is a platform that “lets developers and researchers share AI models, datasets, and machine learning (ML) tools.” Researchers at HiddenLayer discovered the campaign on May 7, after noticing a malicious repository named Open-OSS/privacy-filter, which had typosquatted OpenAI’s legitimate Privacy Filter release.
Sen. Schumer seeks DHS plan on AI cyber coordination
The Senate’s top Democrat “called on the Department of Homeland Security Friday to work closely with state and local governments to defend against artificial intelligence-strengthened hacks. The Senate Minority Leader wrote to DHS Secretary Markwayne Mullin to make sure state, local, tribal and territorial (SLTT) governments “aren’t left behind as AI models advance, posing new hacking threats.” In his letter, he stated that it was “glaringly obvious that the Department of Homeland Security needs an updated plan for coordinating these efforts with the resopective governments.” He Schumer wants a plan from DHS by July 1.
Tables turn on ‘The Gentlemen’
Check Point analyzed leaked internal data from the ransomware group “The Gentlemen” after unknown hackers breached the gang’s backend systems and began selling 16GB of stolen data. The leak revealed a structured ransomware-as-a-service operation led by an operator known as “zeta88,” with specialized members handling reconnaissance, credential access, negotiations, and malware development with a 90/10 affiliate payout model. The group is said to rely on known vulnerabilities, common ransomware tooling, and some AI-assisted development.
Huge thanks to our sponsor, Doppel
But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception.
We fight relentlessly to protect your business, brand, and people.
Doppel. Outpacing what’s next in social engineering.
Learn more at doppel.com.
RubyGems hit with GemStuffer attack
The standard package manager for Ruby, creatively named RubyGems, announced it is “dealing with a major malicious attack.” As a result, it temporary suspended new account signups.
Socket researchers dubbed the campaign dubbed “GemStuffer.” It abuses the RubyGems package registry as a dead-drop system for exfiltrated data rather than deploying malware delivery. More than 100 malicious gems scraped public-facing UK government websites and uploaded the collected data back to RubyGems using embedded API keys, letting attackers retrieve the information without dedicated command-and-control infrastructure.
(Dark Reading, The Hacker News)
Cyber policy roundup
The European Union is considering imposing rules to restrict its member governments’ use of U.S. cloud providers to handle sensitive data as part of its “Tech Sovereignty Package” due to be released on May 27. The package is intended to bolster the bloc’s strategic autonomy in key digital areas, but doesn’t impact private-sector companies..
(CNBC)
Agencies from U.S., Canada, Japan, Germany, France, Italy, the United Kingdom, along with the European Union have now published the Software Bill of Materials for AI – Minimum Elements, focusing on AI. This document aims to “help public and private sector organizations enhance transparency in their AI systems and supply chains,” making it easier to track vulnerabilities and reduce risks.
The British government announced on Wednesday its intention to update the Computer Misuse Act after “years of warnings that outdated legislation was hindering security researchers and weakening the country’s cyber defenses.” The original law was written in 1990, which if you’ll recall, was a long time ago.
Threat actors create AI-driven zero-day campaign
The Google Threat Intelligence Group discovered a well-known cybercrime group using AI to build a novel zero day exploit. Google was being cagey on the details for now, but said it allowed attackers to bypass two-factor authentication in a “popular open source web-based admin tool.” Researchers believe the group used an LLM through the development of a whole campaign based on the zero day. Luckily, this time Google patched the flaw before any active exploits were underway.
Source link
