Ascella Software Labs

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft Microsoft has identified Chinese threat actor Storm-0940 using a botnet called Quad7 to conduct evasive password spray attacks. The botnet, known as CovertNetwork-1658, is used to steal credentials from multiple Microsoft customers. Storm-0940 targets organizations in North America and Europe, including think tanks, government organizations, and law firms. Quad7, also known as 7777 or xlogin, targets several brands of SOHO routers and VPN appliances, exploiting security flaws to gain remote code execution capabilities. Microsoft has assessed that the botnet maintainers are located in China and that multiple threat actors are using the botnet for follow-on computer network exploitation activities. Microsoft warns that the botnet infrastructure has seen a decline following public disclosure, raising the possibility of the threat actors acquiring new infrastructure with modified fingerprints to evade detection. #MicrosoftWarning #Cybersecurity #TechNews #ProtectYourData #Ascellainfosec

Meta working on a robotic hand that allows AI models to feel and interact with things Meta, the parent company of Facebook, Instagram, and WhatsApp, is partnering with GelSight and Wonik Robotics to develop tactile sensors for AI. These devices are not intended for consumers but are designed for scientists to train AI to perceive and interact with their surroundings safely. The company developed Digit360, a tactile fingertip with human-level multimodal sensing capabilities, which allows AI models to sense and detect changes in their surroundings. The device also features on-device AI models that enable local processing and reduce latency when responding to touch. Meta is releasing the code and design for Digit 360, which it believes could help in developing more realistic virtual environments. The company also launched Digit Plexus, a hardware-software solution that integrates various fingertip and skin tactile sensors on a single robotic hand. #AIFeels #TouchTech #MetaRobotics #SensoryAI #Ascellainfosec

OpenAI’s AI-powered search engine is now live within ChatGPT OpenAI has launched its AI-powered search engine, ChatGPT, for paid subscribers and plans to expand it for free, education, and enterprise users in the coming weeks. The new feature allows real-time information in conversations, allowing users to access web results-based queries during conversations or manually start web searches. ChatGPT is now on par with Microsoft Copilot and Google Gemini, offering real-time internet access. The search functionality is built using a mix of search technologies, with the underlying search model being a fine-tuned version of GPT-4o. The new feature aims to provide useful answers on the web, considering the context of the conversation and including links to sources. ChatGPT's knowledge limit was set between 2021 and 2023, but the live search will continue to refresh its training data. #AIPoweredSearch #OpenAIChatGPT #AIinAction #Cybersecurity #Ascellaimfosec

Google to develop AI that takes over computers Google is developing artificial intelligence technology called Project Jarvis, which takes over a web browser to perform tasks like research and shopping. The product is set to be demonstrated with the release of its Gemini large language model in December. Microsoft's OpenAI also aims to conduct research autonomously. #AIInnovation #FutureOfTech #AIRevolution #GoogleAI #Ascellainfosec

Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security Apple has made its Private Cloud Compute (PCC) Virtual Research Environment (VRE) available for the research community to verify its privacy and security guarantees. The VRE aims to offload computationally complex Apple Intelligence requests to the cloud without sacrificing user privacy. Apple is inviting security and privacy researchers to learn more about PCC and perform their own independent verification of its claims. To further incentivize research, Apple is expanding the Apple Security Bounty program to include PCC by offering monetary payouts ranging from $50,000 to $1,000,000 for security vulnerabilities identified in it. The VRE includes a virtual Secure Enclave Processor (SEP) and built-in macOS support for paravirtualized graphics to enable inference. Apple is also making the source code associated with some components of PCC accessible via GitHub for deeper analysis. The development comes as research into generative artificial intelligence (AI) continues to uncover novel ways to jailbreak large language models (LLMs) and produce unintended output. #AppleAI #CloudSecurity #AIResearch #SecureAI #Ascellainfosec

Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models Researchers from Xidian University and 360 AI Security Lab have discovered a new technique called Deceptive Delight, which can potentially jailbreak large language models by inserting undesirable commands between benign ones. The technique achieves an average ASR of 64.6% within three interaction turns. The researchers recommend using content filtering, prompt engineering, and clear specification of input and output limits. However, generative AI models are susceptible to "package confusion." #AIBreakthrough #AIHacks #AIExploit #Cybersecurity #Ascellainfosec

Google Gemini may soon let you make calls and send text messages without unlocking the phone Google Gemini is an AI assistant that has an exciting plan for you. Such as this will replace Google Assistant and introduces a new feature: make phone calls and text messages without unlocking your phone. This feature would appear in the latest beta version of the Google app, though users would probably need to activate this functionality manually. The toggle under 'Gemini on lock screen' in the application settings is titled 'Make calls and send messages without unlocking'. According to reports, Google is also testing UI changes. This feature introduces a cleaner overlay floating over Gemini and separates Gemini extensions into categories. The feature also adds an option to resize images. #GeminiAI #AIOnLock #UnlocklessTech #CyberAware #Ascellainfosec

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites The maintainers of the Jetpack WordPress plugin released a security update to patch up a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a robust suite of tools to improve site safety, performance, and traffic growth. The glitch is within the Contact Form feature within Jetpack, and "could be used by any logged in users on a site to read forms submitted by visitors on the site," Jeremy Herve of Jetpack said. The vulnerability has been fixed in these 101 separate versions of Jetpack - 13.9.1, 13.8.2, 13.7.1, 13.6.1, 13.5.1, 13.4.4, 13.3.2, 13.2.3, 13.1.4, 13.0.1, 12.9.4, 12.8.2, 12.7.2, 12.6.3, 12.5.1, 12.4.1, 12.3.1, 12.2.2, 12.1.2, 12.0.2, 11.9.3, 11.8.6, 11.7.3, 11.6.2, 11.5.3, 11.4.2, 11.3.4, 11.2.2, 11.1.4, 11.0.2, 10.9.3, 10.8.2, 10.7.2, 10.6.2, 10.5.3, 10.4.2, 10.3.2, 10.2.3, 10.1.2, 10.0.2, 9.9.3, 9.8.3, 9.7.3, 9.6.4, 9.5.5, 9.4.4, 9.3.5, 9.2.4, 9.1.3, 9.0.5, 8.9.4, 8.8.5, 8.7.4, 8.6.4, 8.5.3, 8.4.5, 8.3.3, 8.2.6, 8.1.4, 8.0.3, 7.9.4, 7.8.4, 7.7.6, 7.6.4, 7.5.7, 7.4.5, 7.3.5, 7.2.5, 7.1.5, 7.0.5, 6.9.4, 6.8.5, 6.7.4, There is no indication this vulnerability has been exploited in the wild, but with public disclosure, there is a risk it may be abused in the future. SCF has been updated to remove commercial upsells and fix a security problem, Mullenweg said. "This update is as minimal as possible to fix the security issue". 2 of Secure Custom Fields."Their code is now insecure, and it is a dereliction of their duty to customers for them to tell people to avoid Secure Custom Fields until they fix their vulnerability," WordPress said. "We have also privately notified them of this but did not hear back". The company said "this has happened several times before," and reserved the right to disable or remove any plugin from the directory, remove developer access to a plugin, or change it "without developer consent" in the interest of public safety. #WordPress #Jetpack #Cybersecurity #WebsiteSecurity #Ascellainfosec

OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation OpenAI said Wednesday it had disrupted more than 20 operations and deceptive networks across the world that tried to use its platform for malicious purposes since the start of the year. This included malware reverse engineering, content creation in the style of articles for websites, biographies for social media profiles, as well as AI-generated profile pictures for bots on X. "Threat actors continue to evolve and experiment with our models, but we haven't seen any evidence this will lead to meaningful breakthroughs in their ability to create substantially new malware or build viral audiences," the company of artificial intelligence said. It said that it also targeted activity that generated social media content related to elections in the U.S., Rwanda, and to a lesser extent India and the European Union, and that none of these networks attracted viral engagement or sustained audiences. The company said it also had acted to stop a number of clusters of accounts, both of which were tied to influence operations under codenames A2Z and Stop News, creating content in the English and French languages to be published later on a number of websites as well as across numerous social media accounts on a variety of platforms. "Stop News" was especially prolific in its use of imagery, researchers Ben Nimmo and Michael Flossman noted. Many of its web articles as well as its tweets contained images created using DALL-E. #CyberDefense #DigitalSecurity #AIProtection #cybersecurity #Ascellainfosec

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild Five are marked as publicly known at time of release, with two gaining active exploitation within just 24 hours of release as a zero-day - CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability CVE-2024-43583 - Winlogon Elevation of Privilege Vulnerability CVE-2024-20659 - Windows Hyper-V Security Feature Bypass Vulnerability CVE-2024-6197 - Open Source Curl Remote Code Execution Vulnerability Note, also that CVE-2024-43573 is seemingly connected with both CVE-2024-38112 and CVE-2024-43461, another two MSHTML spoofing flaws that had been exploited pre-July 2024 by the threat actor Void Banshee to spread the Atlantis Stealer malware. Cybersecurity Microsoft has no reports of the two vulnerabilities being exploited in the wild, by whom, or to what extent. It credited researchers Andres and Shady for the report of CVE-2024-43572 but gave no credit to anyone in the case of CVE-2024-43573, which raises the possibility that it's a case of patch bypass. "Since the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system," Satnam Narang, senior staff research engineer at Tenable, said in a statement shared with The Hacker News. The U.S. also said that CVE-2024-43572 and CVE-2024-43573 are actively exploited. Among the flaws reported by Redmond on Tuesday, the most serious issue pertains to the remote execution flaw in Microsoft Configuration Manager (CVE-2024-43468, CVSS score: 9 #Microsoft #Cybersecurity #SecurityUpdate #Acsellainfosec #TechNews