Welcome to the second edition of the Threat Intelligence Newsletter. The goal is to deliver weekly updates with the latest in threat intelligence and cybersecurity related, to help accelerate innovation and collaboratively build a more secure future!

Week in review

Russian Threat Actors Pose High Risk to 2024 Paris Olympics

According to Google Cloud’s Mandiant cybersecurity team, the 2024 Paris Olympics is facing cyber threats ranging from espionage, disruption, destruction, hacktivism, influence, and financially motivated activities.

Mystery malware destroys 600,000 routers from a single ISP during 72-hour span

An unknown threat actor with equally unknown motives forces ISP to replace routers. According to Black Lotus Labs, the routers—conservatively estimated at a minimum of 600,000—were taken out by an unknown threat actor with equally unknown motivations. The attacker used Chalubo and perhaps used custom Lua scripts to replace/wipe the router firmware:

Malicious VSCode extensions with millions of installs discovered

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.

Ideas Corner

Productivity, Security and Microsoft Recall

Tools like Perplexity or chatGPT are integrated into my daily workflow, and I cannot imagine my life without them.

With the announcement of Copilot+PC, Microsoft also introduced Recall:

“Retrace your steps with Recall. Search across time to find the content you need, then re-engage with it. With Recall, you have an explorable timeline of your PC’s past. Just describe how you remember it, and Recall will retrieve the moment you saw it. Any photo, link, or message can be a fresh starting point.”

This sounds really interesting in terms of productivity but could be a nightmare in terms of information security because it is essentially a keylogger. The feature has been heavily criticized by the security community since its announcement.

But it can get worse… Researchers have successfully developed a tool capable of locating, extracting, and displaying all data stored by Recall on any device. The tool, “TotalRecall,” available on Github, extracts and displays data from the Recall feature, providing an easy way to access snapshots of PC activity.

Therefore, Microsoft is making some changes to its controversial Recall feature to address security concerns. This means it won't take screenshots of everything you do after all, unless you opt in.

One of the main concerns with Microsoft’s Recall function, and indeed with all AI apps and functions, is the lack of “Security by Default”. Even though Microsoft has a Secure Future Initiative in place, it's challenging to be certain of its efficacy.

The challenges these tools bring cannot be overlooked. We urgently need a viable proposal to address the security concerns inherent in data protection for tools like Microsoft's Recall.

Interesting Interviews, Tools and More

One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin Credentials

Because we talked about routers, a little more deepdive to it. This researchers discovered that these routers, whether intended or not, configured via ASUS's DDNS, are susceptible to a man-in-the-middle (MITM) attack, which we identified, enabling the theft of admin credentials....

LLM Agents can Autonomously Hack Websites

This paper shows that LLM agents can autonomously hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback. Importantly, the agent does not need to know the vulnerability beforehand.

Prompt Fuzzer is an open-source tool that evaluates the security of GenAI application’s system prompt against dynamic LLM-based threats.

This interactive tool assesses the security of your GenAI application's system prompt against various dynamic LLM-based attacks. It provides a security evaluation based on the outcome of these attack simulations, enabling you to strengthen your system prompt as needed.

Thanks for reading. If you want to be up to date with the last threats and news in the cybersecurity world, subscribe!