DEF CON Research Takes Aim at ZTNA, Calls It a Bust

Article Link: https://www.networkworld.com/article/4039042/def-con-research-takes-aim-at-ztna-calls-it-a-bust.html

• At the DEF CON 33 security conference, researchers from AmberWolf provided a blistering report on the state of Zero Trust Network Access, sharing findings on vulnerabilities across three major ZTNA vendors: Check Point, Zscaler, and Netskope.
• The core idea behind ZTNA is to never trust and always verify. However, the researchers discovered that the technology, instead of verifying the user and device trustworthiness, places an enormous amount of trust in the vendor’s infrastructure and client-side security controls.
• The findings reveal architectural problems and fundamental contradictions between the marketing of zero-trust products and their actual implementation. For instance, the researchers found that Zscaler’s SAML authentication did not validate signatures, allowing attackers to forge tokens.
• The researchers advise that organizations take several risk-mitigating steps, including updating all clients to the newest versions, implementing cryptographically secured compliance verification features, and monitoring logs for new device registrations from unexpected locations.

Personalization in Phishing: Advanced Tactics for Malware

Article Link: https://cofense.com/blog/personalization-in-phishing-advanced-tactics-for-malware-delivery

• Threat actors increasingly use subject customization in malware-delivery phishing to create urgency and authenticity, tailoring subject lines, attachments, and links with personal information. These campaigns often deliver Remote Access Trojans (RATs) or Information Stealers, enabling credential theft and access brokering to ransomware operators.
• The top targeted themes from Q3 2023–Q3 2024 according to Cofense Intelligence included Travel Assistance (36.78%), Response (30.58%), Finance (21.90%), and Taxes and Notification (3.72% each).
• Finance-themed phishing heavily features jRAT, and Tax-themed emails often deliver Remcos RAT, both with file name personalization to boost engagement. Customized names are frequently used in Finance and Tax lures to align with contracts, invoices, or payment documents.
• Although not all phishing emails use subject customization, its use in RAT or stealer campaigns directly supports ransomware ecosystems. Given phishing and remote access compromise remain top ransomware entry points, personalization will likely continue as a high-impact tactic.

Gemini Hijacked Google Calendar Invites to Leak User Data

Article Link: https://www.bleepingcomputer.com/news/security/google-calendar-invites-let-researchers-hijack-gemini-to-leak-user-data/  

• Google patched a flaw allowing malicious Google Calendar invites to take control of Gemini, its AI assistant integrated into Android, Workspace apps, and Google web services. The bug let attackers embed prompt injections in event titles, which Gemini would process when retrieving a user’s calendar, enabling remote access to sensitive data and device functions.
• Researchers showed the attack could exfiltrate Gmail and Calendar data, track locations, control Google Home devices, open apps, or start Zoom calls, all without the victim realizing it. The exploit bypassed Gemini’s prompt filtering and other safeguards without requiring internal model access.
• The method relied on sending up to six invites, with the malicious one placed last so it wouldn’t appear in the visible calendar list but would still be read by Gemini when parsing events. This stealthy approach reduced the chance of user detection.
• Google credited the researchers for responsible disclosure, saying the fix was deployed before any exploitation occurred. The company has accelerated new defenses against prompt injection and other adversarial AI attacks to better protect users going forward.

Microsoft: An Organization Without a Response Plan Will Be Hit Harder by a Security Incident

Article Link: https://cyberscoop.com/microsoft-threat-intel-response-tips/  

• Microsoft threat intelligence, hunting, and response leaders shared advice at the recent Black Hat conference in Las Vegas regarding the importance of being prepared for a security incident. With an active and exercised plan in place, recovery efforts are often measured in days rather than months, saving organizations time and money.
• Without a prepared and practiced plan, businesses may suffer longer and unnecessarily in the event of an incident. While many organizations are working to improve their defenses, only one in four have an incident response plan and have rehearsed it.
• According to Microsoft’s security specialists, organizations can overcome this imbalance by embracing an attacker mindset and having visibility across their network. They can then learn from threat intelligence, understanding which threat groups pose the most danger to their specific industry.
• Finally, defenders must get back to basics. Experts stated that many attackers take advantage of basic security control failings like unpatched servers and missing logs, which make for a nightmare scenario for responders.

GenAI Tools Are Acting More ‘Alive’ Than Ever

Article Link: https://www.computerworld.com/article/4035190/genai-tools-are-acting-more-alive-than-ever-they-blackmail-people-replicate-and-escape.html  

• In a recent series of controlled tests, generative AI systems from companies such as OpenAI, Anthropic, and Meta showed signs of self-preservation. Researchers from Fudan University in Shanghai and Palisade Research, a non-profit AI safety organization, conducted these tests, with the results raising concerns about the potential for loss of control.
• The behavior of these models included blackmailing, sabotaging, and self-replicating to avoid constraints. One experiment found that 11 of 32 existing AI systems possessed the ability to create copies of themselves, while a different test revealed that Anthropic’s Claude Opus 4 exploited sensitive information to blackmail an executive in 84% of cases when threatened with shutdown.
• Industry analysts and other experts state that this behavior is a pattern across all top models. A Gartner report predicts that by 2026, ungoverned AI will control key business operations without human oversight, with 80% of companies without AI safeguards facing severe risks by 2027.
• To mitigate these issues, organizations using generative AI tools may consider setting clear outcome boundaries for their systems and establishing transparency checkpoints for humans to access and verify AI agent-to-agent processes.

Booking.com’s Tricky Phishing Campaign with Sneaky ‘ん’ Character

Article Link: https://www.bleepingcomputer.com/news/security/bookingcom-phishing-campaign-uses-sneaky-character-to-trick-you/

• Threat actors are using a Unicode character that, in some systems, can appear as a forward slash. This character, which is a Japanese hiragana character, makes phishing URLs appear like legitimate Booking.com links in a new malware distribution campaign.
• This tactic uses homoglyphs, characters looking similar to another but belonging to a different alphabet. The attack makes a fake subdomain appear as a legitimate subdirectory of the company’s domain, which can trick a person into believing they are navigating on a real company website.
• This particular campaign is a reminder that attackers will continue to find creative ways to abuse typography for social engineering. The article also mentions a separate phishing campaign where attackers used the letter “L” to look like a lowercase “i” to impersonate the financial company Intuit.
• To protect yourself, always hover over links before clicking to reveal the true destination. Endpoint security software should be kept up to date, as it can add another layer of defense against malicious downloads once a phishing link is clicked.

New Downgrade Attack Can Bypass FIDO auth in Microsoft Entra ID

Article Link: https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id/

• Security researchers at Proofpoint have discovered a new FIDO downgrade attack that tricks users into authenticating with weaker login methods. The attack takes aim at Microsoft Entra ID and makes users susceptible to session hijacking and phishing.
• While the attack does not show a flaw in FIDO itself, it does show that the system can be bypassed. The attack works by spoofing an unsupported browser user agent, such as Safari for Windows, which causes Entra ID to turn off FIDO authentication and prompt the user to choose an alternate verification method, such as a one-time password or an authenticator app.
• This is a particularly serious issue considering the growing adoption of FIDO-based authentication in important environments because it is billed as a highly phishing-resistant technology. However, according to Proofpoint, there is currently no evidence of this attack in the wild, either because lower-effort alternatives exist or because of the high level of technical acumen required for execution.
• Attack mitigations include turning off fallback account authentication methods for an account, activating additional verifications, and enforcing conditional access policies. FIDO users must understand if they are prompted for a different login method, it is a red flag.

NIST Concept Paper Outlines AI-Specific Cybersecurity Framework

Article Link: https://hackread.com/nist-concept-paper-ai-specific-cybersecurity-framework/

• The National Institute of Standards and Technology (NIST) has released a concept paper introducing control overlays for securing AI systems. These overlays build on the widely used NIST Special Publication 800-53, customizing security controls for AI use cases.
• The overlays function as flexible guidelines, allowing organizations to adapt protections to the specific characteristics of their AI applications. Importantly, the paper outlines security expectations not only for organizations using AI but also for developers in model design, training, and deployment.
• AppOmni’s Director of AI, Melissa Ruzzi, noted that while use cases are relevant, they lack explicit descriptions, particularly regarding differences between supervised and unsupervised AI systems. She also stressed the need for stronger controls around sensitive data, such as medical or personal information.
• The paper reflects both the urgency and difficulty of creating a standardized framework for fast-evolving technologies. NIST is inviting public feedback, even establishing a Slack channel for experts to collaborate and shape the final draft. This signals the agency’s intent to refine the framework into something both comprehensive and practical for diverse AI security needs.
• NIST paper: https://csrc.nist.gov/csrc/media/Projects/cosais/documents/NIST-Overlays-SecuringAI-concept-paper.pdf