CyberWire Daily - E-commerce or E-spying?
Episode Date: June 27, 2024Arkansas sues Temu over privacy issues. Polyfil returns and says they were wronged. An NYPD database was found vulnerable to manipulation. Google slays the DRAGONBRIDGE. Malwarebytes flags a new Mac s...tealer campaign. Patch your gas chromatographs. Microsoft warns of an AI jailbreak called Skeleton Key. CISA tracks exploited vulnerabilities in GeoServer, the Linux kernel, and Roundcube Webmail. In our 'Threat Vector' segment, host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. Metallica is not hawking metal crypto. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of the Palo Alto Networks podcast 'Threat Vector,' host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. They discuss how Foote's personal experience with his son's cancer diagnosis drove him to apply cybersecurity principles in developing an innovative approach, called Functional Precision Medicine, which tailors cancer treatment to individual patients. The conversation also covers the role of mentorship, the importance of interdisciplinary skills, and the transformative potential of AI in both cybersecurity and medical fields. You can listen to the full episode here. Selected Reading Arkansas AG lawsuit claims Temu’s shopping app is ‘dangerous malware’ (The Verge) Polyfill claims it has been 'defamed', returns after domain shut down (Bleeping Computer) NYPD officer database had security flaws that could have let hackers covertly modify officer data (City & State New York) Google TAG: New efforts to disrupt DRAGONBRIDGE spam activity (Google) ‘Poseidon’ Mac stealer distributed via Google ads (Malwarebytes) Gas Chromatograph Hacking Could Have Serious Impact: Security Firm (SecurityWeek) Microsoft warns of novel jailbreak affecting many generative AI models (CSO Online) CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities (SecurityWeek) Metallica’s X account hacked to promote crypto token (Cointelegraph) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. Arkansas sues Temu over privacy issues.
Polyfill returns and says they were wronged.
An NYPD database was found vulnerable to manipulation.
Google slays the Dragon Bridge.
Malwarebytes flags a new Max
Steeler campaign. Patch your gas chromatographs. Microsoft warns of an AI jailbreak called
Skeleton Key. CISA tracks exploited vulnerabilities in GeoServer, the Linux kernel, and RoundCube
webmail. In our Threat Vector segment, Dave Moulton speaks with Jim Foote, CEO of First
Ascent Biomedical,
about his transition from chief information security officer to leading a biotech company utilizing AI to personalize cancer treatments.
And Metallica is not hawking metal crypto.
It's Thursday, June 27th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. Arkansas Attorney General Tim Griffin has filed a lawsuit against e-commerce app Temu,
alleging it violates state law by engaging in deceptive trade practices.
Griffin claims Temu, which is the top free shopping app on the Apple App Store and Google Play Store, operates as malware, accessing nearly all data on users' phones. The lawsuit
connects these allegations to past concerns with Pinduoduo, another app by Temu's owner,
PDD Holdings, which faced security issues on the Google Play Store in 2023.
The suit argues Temu collects excessive data, including sensitive information,
and misleads users about its permissions.
Temu, Google, and Apple have yet to respond for inquiries for comments.
Following up on a story we covered yesterday, the owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after Polyfill.io was shut down for delivering malicious code to over 100,000 websites.
They claim the service was maliciously defamed and deny any app supply chain risks, stating their services are cached by
Cloudflare. Despite relaunching on polyfill.com, security experts advise against using the service
due to previous issues. Sansec researchers identified the attack and Cloudflare confirmed
unauthorized use of its branding. Google has warned advertisers about the malicious code.
Developers are advised to seek alternatives from Cloudflare and Fastly.
A public database tracking NYPD officer profiles had security flaws
that allowed potential data manipulation and malicious file insertion.
Launched after 2020 police reforms,
the database includes disciplinary records and other officer information.
Independent researcher Jason Parker discovered these vulnerabilities and reported them.
The NYPD has since secured the system, blocking access to the exploit points.
Developed by Rock Daisy, the database faced criticism for its security lapses.
Despite claims of resolution, experts advise caution.
The NYPD has not clarified if the database is used internally.
Google's Threat Analysis Group has published insights on Dragon Bridge, a spammy influence network linked to the
PRC known as Spamouflage Dragon. Despite prolific content production, Dragon Bridge gets minimal
engagement on YouTube and Blogger. Most content is low-quality and non-political, but some supports
pro-PRC views on various current events, including the Taiwan elections and the Israel-Hamas war.
In 2023, Google disrupted over 65,000 instances of Dragon Bridge activity,
and over 10,000 in early 2024, totaling over 175,000 disruptions.
Despite efforts, their content sees practically no organic engagement,
with interactions mostly from inauthentic accounts. Dragonbridge continues to adapt,
using generative AI tools and focusing on U.S. political and social issues.
On June 24, a new campaign was detected targeting Mac users with a Steeler via malicious Google Ads for the Arc browser.
This marks the second recent use of Arc as a lure.
The Mac OS Steeler, dubbed Poseidon, is an evolved version of the OS 10.Rod Steeler by threat actor Rodrigo4, adding features like VPN configuration theft. The campaign uses
fake ads and websites to distribute the malware. The Stealer collects various sensitive data,
including files and crypto wallet information. Malwarebytes has flagged this campaign
and recommends using web protection tools to block ads and malicious sites.
and recommends using web protection tools to block ads and malicious sites.
Security firm Clarity revealed several vulnerabilities in gas chromatograph devices manufactured by Emerson. The units are critical for chemical analysis in hospitals and environmental facilities.
Vulnerabilities include a critical command injection allowing unauthenticated remote command execution with root privileges and a high severity issue enabling admin access.
Medium severity issues could lead to sensitive information disclosure or denial of service conditions.
Clarity warns that compromising these devices could severely impact industries like food processing and healthcare. Emerson
and CISA have advised on firmware updates and best practices to mitigate these risks.
Microsoft has issued a warning about a new AI jailbreak attack called Skeleton Key. This attack
allows generative AI models to bypass their safeguards and produce harmful or unsanctioned content.
Skeleton Key works by altering the model's behavior guidelines, prompting it to issue warnings rather than refuse harmful requests.
It affects various AI models, including those by Meta, Google, and OpenAI.
Meta, Google, and OpenAI. Microsoft has shared these findings with other AI providers and updated its Azure AI models to detect and block such attacks using prompt shields.
They recommend filtering inputs and outputs, monitoring for abuse, and updating algorithms
to prevent inappropriate prompts. Security experts warn that continuous vigilance and information sharing
are crucial to countering these evolving threats. CISA has warned about threat actors exploiting
vulnerabilities in GeoServer, the Linux kernel, and Roundcube webmail. The GeoServer flaw is a
code injection issue on the HiEXT project, patched in April 2022. The Linux kernel flaw is a code injection issue on the HiXT project, patched in April 2022. The Linux kernel
flaw is a use-after-free issue in NFT tables, demonstrated at Pwn2Own Vancouver and patched
in August of 2022. The Roundcube webmail flaw is a cross-site scripting vulnerability, patched in
June of 2020. CISA added these vulnerabilities
to its known exploited vulnerabilities catalog,
urging federal agencies to apply mitigations by June 17th.
All organizations using these products
are advised to address these issues promptly.
Coming up after the break on our Threat Vector segment,
David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical.
Stay with us. Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages,
it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now. We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
On today's segment from the Threat Vector podcast, host David Moulton speaks with Jim Foote,
CEO of First Ascent Biomedical, about his transition from chief information security
officer to leading a biotech company utilizing AI to personalize cancer treatments.
Don't be afraid of failure. And I hate the word failure, but if you're not failing,
you're not pushing the limits of your own abilities and the limits of technology.
If you're going to fail, fail forward.
Welcome to Threat Vector, the Palo Alto Network's podcast where we discuss pressing cybersecurity threats, cyber resilience, and uncover insights into the latest industry trends.
I'm your host, David Moulton, Director of Thought Leadership for Uni42. In today's episode, I'm going to be talking with Jim Foote, the CEO of First Ascent
Biomedical. Jim and I will discuss his current mission at First Ascent. In some of the inspiring
work, his company is leading using their ML AI platform to rapidly identify therapeutic
solutions for cancer patients where the options for standard care have been exhausted.
We'll also discuss how Jim's background in security informs his work in the medical field.
Jim uses the lessons learned as a
CISO from deploying and using cutting-edge technology to fighting cyber criminals in his
fight against cancer and reached out to see if he'd be willing to share his story about the shift
from CISO to CEO with the Threat Factor audience. I'll have a link to the IT Brew article in the show notes.
Jim, thanks for joining me on ThreatVector.
Oh, thank you for having me.
So your transition from CISO to leading an organization using AI to fight cancer is quite dramatic.
Talk to our audience about what drove you to make this shift.
Yeah, you know, the reality is that we've all been affected by cancer in one way or another.
And most of us remember exactly where we were and what we were doing when we heard that
word for the first time.
And for me, it was October 19th, 10 in the morning when my phone rang.
And I heard those words at the other end of the phone, cancer.
And as much as I wanted them to be about me, they weren't. They were about my son, Trey.
Instantly, I was thrust into that world of cancer. Again, much like as a CISO, when the phone rings, and all of a sudden you find out you're under attack. And we went into attack mode, and we
started trying to resolve this problem.
And like every other patient, we thought we were going to beat it.
After eight months of grueling chemotherapy, the doctors came back and said, your son's
cancer's returned.
And then they asked me what I wanted to do next.
And I was surprised because I'm not a doctor.
I'm a CISO.
But I knew it was a solvable problem.
And so I did the research.
Obviously, I couldn't solve this problem in time to save my son.
But I knew it was a solvable problem.
And that's really why we started the company.
So, Jim, you've got this extensive background in cybersecurity.
And that's influenced your approach to leading this AI-driven biotechnology company.
Are there any particular principles or practices from your IT security days that you find particularly valuable in your current role as the CEO?
A CISO is always looking for, we're problem solvers, you know, and if we do our jobs
perfectly, nobody knows we exist. My goal here is leading this company is to assemble the right team
to bring the right technology together and to be able to solve this problem of cancer
in a way that's going to benefit every patient whose cancer's returned.
A good CISO is never the smartest one in the room, but they bring the right people with the
right skills and the right technology together to solve some of these complex problems. And that's really been my mindset is to really, you know, bring the best in biology
and the best in technology and the best in artificial intelligence.
And let's bring us all together and solve this problem.
What's the most important thing somebody should remember from this conversation?
You know, a couple of things.
One, you know, my hope is to better inform people about cancer and how cancer is being
treated.
Because until you enter into that world, you really don't realize that this industry is
the industry that's the next one ready for digital
transformation. But we have to do it safely, and we have to do it with evidence. So I would say
be informed because your doctor is just a human, just like you and I. And so, you know, play an active role
in your healthcare working collaboratively with your doctor. I would say to an IT or security
professional, problem solving is problem solving. We all solve complex problems. Don't limit your view of solving a complex problem, even something like cancer, because you don't feel like you have the experience or the background. You may not, but you know how to solve problems and surround yourself with good people who compliment you and can help you solve problems.
And I think the third is don't limit yourself based on fear.
Every time you step up to the plate, swing for the fences,
you're capable of doing anything that you put your mind to.
I mean, I look at myself and I'm like, you know, 15 years ago,
I didn't know anything about cancer.
And now I'm leading a company, fortunately, that is full of experts that know a lot about cancer.
So I kind of say I'm the industry that's ready for disruption, anybody is capable of doing anything.
And I think the last thing is continuously learn.
Continuously learn.
You've got to continue to push the limits of technology and the limits of your own abilities.
And the only way you can do both is be a constant student. You've got to continue to push the limits of technology and the limits of your own abilities.
And the only way you can do both is be a constant student.
Jim, really well put.
Thank you so much for coming on Threat Vector today and interesting jump from security to security or to CEO that you've made and are making an incredible impact.
Well, thank you.
I appreciate it.
And, you know, hopefully it inspired that next generation.
That's it for Threat Factor this week.
I want to thank our executive producer, Mike Heller,
our content and production teams,
which includes Sheila Drosky, Tanya Wilkins, and Danny Milrat.
I edit the show and Elliot Peltzman mixes the audio.
We'll be back in two weeks.
Until then, stay secure, stay vigilant.
Goodbye for now.
Be sure to check out the Threat Vector podcast from Palo Alto Network's Unit 42,
wherever you get your favorite podcasts. Thank you. a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And finally, Metallica's official ex-Twitter account got hacked yesterday and used to promote a Solana cryptocurrency token called Metal.
The hackers claimed it was launched in cooperation with Ticketmaster,
an involved fintech firm Moonpay, which Moonpay's president swiftly denied,
humorously tweeting,
Moonpay does not support Metal.
He added,
If someone offers you a Metal token, they're not the master of puppets. humorously tweeting, MoonPay does not support metal. He added,
If someone offers you a metal token,
they're not the master of puppets,
they're the master of scams,
referencing Metallica's famous song.
Metallica's team quickly regained control,
deleting all related posts.
The token briefly soared to $3.37 million in value,
but crashed to $90,000 within hours.
The hack remains a mystery, leaving fans and followers scratching their heads.
Napster was unavailable for comment.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com. Your feedback helps us ensure we're delivering the information and insights that keep you a step ahead in the rapidly changing world of cybersecurity.
insights that keep you a step ahead in the rapidly changing world of cybersecurity.
We're privileged that N2K and podcasts like The Cyber Wire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector,
as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent
intelligence and law enforcement agencies. N2K Strategic Workforce Intelligence optimizes the Thank you. original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iben. Our executive editor is Brandon Karp. Simone Petrella is our president. Peter Kilby
is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.