Tech Risk Reading Picks

1. Total recall: Security researchers have discovered that preview versions of Recall, set to launch on new Copilot+ PCs on June 18, store screenshots in an unencrypted database. This vulnerability could allow attackers to easily access the data. In response, cybersecurity strategist and ethical hacker Alex Hagenah has created a demo tool named TotalRecall, inspired by the movie "Total Recall," which automatically extracts and displays all the data Recall records on a Windows laptop. Hagenah emphasizes that the database is unencrypted and all data is in plain text. TotalRecall is being released on GitHub to showcase the potential abuse of Recall and encourage Microsoft to make changes before the full launch. [more]

2. Super admins in Cloud posing one of the greatest risks: In the "2024 State of Multicloud Security Risk" report, Microsoft delves into the complex landscape of securing multicloud environments, emphasizing the challenges organizations face in protecting against cyberthreats. The analysis, which incorporates data from various Microsoft security tools, highlights key vulnerabilities across Microsoft Azure, AWS, GCP, and beyond, focusing on identity, data, and other crucial aspects of cloud security. One significant finding is the prevalence of "super identities," where over 50% of cloud identities had access to all permissions and resources in 2023. The potential consequences of compromising even one such identity are considerable. Additionally, the report uncovers vulnerabilities in development and runtime environments, as well as deficiencies in organizations' data security practices. [more][more-2]

3. Checkpoint Cloud security report: The 2024 Cloud Security Report, created by Cybersecurity Insiders and Check Point, is out now. Based on input from over 800 professionals in cloud and cybersecurity, it offers a detailed analysis of the current cloud security landscape. The report assesses the efficacy of existing security measures and tracks the adoption of new security solutions across various companies. It presents a holistic view of both the promising advancements and ongoing hurdles in cloud security. [more]

4. Single point of failure risk in healthcare: The U.S. Department of Health and Human Services (HHS) is taking proactive steps to address cybersecurity risks in the healthcare sector, particularly regarding single points of failure. Following a cyberattack on UnitedHealth Group's Change Healthcare unit earlier this year, which had significant cascading effects on health claims and payments, HHS is working to map out these vulnerabilities. [more]

5. Hugging Face exploited: Hugging Face's Spaces platform, a hub for community-created AI apps, experienced a breach where unauthorized access to authentication secrets occurred. While the company revoked compromised tokens and notified affected users, they urge all Spaces users to refresh their tokens and switch to fine-grained access tokens for tighter security. Hugging Face is collaborating with cybersecurity experts, enhancing security measures, and plans to deprecate "classic" tokens soon. The incident underscores the platform's growing popularity as a target for cyber threats, with previous instances of malicious AI models and vulnerabilities discovered by security researchers. [more]

6. NIST AI risk assessment program: NIST is launching the Assessing Risks and Impacts of AI (ARIA) program to enhance understanding of AI's capabilities and impacts. This initiative aligns with the Executive Order on trustworthy AI and complements the U.S. AI Safety Institute's goals. ARIA will evaluate AI technologies to ensure they are valid, reliable, safe, secure, private, and fair. It expands on NIST's AI Risk Management Framework and aims to develop methodologies and metrics for assessing AI's functionality in real-world contexts. ARIA will focus on how AI systems perform in practical settings, considering human interactions and societal impacts. The program's outcomes will support efforts to establish safe and trustworthy AI systems. [more]

7. Crowdstrike outlines AI-powered attacks: AI-powered cyberattacks utilize AI or machine learning algorithms to automate, expedite, or augment different stages of a cyberattack. These phases encompass recognizing vulnerabilities, executing campaigns through identified attack routes, progressing attack strategies, establishing system backdoors, extracting or manipulating data, and disrupting system functionality. The AI algorithms employed in AI-powered cyberattacks are capable of learning and evolving, allowing them to adjust to evade detection or construct undetectable attack patterns. [more]

8. Web3 Cryptospace Spotlight

   1. Elliptic on AI-enabled crime in the cryptoasset ecosystem: Elliptic’s report highlights five types of AI-driven crimes in the crypto world, drawing from real cases. By understanding these emerging threats, compliance experts and investigators can better combat illicit activities in the cryptoasset ecosystem. [more]

   2. $300M BTC drained: DMM Bitcoin, a major Japanese crypto exchange, suffered a significant security breach resulting in the theft of over $300 million worth of Bitcoin. They've taken steps to enhance security, including suspending certain services temporarily. Japanese authorities are investigating, and DMM Bitcoin assures customers their Bitcoin deposits are fully covered and will be reimbursed. The cause of the hack remains unclear. [more]

   3. Web3 security alliance: group of over 14 major crypto entities, including Circle, Coinbase, ConsenSys, Fireblocks, and the Solana Foundation, have launched a Crypto Information Sharing and Analysis Center (ISAC) to combat cyber threats in the industry. The initiative comes after hackers stole over $7.7 billion in digital assets since 2016, highlighting the need for enhanced security measures. Led by executive director Justine Bone, the ISAC aims to build public trust in blockchain security and promote mass adoption of digital assets. Key objectives include fostering collaboration, sharing unbiased information, and bolstering resilience against attackers. Coinbase's Chief Information Security Officer, Jeff Lunglhoger, sees the ISAC as a significant step in supporting global economic freedom through decentralized finance technologies. [more]

   4. Lower losses in Web3 attacks: In 2024, cryptocurrency hacks and rug pulls caused losses of over $473 million across 108 incidents, as reported by Immunefi. In May, $52 million was stolen, with Gala Games and SonneFinance being the hardest hit. This total is 12% less than in May 2023. [more]

   5. Browser extension risk: A Binance user lost $1 million due to a compromised browser extension called "Aggr" that stole their cookies and allowed a hacker to access their account. Binance's slow response facilitated the hacker's withdrawals. This incident highlights the danger of malicious browser extensions. [more]

      1. To protect yourself:

         1. Remove unnecessary browser extensions regularly.

         2. Only use extensions from reputable developers.

         3. Review permissions before installing any extension.

         4. Clear cookies regularly to prevent hijacking.