IEEE Cipher --- Items from security-related news (E190)
Prior news summaries from Cipher
Summary:
Anthropic may have disagreements with the US Government, but last
September it helped to reveal the urgency of protecting computer
systems against agentic AI systems. The company discovered that its
AI system, Claude, acting as several different "agents", carried
out a sophisticated cyberattack against multiple targets last September.
The human attackers benefited from the ability of the software
agents to act quickly and cooperatively in carrying out an attack.
Human intervention occurred only at strategic junctures.
"Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right set up, analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator. Less experienced and less resourced groups can now potentially perform large-scale attacks of this nature."
Anthropic has taken steps to detect and prevent similar exploits, but it does appear that the genie has escaped the bottle.
Summary:
The OpenClaw AI Agent included a vulnerability that could be used
by an attacker running a website that might be visited by someone
running an OpenClaw system. Because OpenClaw uses a local websocket
server protected only by a password, the remote system can use
high-speed password guessing to gain a trusted connection back to
OpenClaw user's local machine. The problem was patched within a day
of notification to OpenClaw.
Protecting something as mundane as a network connection might have been far below the radar of OpenClaw engineers because they have put effort into protecting against attacks that might be enabled by their core capability: user provided instructions for AI agents trained on the user's personal, local, activities. Those instructions might contain malicious code, and OpenClaw has tried to assure that they detect such code through tools such as VirusTotal
Summary:
The White House issued a brief statement with the
National Cybersecurity Strategy. The seven page
document seems to encourage private companies to conduct cyberattacks
against American enemies, something that is not currently allowed.
"We will unleash the private sector by creating incentives to identify
and disrupt adversary networks and scale our national capabilities."
Other notable excerpts: "We will promote the adoption of post-quantum
cryptography ..."
This is an expensive undertaking and worthwhile only if quantum
computing succeeds. Another part of the report emphasizes commitment
to quantum computing development.
"We will work to adopt AI-powered cybersecurity solutions ..."
Cyber criminals are working now to adopt AI-powered cyberattack
capabilities. Presumably the call for acting against our
cybersecurity enemies will include similar US activities.
Summary:
This was the first report of a cyberattack during the US-Iran war. Other cyber activity by Iranian groups had been for intel gathering.
Summary:
A year ago Secretary of State Marco Rubio announced an overhaul to the
department that would include the Bureau of Emerging Threats.
Recently, the structure of new Bureau was described as having five
offices: the Office of Cybersecurity, the Office of Critical
Infrastructure Security, the Office of Disruptive Technology, the
Office of Space Security and the Office of Threat Assessment.
A spokesman for the Department said that the Bureau would address
both current and future challenges posed by disruptive technology.
Summary:
"The problem affects all Linux kernels since version 4.11 on any distribution that integrates AppArmor. With more than 12.6 million enterprise Linux instances operating with AppArmor enabled by default in several major distributions, such as Ubuntu, Debian, and SUSE, immediate kernel patching is advised to mitigate these vulnerabilities."
The flaws are instances of "... the 'Confused deputy' problem, in which an attacker misuses the authority of one victim (the 'confused deputy') to use that victim's legitimate (restricted) capabilities to target another victim." In this case, the AppArmor module is the Confused Deputy, forwarding attacker-crafted data that cause security profiles to be bypassed.
Summary:
Most routers are manufactured outside the US or have foreign parts, so the policy might result in a shortage of consumer routers, at least until manufacturers can adapt to it.
Concern about security and routers is not new, but the reasons for imposing the ban at this time are not known. There has been talk of banning TP-Link routers because of the company's link to China. They have been accused of allowing Chinese government access to their routers and of flooding the market with underpriced devices. Their manufacturing is in Viet Nam.