Deepseek, AMD, and Forgotten Buckets – PSW #860

The saga continues! AMD did release patches, Google also released a PoC. There seems to be some misunderstanding about this vulnerability, Demi from Invisible Things states it the best:

"Since microcode loading can (hopefully!) only be done in ring 0 and SVM root mode, this means that one needs OS kernel access to perform an exploit. However, if an attacker could load arbitrary microcode, they could compromise SMM, SEV-SNP, and DRTM, so this is still pretty bad."

SMM is system management mode, which means all bets are off and attackers could bypass many things (including access SMRAM). AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) further protects memory with virtualization (e.g. Cloud workload protections). While the PoC just modified a random number generator function, actual attackers can exploit this to bypass low-level protections.

This is an amazing read! Basically, people left behind AWS buckets. You can register these buckets and use them for all sorts of malicious activity, depending on how the bucket was used in the first place. Don't use buckets for software/firmware updates without signature validation!

This looks neat. I got it up and running, but other than that I have not had a chance to really kick the tires. There is something to be said for tools that allow one to search vulnerabilities and exploits, though they seem to work for a while, they the project is abandoned and they no longer work..

So Zoom states this: "Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access." - What does that actually mean? Anyone?

This paper shows some real promise. Essentially, researchers have developed a way to take memory snapshots via a DXE driver as the system is booting. They also developed a tool to analyze the memory snapshots and detect things such as function pointer hooking (a technique used by attackers to hijack the execution flow). This type of research has been on my bucket list for some time, that is, develop ways to detect and prevent malware in UEFI. It is not an easy problem to tackle, but this paper is a step in the right direction.

The UK government has published a policy paper, Code of Practice for the Cyber Security of AI, which was created with the intent to “give businesses and public services the confidence they need to harness AI’s transformative potential safely.” The Code of Practice comprises 13 principles, which are grouped into categories of secure design, secure development, secure deployment, secure maintenance, and secure end-of-life.

The intent is to create a voluntary code of practice which will be used to create a global standard in the ESTI, which sets baseline security requirements for AI. In the UK guidance, each of the 13 principals include relevant standards and publications at the start to help connect that guidance to this code, making it more relevant to other guidance we're already incorporating into our system lifecycle.

Code of Practice and Implementation guide: https://www.gov.uk/government/publications/ai-cyber-security-code-of-practice

Wiz Research has identified a publicly accessible ClickHouse database belonging to DeepSeek, which allows full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information.

The flaw allows an unauthenticated attacker to directly execute arbitrary SQL queries via the HTTP interface, to include privilege escalation. As our developers are under extreme pressure to deliver, particularly anything even remotely AI-related, make sure that you've got their back to ensure the security basics aren't overlooked/skipped. Don't enable "unforgivable flaws." If you're a DeepSeek user, you need to change your credentials, both login and API keys. Give a thought to updating any saved payment methods.

The Python Package Index (PyPI) has introduced support for project archival, which allows maintainers to indicate that there are unlikely to be future updates for the identified project. Archived projects will continue to be hosted on PyPI, but the designation “allows users to make better decisions about which packages they depend on, especially regarding supply-chain security, since archived projects clearly signal that no future security fixes or maintenance should be expected.” Facunda Tuesco, Senior Engineer at Tail of Bits, writes, “Project archival is just the beginning: we’re also looking into additional maintainer-controlled project statuses, as well as additional PyPI features to improve both upstream and downstream experiences when handling project ‘lifecycles.’”

Researchers from the Akamai Security Intelligence and Response Team (SIRT) have identified a Mirai variant, Aquabotv3, that exploits a known command injection vulnerability in certain Mitel phones in an attempt to corral the devices into a botnet capable of launching distributed denial-of-service (DDoS) attacks. The researchers note that the malware variant includes a feature they have not previously observed in Mirai: “a function (report_kill) to report back to the command and control (C2) when a kill signal was caught on the infected device.” The Mitel vulnerability, CVE-2024-41710, was disclosed last summer.

CVE-2024-41710, command injection flaw, CVSS score 6.8, impacts the Mitel 6800, 6900 and 6900w series IP phones through R6.4.0.136. There are no mitigations or workarounds, the fix is to update to 4.6 HF2 or later (R6.4.0.137), which was released last July.

Tata Technologies reported a cybersecurity incident to the National Stock Exchange of India. According to the letter, a ransomware incident prompted the multinational company to temporarily suspend some of their IT services. Those services have since been restored. Tata Technologies is a subsidiary of Tata Motors; they focus on automotive design, aerospace, and industrial engineering, and have operations in 27 countries.

While the strain and identity of the ransomware gang remain closely held, security researchers at Hudson Rock detected information from 107 Tata Technologies employees and 699 of their customers. In January, Tata Communication, another Tata Group subsidiary, listed ransomware attacks as a top cyber threat in their Quarterly Executive Threat Report 2024, and back in October 2022, the now defunct Hive ransomware gang took credit for an attack against Tata Power, yet another subsidiary of the Tata Group, leaking IP, financial and banking records as well as personal client information. The point is, if your subsidiaries are seeing ransomware as a top threat, you need to take action across the board to prevent it from succumbing.

A report from the UK’s National Audit Office (NAO) “examines whether the government’s efforts to improve its cyber resilience are keeping pace with the cyber threat it faces.” In a 2022 Cyber Security Strategy, the UK government said its “central aim [was] for government’s critical functions to be significantly hardened to cyber attack by 2025.” The audit report published last week suggests that the government will not meet that goal, due in large part to dependence on legacy systems, and noted that ”departments have no fully funded remediation plans for half of these vulnerable systems.” NAO examined 58 critical UK government IT systems and found “significant gaps in their system controls that are fundamental to their cyber resilience.”

Can you say lifecycle management? Need a commitment from the very top. Yes it's hard and can be expensive. The alternative is worse.

The Garante, Italy's data privacy regulator, blocked the country's access to DeepSeek. The Garante had insisted on disclosure of the company's data policies: the purpose and legal basis of the data collection, what data are collected and from where, whether users are notified about their data being used, whether data are scraped from the internet, and where the data are stored. Answers from Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence were characterized as "completely insufficient," including a declaration that the companies do not operate in Italy and that European laws do not apply to them.

You don't want to be in the middle of a data sovereignty battle. That, coupled with data leaks and attacks on the service, means it'd be smart to take a pause from DeepSeek. Make sure that you understand where your data is both processed and stored for service offerings, and make sure that they are following relevant data privacy laws. These should be independently verified, not self-reported.

Googlers have not only figured out how to break AMD's security – allowing them to load unofficial microcode into its processors to modify the silicon's behavior as they wish – but also demonstrated this by producing a microcode patch that makes the chips always output 4 when asked for a random number.

Google was able to produce microcode updates that appear to be digitally signed by AMD, by exploiting a weak hash algorithm in the chip.

Week-long public test follows 3,000+ hours of unsuccessful bug bounty claim attempts. This is important--the first strong defense against jailbreaks.

DeepSeek R1 exhibited a 100% attack success rate, meaning it failed to block a single harmful algorithmic jailbreaking prompt.

Scareware uses aggressive web pages to convince victims into thinking their system is infected with malware, and pressure them to call a fake tech support number. Microsoft says: “Scareware blocker uses a machine learning model to recognize the tell-tale signs of scareware scams and puts users back in control of their computer. We call on users who want to combat scams to help us test our preview.”

Large language models like ChatGPT display conversational skills, but the problem is they don’t really understand the words they use. “The inspiration for our model came from developmental psychology. We tried to emulate how infants learn and develop language.” Vijayaraghavan’s robot was a fairly simple system with an arm and a gripper that could pick objects up and move them around. Vision was provided by a simple RGB camera feeding videos in a somewhat crude 64×64 pixels resolution. Once the robot learned how certain commands and actions were connected, it also learned to generalize that knowledge to execute commands it never heard before.

Password managers are now being targeted by malware, leveraging sophisticated extraction methods, including memory scraping, registry harvesting and compromising local and cloud-based password stores. A password manager remains your most potent defense against password theft. Remember to use a strong master password that cannot be easily guessed.

Researchers found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data. It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000. "This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details." To make matters worse, Wiz said, the exposure allowed for full control of the database and potential privilege escalation within the DeepSeek environment, without any authentication or barrier to external access.