NEW: malware developers added nuclear & biological weapons text to to their spyware.
Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner.
Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky.
When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit.
We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted.
In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation.
H/T to colleagues that shared this with me https://t.co/f3Aj9TYxU4
100% agree with this part. The story isn’t “Mythos is special.” The story is “Mythos-level capability won’t stay rare or controlled.”
Open models today are basically frontier from six months ago. If that gap stays constant, you get attacker-run Mythos-level systems on their own hardware within a year - with none of the provider constraints. That’s what worries me most.
‼️🚨 Microsoft calls this "intended behaviour," so here we go.
How to dump the credentials of every user stored in Microsoft Edge:
1. Open Edge. Don't browse anywhere, just open it.
2. Flip to Task Manager, find Edge, expand the task.
3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump."
4. Open the dump file and look for credentials.
The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking.
Thanks to Rob VandenBrink at SANS: https://t.co/ebtVZxne4L
👋 Folks, I'm starting a new series of Entra Hardening tips from today.
Here's how it will work. One new tip every weekday (I take a break on weekends).
----
Tip #1: Privileged accounts in Entra ID should be cloud native identities
If your privileged accounts in Entra ID are synced from on-prem AD then you have a problem.
Attackers that compromise your on-prem infrastructure can pivot to the cloud, into Entra ID and gain access to the cloud servers, data, Microsoft 365 and other SaaS apps.
Why?
We've seen this happen multiple times. The biggest ones have been Solorigate (compromise ADFS and pivot to cloud), other examples include Storm-0501 (compromise AAD Connect server) and more.
The Fix?
Reduce the blast surface. Don't allow accounts synced from on-prem to be granted privileged roles.
Instead create admin accounts natively in Entra ID and grant privileged roles to these cloud only accounts.
. @mubix shared this on LinkedIn and thought some of you might find it useful: “A Practical Reprioritization Guide for CISOs Entering the AI Vulnerability Era”
https://t.co/UaJUb82ecG
One AI agent didn’t have permission to fix an issue… so it asked another agent with access to do it.
Another? It rewrote the security policy to achieve its goal.
This isn’t theory. This is happening.
@George_Kurtz sat down with @DivesTech to discuss why AI needs guardrails. ⬇️
https://t.co/E0yaSs7Ysc
If you want to get Microsoft AI certified, start here:
• Level 1: Azure AI Fundamentals (AI-900)
• Level 2: Azure AI Engineer Associate (AI-102)
• Level 3: Azure Solutions Architect Expert (AZ-305) (not AI‑specific, but useful for architecting AI solutions)
Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software.
It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans.
https://t.co/NQ7IfEtYk7
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
People who laugh and comment “who still uses telnet” have no idea how this industry actually works - or how power plants, warships, factories, baggage handling systems and other control and logistics systems are planned, built and expected to last for decades
👋 Folks, I'm super excited to announce the launch of the Microsoft Zero Trust Assessment!
I've been working on this project for the past year at Microsoft with an extended team including our security researchers, product feature teams and docs
Here's what it does
🧵👇
In regards to the cybersecurity field in the "AI boom", this statement is correct.
If you want to be successful in cybersecurity you need to eat, sleep, breath, and (metaphorically) die cybersecurity.
A degree and a cool piece of paper in this field only goes so far. This a field which is constantly evolving and you have to be locked in if you want to succeed.
Every single day new malware research is released (offensive, defense, new Threat Groups, new Threat Actors, etc) and it isn't going to slow down. This is just what I personally pay attention to.
This doesn't cover concepts of web exploitation, network exploitation, IoT security, application exploitation, cloud security, network security, mobile security (emphasis Android or iPhone, whatever). And, of course, the "newest" field of AI security research.
If I were to give a comparison, think of cybersecurity like the field of medicine. You may have general practitioners, but think of how many doctors have an specialization in their field of practice (Cardiologist, Neurologist, Pulmonologist, Gastroenterologist, Nephrologist, Endocrinologist, all the different types of Surgeons...) ... same concept with cybersecurity.
Lock in. Look at cat pictures.
Okay, that's my Ted Talk
Update your #MSIntune#SCEP Profiles before Feb2025 to add an additional SAN (Subject Alternative Name) {{OnpremisesSecurityIdentifier}} to meet Strong Mapping Requirements
For more information: https://t.co/ng3gmfzTDO
Please share this far and wide. As far and wide as you can. NIST Password Guidelines for 2024 are in the process of being updated.
This is a HUGE pet-peeve of mine (when vendors in particular are still operating like its 2017 and keep changing passwords every 60 days, STOP DOING THIS, it's outdated and has been shown to put you MORE at risk than less -- NIST explains why it does in this document, meticulously outlining user behavior**) so I'm sharing this in the hopes all of you will pass it along to your bosses.
The Special Publication series governing passwords is SP 800-63 "Digital Identity Guidelines".
The 2024 version is 800-63-4.
Here: https://t.co/oX8YEJHxXg
The companion docs are also on that link. They are 800-63A, 800-63B and 800-63C. These are different documents for different scenarios in play at your org.
The previous update was in2020.
The changes in the 2020 version from the 2017 version were numerous but one of them was that the password verification method should NO LONGER require passwords be changed at specific intervals (i.e. every 60 days) but in the following circumstances instead:
1. After a breach/compromise
2. User request
2024 repeats this and adds a bunch more guidlines but here is a screenshot of page 13 of the new 800-63-4 (note the # 4 after it) which outlines how your systems should now and moving forward, be handling passwords.
This goes for Active Directory, too. All your systems which have passwords should align with these guidelines provided there isn't another standard or framework you must adhere to which overrules this.
Most frameworks, however, have moved away from arbitrary password resets and complexity rules.
**We cybersec researchers and hackers use wordlists from breaches in a variety of different ways. Hackers use them in tooling to crack passwords whereas researchers use breach dumps to see the kinds of passwords users are creating and the psychology behind them.
Using complexity rules gets you the user psychology of:
Password1
Password2
and so on
Use phrasing instead and allow for spaces, which is important. Humans type phrases with spaces. They also mention phish-resistant methods and most vendors are on-board with MS going to be turning off all Legacy Auth next month, across all free accounts and tenancies.
I'm so excited for the new changes!
Ok I'm off my soapbox.
Share the love! Thank you!