The CyberWire Daily Podcast 6.3.24
Ep 2080 | 6.3.24

Things aren’t looking so Shiny(Hunters) at cloud provider Snowflake.

Transcript

Signs point to a major cybersecurity event at cloud provider Snowflake. Hugging Face discloses "unauthorized access" to its Spaces platform. Australian legislation seeks jail time for deepfake porn. CISA adds two vulnerabilities to the KEV catalog. Spanish police investigate a potential breach of drivers license info. NSA shares mobile device best practices. Everbridge crisis management software company reports a data breach. N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard joins us to preview CSO Perspectives Season 14 which launches today! Google tries to explain those weird AI search results.

Today is June 3rd, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Signs point to a major cybersecurity event at cloud provider Snowflake. 

A series of interconnected breach announcements involving Ticketmaster, Santander, and Australian ticketing provider Ticketek may represent a major cybersecurity event potentially linked to cloud provider Snowflake.

Live Nation, Ticketmaster's parent company, reported investigating a breach claimed by the ShinyHunters group, who advertised 500 million users' data for $500,000. Ticketmaster confirmed its database was hosted on Snowflake. Simultaneously, Ticketek disclosed a cyber incident impacting Australian customers' personal data, though Snowflake's involvement remains unconfirmed. Australia's cybersecurity minister highlighted the breach's significant impact.

The Australian Signals Directorate alerted companies using Snowflake to secure their accounts. ShinyHunters also posted data from a mid-May Santander hack, with customer bank and credit card numbers for sale at $2 million. Hudson Rock initially reported, then retracted, claims that breaches at Ticketmaster and Santander involved hacking a Snowflake employee's account.

Snowflake serves 9,437 customers, including major corporations like Adobe and Mastercard. ShinyHunters claimed they bypassed Okta’s authentication via a Snowflake employee’s ServiceNow account, using session tokens to extract customer data.

Mandiant's investigations suggest information-stealing malware facilitated access to Snowflake tenants. Snowflake denied platform vulnerabilities or breaches, noting potential unauthorized access to customer accounts from May 23, 2024. Cloud security firm Mitiga identified a threat actor using Snowflake databases with an attack tool named “Rapeflake,” indicating possible brute-force attacks and automated tool usage to infiltrate accounts.

 

Hugging Face discloses "unauthorized access" to its Spaces platform. 

Late Friday, AI startup Hugging Face disclosed "unauthorized access" to its Spaces platform. The breach involved Spaces secrets, which are keys to protected resources. Hugging Face suspects some secrets were accessed by third parties. As a precaution, they've revoked several tokens and advised users to refresh their keys or switch to fine-grained access tokens.

Hugging Face is collaborating with cybersecurity experts, law enforcement, and data protection authorities to investigate. They regret the disruption and aim to enhance their security infrastructure. Increased cyberattacks have been noted, possibly due to Hugging Face's growing popularity.

Previously, vulnerabilities and malware issues were identified by security firms Wiz, JFrog, and HiddenLayer. Hugging Face is partnering with Wiz to improve platform security.

 

Australian legislation seeks jail time for deepfake porn. 

Australia is introducing new laws to criminalize the distribution of non-consensual deepfake pornographic images. Under the proposed legislation, sharing such images will result in up to six years in jail, with an additional year for those who created them. Attorney General Mark Dreyfus aims to address the abuse facilitated by generative AI technology, which predominantly affects women and girls.

The legislation will target the dissemination of AI-created sexually explicit images without consent, applying to any form of digital sharing. This move is part of broader efforts to combat technology-facilitated abuse and violence against women. The laws will complement existing protections and involve a review of the Online Safety Act to address related issues like doxing.

 

CISA adds two vulnerabilities to the KEV catalog. 

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a high-severity Linux kernel privilege elevation flaw. Disclosed on January 31, 2024, this use-after-free issue in the netfilter: nf_tables component was introduced in February 2014. It allows local attackers to gain root-level access by exploiting the 'nft_verdict_init()' function.

The flaw was fixed in January 2024, and patches were backported to multiple stable kernel versions. Exploitation details were published in March 2024. CISA requires federal agencies to apply patches by June 20, 2024, and recommends mitigations like blocking 'nf_tables' and restricting user namespace access.

The second vulnerability impacts Check Point VPN devices. Researchers revealed it to be more severe than initially reported.

 

Spanish police investigate a potential breach of drivers license info. 

Spanish police are investigating a potential sale of private information from millions of vehicle drivers after detecting an attempted data breach at the Directorate-General of Traffic (DGT) two weeks ago. Suspicious database access attempts were blocked, and an investigation was initiated by the Guardia Civil's Traffic Investigation and Analysis Group (GIAT).

The DGT's database holds information on over 27 million drivers. An anonymous user on BreachForums claimed to have access to the DGT database and was selling it. The DGT is verifying these claims. Last year, cyberattacks in Spain nearly doubled to over 100,000 incidents, with 130 classified as "critical."

 

NSA shares mobile device best practices. 

The NSA has published a handy Mobile Device Best Practices report, offering tips to better protect those ubiquitous gadgets. 

A simple method to thwart hackers is restarting your phone weekly, making it harder to steal information, due to many malware packages not having persistence. However, this won't always prevent attacks. The NSA also highlights threats like malicious apps, Wi-Fi networks, spyware, and physical access. It’s a nice collection of best practices, easy to share with friends, family and coworkers. 

 

Everbridge crisis management software company reports a data breach. 

Everbridge, an American crisis management software company, reported a recent breach where unknown attackers accessed files containing business and user data. The breach occurred on May 21 through a previous phishing attack targeting employees. Everbridge, which serves over 6,500 clients including the U.S. Army and Hartsfield-Jackson Atlanta International Airport, notified law enforcement and affected customers.

No ransomware was involved, but customer data, including admin user contact information, was exposed. Everbridge is collaborating with Mandiant and Stroz Friedberg to assess the impact. To enhance security, Everbridge mandated multi-factor authentication (MFA) for all accounts by June 3, 2024. The company, publicly traded since 2016, was recently acquired by Thoma Bravo in a $1.8 billion deal.

Coming up, I speak with N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard. Rick shares a preview of his CSO Perspectives podcast. Season 14 launches today. The first episode explores SolarWinds and the SEC. 

 

Welcome back. If you are not an N2K CyberWire Pro subscriber, you can check out the first half of the episode to get a taste of it. You can find links to the first episode of season 14 of Rick’s CSO Perspectives podcast in the show notes. 

Google tries to explain those weird AI search results. 

And finally, In a blog post titled, "AI Overviews: About last week," Google acknowledged the rough week it had with its AI Overview feature providing inaccurate and sometimes dangerous answers. The AI Overview, showcased at Google I/O, aims to summarize search results using an AI model integrated with Google's web ranking system. Despite claims of effectiveness, it has generated bizarre and incorrect responses, such as advising people to eat one small rock per day, or to use glue to keep cheese from slipping off your pizza.

Google VP Liz Reid nearly apologized, explaining that the AI Overview is designed to only display information backed by top web results. However, this design assumes Google's page-ranking algorithm always favors accuracy over SEO-gamed content—which critics saw is a flawed premise given the current state of Google Search. The AI can still draw erroneous conclusions, even from accurate data.

Blaming nonsensical user queries for some errors, Reid highlighted improvements to detect such queries, restrict user-generated content for misleading advice, and filter sensitive topics. Despite these efforts, some errors and fake screenshots continue circulating.

Google forgives itself for these mishaps, noting the inherent challenge of managing billions of daily queries. The company insists it learns from errors to enhance search quality. However, this situation exposes a fundamental issue: AI Overview doesn't inherently guarantee factual accuracy, merely reflecting the inaccuracies of Google's page-ranking results.

For now, Google is working to address these issues before a broader rollout, but users might still encounter unusual or unreliable results as the AI search team continues to troubleshoot. It's a classic case of "trust us, but don't trust our AI completely just yet."

 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

Don’t forget to check out the “Grumpy Old Geeks'' podcast where I contribute to a regular segment on Jason and Brians’s show, every week. You can find “Grumpy Old Geeks'' where all the fine podcasts are listed.  </Mondays>

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.