More than 1,400 CrushFTP instances are still vulnerable to critical flaw. Read More
The CyberWire
The all in one place for non-profit security aid.
More than 1,400 CrushFTP instances are still vulnerable to critical flaw. Read More
The CyberWire
Lambda Layers Code Execution Flaw Leads To Supply Chain On AI/ML Applications
[[{“value”:”
A new supply-chain vulnerability has been identified in the Lambda Layers of third-party TensorFlow-based Keras models. This vulnerability could allow threat actors to inject arbitrary code into any AI/ML application.
Any Lambda Layers that were built before version Keras 2.13 are susceptible to a supply chain attack.
A threat actor can create and distribute a trojanized popular model among AI/ML developers.
If the attack succeeds, the threat actor can execute untrusted arbitrary code on the vulnerable environments with the same privileges as the running application.
Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot
The Keras framework provides a high-level interface for TensorFlow and offers several features for designing, training, validating, and packaging ML models.
The building blocks used for building neural networks are called Layers. Keras provides an API for these layers.
There are many layer types available in Keras, one of which is the Lambda Layer type. This type allows a developer to add arbitrary code to a model as a lambda function.
This can be done using the model.save() or save_model () method as described in the Keras Documentation.
Additionally, the Keras 2 documentation describes an additional mechanism for disallowing the loading of a native version 3 Keras model, which has the option to add a lambda layer during safe_mode.
This safe_mode is enabled by default which is responsible for allowing/disallowing unsafe lambda deserialization and has the potential to trigger arbitrary code execution.
However, in Keras versions 2.13 and later, there is an exception that is raised in a program when there is an attempt to load a model with Lambda Layers stored in version 3 of the format, there will be an exception raised.
This particular mechanism was absent in versions prior to 2.13, making the earlier versions deserialize untrusted code.
According to the TensorFlow documentation, a statement is provided as a warning to developers, which is probably not fully understood by new AI/ML community members.
The statement says, “Since models are practically programs that TensorFlow executes, using untrusted models or graphs is equivalent to running untrusted code”.
However, the Kensar Framework documentation for the load_model function states under the “Arguments” section about an option called safe_mode, which is “Boolean, whether to disallow unsafe lambda deserialization.
When safe_mode=False, loading an object has the potential to trigger arbitrary code execution. This argument is only applicable to the Keras v3 model format. Defaults to True.”
This code injection vulnerability when packaging data together with code is not new; there have been several instances in the past, including the Pickle mechanism in the standard Python library, allowing the serialization of code in line with this data.
To prevent these kinds of supply chain attacks, it is recommended that developers upgrade to the latest Keras versions, 2.13 or later, and ensure no valuable assets are in the scope of the running application.
This will reduce the potential data exfiltration in case of pre-2.13 applications in a sandbox.
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.
The post Lambda Layers Code Execution Flaw Leads To Supply Chain On AI/ML Applications appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
The Complexity and Need to Manage Mental Well-Being in the Security Team
[[{“value”:”
It is the CISO’s responsibility to build and maintain a high functioning team in a difficult environment – cybersecurity is a complex, continuous, and adversarial environment like none other outside of military conflict.
The post The Complexity and Need to Manage Mental Well-Being in the Security Team appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed
SapphireStealer: A .NET Malware Capable of Stealing Sensitive Data from Computers
SapphireStealer is an open-source information stealer that may be utilized for obtaining sensitive information, such as corporate credentials, which are frequently sold to other threat actors who utilize the access for further attacks, such as espionage or ransomware/extortion schemes.
On December 25, 2022, the codebase for SapphireStealer was made available on GitHub. According to Cisco Talos researchers, beginning in mid-January 2023, newly created SapphireStealer versions started appearing in public malware repositories.
Presently, many threat actors are using this malware codebase. This danger already exists in many forms, and threat actors constantly enhance its potency and efficacy.
Information-stealing malware dubbed SapphireStealer was created in .NET. It provides simple yet efficient functionality capable of stealing private data from compromised systems, such as:
Host information.
Screenshots.
Cached browser credentials.
Files stored on the system that match a predefined list of file extensions.
It initially checks to see whether any browser processes are currently active on the system. It searches the list of active processes for any processes with names that correspond to the list, such as Chrome, Yandex, msedge, and Opera.
The malware employs Process.Kill() to end any matching processes if it finds them. The malware checks for the existence of credential databases for the browser apps using a hard-coded list of paths.
“The contents of any credential databases that are discovered are dumped. This information is then stored in a text file within the malware’s working directory called Passwords.txt”, researchers said.
The malware then takes a snapshot of the system and saves it in a file within the same working directory.
The attacker compromises the system by sending the data through a Simple Mail Transfer Protocol (SMTP).
“As this malware is open-source and being used by multiple distinct threat actors, much of this development activity has occurred independently and new functionality is not present in sample clusters associated with other threat actors”, according to the information shared with Cyber Security News.
The malware creator has also made available a.NET malware downloader with the codename FUD-Loader, which enables the retrieval of additional binary payloads from distribution servers under the attacker’s control.
Researchers observed that this downloader was used to spread various other malware across 2023, including DcRat, njRAT, DarkComet, AgentTesla, and more.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post SapphireStealer: A .NET Malware Capable of Stealing Sensitive Data from Computers appeared first on Cyber Security News.
Cyber Security News