Hackers claim to have breached MIT Technology Review Magazine via a third-party contractor, leaking nearly 300,000 user records…

Hackers claim to have breached MIT Technology Review Magazine via a third-party contractor, leaking nearly 300,000 user records on Breach Forums. Data includes full names, email addresses, and activity details, posing risks for phishing and targeted scams.

In a new data breach disclosed today, the hacker known as Intel Broker claims to have stolen the personal data of 290,762 individuals from MIT’s _Technology Review_ website via a third-party contractor. The data, which could be the website’s newsletter subscribers list, was posted on Breach Forums, a popular cybercrime platform, earlier today.

Intel Broker, notorious for **recent attacks on high-profile organizations**, alleges that the data includes Personally Identifiable Information. Hackread.com analyzed the leaked data and can confirm it includes personal details, which, while not as sensitive as financial data, could be leveraged in phishing attempts or targeted scams. Here is what the hacker has leaked:

*   **Full names**
*   **Dates of activity**
*   **Educational details**
*   **Email addresses (3,924 – After removal of duplicates: 1,343)**

Screenshot from the leaked data (Credit: Hackread.com)

Though the leak does not appear to contain highly sensitive information like passwords, social security numbers or financial data, the compromised data is still a privacy risk, as it could be exploited for phishing scams or identity verification attacks.

It is worth noting that this is not the first time Intel Broker has targeted a technology publication. In June 2024, an affiliate of Intel Broker **breached the “Tech in Asia” news outlet**, leaking the personal data of 221,470 users.

MIT Technology Review, an esteemed publication from the Massachusetts Institute of Technology, is known for its analysis of emerging technologies and their impact on society. This data breach potentially exposes readers and contributors who engaged with the platform, a situation that may lead to reputational challenges for the publication, as well as privacy concerns for its user base.

**Recent Activity of Intel Broker**

The alleged breach of Technology Review comes on the heels of another claim by Intel Broker, who recently advertised the sale of **sensitive internal data from Nokia** on the same forum, allegedly obtained through a similar contractor vulnerability. In the Nokia case, the hacker reportedly set a price of $20,000 for access to the stolen data, which included SSH keys, source code, and login credentials.

**Privacy Implications and MIT’s Response**

With names, email addresses, and activity data accessible, cybercriminals may use this information to craft sophisticated schemes aimed at those connected with the platform. Hackread.com has reached out to MIT’s Technology Review for a response regarding the data breach. Updates will be provided as more information becomes available. Stay tuned.

1.  **US Microchip Giant Cyberattack Disrupts Operations**
2.  **Hacker IntelBroker Leaks Sensitive US DoD Documents**
3.  **IntelBroker Apple Breach: Steals Source Code for Internal Tools**
4.  **AMD Data Breach: IntelBroker Steals Employee and Product Info**
5.  **Europol Hacked: IntelBroker Claims Major Law Enforcement Breach**

Hackers Leak 300,000 MIT Technology Review Magazine User Records

A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.

Source: Krot Studio via Alamy Stock Photo

Google has discovered its first real-world vulnerability using an artificial intelligence (AI) agent that company researchers are designing expressly for this purpose. The discovery of a memory-safety flaw in a production version of a popular open source database by the company's Big Sleep large language model (LLM) project is the first of its kind, and it has "tremendous defensive potential" for organizations, the Big Sleep team wrote in a recent Project Zero blog.

Big Sleep — the work of a collaboration between the company's Project Zero and Deep Mind groups — discovered an exploitable stack buffer underflow in SQLite, a widely used open source database engine.

Specifically, Big Sleep discovered a pattern in the code of a publicly released version of SQLite that creates a potential edge case that needs to be handled by all code that uses the field, the researchers noted. A function in the code failed to correctly handle the edge case, "resulting in a write into a stack buffer with a negative index when handling a query with a constraint on the 'rowid' column," thus creating an exploitable flaw, according to the post.

Google reported the bug to SQLite developers in early October. They fixed it on the same day and before it appeared in an official release of the database, so users were not affected.

Related:News Desk 2024: Hacking Microsoft Copilot Is Scary Easy

**Inspired by AI Bug-Hunting Peers**

"We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software," the Big Sleep team wrote in the post. While this may be true, it's not the first time an LLM-based reasoning system autonomously found a flaw in the SQLite database engine, Google acknowledged.

An LLM model called Atlantis from a group of AI experts called Team Atlanta discovered six zero-day flaws in SQLite3 and even autonomously identified and patched one of them during the AI Cyber Challenge organized by ARPA-H, DARPA, and the White House, the team revealed in a blog post in August.

In fact, the Big Sleep team used one of the Team Atlanta discoveries — of "a null-pointer dereference" flaw in SQLite —  to inspire them to use AI "to see if we could find a more serious vulnerability," according to the post.

**Software Review Goes Beyond Fuzzing**

Google and other software development teams already use a process called fuzz-testing, colloquially known as "fuzzing," to help find flaws in applications before release. Fuzzing is an approach that targets the software with deliberately malformed data — or inputs — to see if it will crash so they can investigate and fix the cause.

Related:Privacy Anxiety Pushes Microsoft Recall AI Release Again

In fact, Google earlier this year released an AI-boosted fuzzing framework as an open source resource to help developers and researchers improve how they find software vulnerabilities. The framework automates manual aspects of fuzz-testing and uses LLMs to write project-specific code to boost code coverage.

While fuzzing "has helped significantly" to reduce the number of flaws in production software, developers need a more powerful approach "to find the bugs that are difficult (or impossible) to find" in this way, such as variants for previously found and patched vulnerabilities, the Big Sleep team wrote.

"As this trend continues, it's clear that fuzzing is not succeeding at catching such variants, and that for attackers, manual variant analysis is a cost-effective approach," the team wrote in the post.

Moreover, variant analysis is a better fit for current LLMs because its provides them with a starting point —  such as the details of a previously fixed flaw — for a search, and thus removes a lot of ambiguity from AI-based vulnerability testing, according to Google. In fact, at this point in the evolution of LLMs, lack of this type of starting point for a search can cause confusion, they noted.

Related:OWASP Releases AI Security Guidance

"We're hopeful that AI can narrow this gap," the Big Sleep team wrote. "We think that this is a promising path towards finally turning the tables and achieving an asymmetric advantage for defenders."

**Glimpse Into the Future**

Google Big Sleep is still in its research phase, and using AI-based automation to identify software flaws overall is a new discipline. However, there already are tools available that developers can use to get a jump on finding vulnerabilities in software code before public release.

Late last month, researchers at Protect AI released Vulnhuntr, a free, open source static code analyzer tool that can find zero-day vulnerabilities in Python codebases using Anthropic's Claude artificial intelligence (AI) model.

Indeed, Google's discovery shows promising progress for the future of using AI to help developers troubleshoot software before letting flaws seep into production versions.

"Finding vulnerabilities in software before it's even released means that there's no scope for attackers to compete: the vulnerabilities are fixed before attackers even have a chance to use them," Google's Big Sleep team wrote.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Google: Big Sleep AI Agent Puts SQLite Software Bug to Bed

Hackers claim to have breached Nokia through a third-party contractor, allegedly stealing SSH keys, source code, and internal…

Hackers claim to have breached Nokia through a third-party contractor, allegedly stealing SSH keys, source code, and internal credentials. The data is being sold for $20,000 on BreachForums, though no customer data was affected. Nokia has not yet commented on the claim.

A notorious hacker known as Intel Broker has announced a data breach involving the telecommunications giant Nokia. Posting on the infamous cybercrime forum BreachForums, Intel Broker claims to have gained unauthorized access to sensitive Nokia information through a third-party contractor linked to Nokia’s internal tool development.

The hacker claims that no customer information was accessed, but they have obtained **critical internal data** from Nokia’s systems, which they’re now selling for $20,000.

**Details of the Breach**

According to Intel Broker’s post, the stolen data includes SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials. All of these items could potentially enable further unauthorized access to internal systems or facilitate other types of cyber attacks. In an attempt to validate the breach, Intel Broker also shared a file tree, showcasing various files and folders apparently related to Nokia’s internal operations.

In an exclusive conversation with Hackread.com, Interl Broker said that the stolen data collection is up for sale for $20,000, and he is reaching out to prospective buyers on BreachForums. According to the post, only those with high-ranking status and sufficient reputation on the forum are being encouraged to inquire.

Intel Broker on Breach Forums (Screenshot: Hackread.com)

The hacker claims to have pulled this data from a contractor working closely with Nokia, rather than Nokia’s own systems directly. This method of breaching systems through third-party vendors has become **increasingly common**, as vendors are often granted extensive access to the companies they serve. Cybersecurity experts have long warned about this weak point, advising companies to ensure that security standards extend to their contractors and partners.

**Potential Impact**

While Intel Broker emphasizes that customer data is not included in the breach, the exposure of alleged Nokia’s internal data could still have widespread implications. With access to development environments, source code, and credentials, hackers could potentially tamper with Nokia’s tools or services, or exploit the vulnerabilities in these resources to compromise other systems.

Screenshot from the sample data that Hackread.com analysed

****Nokia’s Response****

At the time of reporting, there has been no official statement from Nokia on this alleged breach. However, Hackread.com has reached out to the company awaiting a response. Stay tuned.

****About Intel Broker****

Intel Broker who is also the owner of Breach Forums is known for high-profile data breaches. **In June 2024**, the hacker claimed to have breached Apple Inc., stealing source code for internal tools. The same hacker boasted about **breaching AMD** (Advanced Micro Devices, Inc.), and stealing employee and product information.

**In May 2024**, Intel Broker hacked Europol, a breach that the agency later confirmed. Some of the hacker’s previous data breaches are listed below:

*   **Tech in Asia**
*   **Space-Eyes**
*   **Home Depot**
*   **Facebook Marketplace**
*   **Staffing giant Robert Half**
*   **U.S. contractor Acuity Inc.**
*   **Los Angeles International Airport**
*   **Alleged breaches of HSBC and Barclays Bank**

Although the hacker’s origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the **T-Mobile data breaches**.

1.  **Hacker Leaks Thousands of Nokia Employee Details**
2.  **Nokia Taiwan Hacked, 100,000+ accounts leaked online**
3.  **Cisco Network Breach as Employee’s Google Account was Hacked  
    **

Hackers Claim Access to Nokia Internal Data, Selling for $20,000

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft.
"Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including

Vulnerability / Cyber Threat

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft.

"Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including denial-of-service (DoS) attacks, model poisoning, model theft, and more," Oligo Security researcher Avi Lumelsky said in a report published last week.

Ollama is an open-source application that allows users to deploy and operate large language models (LLMs) locally on Windows, Linux, and macOS devices. Its project repository on GitHub has been forked 7,600 times to date.

A brief description of the six vulnerabilities is below -

*   **CVE-2024-39719** (CVSS score: 7.5) - A vulnerability that an attacker can exploit using /api/create an endpoint to determine the existence of a file in the server (Fixed in version 0.1.47)
*   **CVE-2024-39720** (CVSS score: 8.2) - An out-of-bounds read vulnerability that could cause the application to crash by means of the /api/create endpoint, resulting in a DoS condition (Fixed in version 0.1.46)
*   **CVE-2024-39721** (CVSS score: 7.5) - A vulnerability that causes resource exhaustion and ultimately a DoS when invoking the /api/create endpoint repeatedly when passing the file "/dev/random" as input (Fixed in version 0.1.34)
*   **CVE-2024-39722** (CVSS score: 7.5) - A path traversal vulnerability in the api/push endpoint that exposes the files existing on the server and the entire directory structure on which Ollama is deployed (Fixed in version 0.1.46)
*   A vulnerability that could lead to model poisoning via the /api/pull endpoint from an untrusted source (No CVE identifier, Unpatched)
*   A vulnerability that could lead to model theft via the /api/push endpoint to an untrusted target (No CVE identifier, Unpatched)

For both unresolved vulnerabilities, the maintainers of Ollama have recommended that users filter which endpoints are exposed to the internet by means of a proxy or a web application firewall.

"Meaning that, by default, not all endpoints should be exposed," Lumelsky said. "That's a dangerous assumption. Not everybody is aware of that, or filters http routing to Ollama. Currently, these endpoints are available through the default port of Ollama as part of every deployment, without any separation or documentation to back it up."

Oligo said it found 9,831 unique internet-facing instances that run Ollama, with a majority of them located in China, the U.S., Germany, South Korea, Taiwan, France, the U.K., India, Singapore, and Hong Kong. One out of four internet-facing servers has been deemed vulnerable to the identified flaws.

The development comes more than four months after cloud security firm Wiz disclosed a severe flaw impacting Ollama (CVE-2024-37032) that could have been exploited to achieve remote code execution.

"Exposing Ollama to the internet without authorization is the equivalent to exposing the docker socket to the public internet, because it can upload files and has model pull and push capabilities (that can be abused by attackers)," Lumelsky noted.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime).
The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent.
"We believe this is the first public example of an AI agent finding

Artificial Intelligence / Vulnerability

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called **Big Sleep** (formerly Project Naptime).

The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent.

"We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software," the Big Sleep team said in a blog post shared with The Hacker News.

The vulnerability in question is a stack buffer underflow in SQLite, which occurs when a piece of software references a memory location prior to the beginning of the memory buffer, thereby resulting in a crash or arbitrary code execution.

"This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used," according to a Common Weakness Enumeration (CWE) description of the bug class.

Following responsible disclosure, the shortcoming has been addressed as of early October 2024. It's worth noting that the flaw was discovered in a development branch of the library, meaning it was flagged before it made it into an official release.

Project Naptime was first detailed by Google in June 2024 as a technical framework to improve automated vulnerability discovery approaches. It has since evolved into Big Sleep, as part of a broader collaboration between Google Project Zero and Google DeepMind.

With Big Sleep, the idea is to leverage an AI agent to simulate human behavior when identifying and demonstrating security vulnerabilities by taking advantage of an LLM's code comprehension and reasoning abilities.

This entails using a suite of specialized tools that allow the agent to navigate through the target codebase, run Python scripts in a sandboxed environment to generate inputs for fuzzing, and debug the program and observe results.

"We think that this work has tremendous defensive potential. Finding vulnerabilities in software before it's even released, means that there's no scope for attackers to compete: the vulnerabilities are fixed before attackers even have a chance to use them," Google said.

The company, however, also emphasized that these are still experimental results, adding "the position of the Big Sleep team is that at present, it's likely that a target-specific fuzzer would be at least as effective (at finding vulnerabilities)."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Plus: Cops take down a notorious infostealer, Strava leaks world leaders’ locations, and a hacking scandal is causing chaos in Italy.

With just days to go until the 2024 presidential election in the United States, WIRED reported on documents that revealed US government assessments about multiple components of election security and stability. First obtained by the national security transparency nonprofit Property of the People, one report distributed by the US Department of Homeland Security in October assessed that financially motivated cybercriminals and ideologically motivated hacktivists are more likely than state-backed hackers to attack US election infrastructure. Another government memo warned of the risk to the election of insider threats, noting that such internal malfeasance “could derail or jeopardize a fair and transparent election process.”

With so much at stake in a hyper-polarized and combative climate, US elections have become increasingly militarized, with bulletproof glass, drones, defensive blockades, and snipers protecting election offices, and election officials bracing for the possibility of violent attacks. A WIRED investigation also revealed a successful CIA hack of Venezuela’s military payroll system that was part of a clandestine Trump administration effort to overthrow the country’s autocratic president, Nicolás Maduro.

In other cybersecurity news, WIRED did a deep dive into the firewall vendor Sophos’ five-year turf war to try to remove Chinese hackers running espionage operations on some vulnerable devices—and keep them out. And researchers warn that a “critical” zero-click vulnerability in a default photo app on Synology network-attached storage devices could be exploited by hackers to steal data or infiltrate networks.

As always, there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**Ex-Disney Employee Accused of Hacking Disney World Menus, Changing Font to Wingdings**

A Disney employee who was fired from the company and still had access to its passwords allegedly hacked into the software used by Walt Disney World’s restaurants, according to reporting by 404 Media and Court Watch. A criminal complaint against Michael Scheuer claims he repeatedly accessed the third-party menu-creation system created for Disney and changed menus, including changing fonts to Windings—the font made up entirely of symbols.

“The fonts were renamed by the threat actor to maintain the name of the original font, but the actual characters appeared as symbols,” the criminal complaint says. “As a result of this change, all of the menus within the database were unusable because the font changes propagated throughout the database.”

The allegations aren’t limited to whimsical font vandalism, however. The federal complaint also details how Scheuer allegedly changed menu listings to say that foods with peanuts in them were safe for people with allergies, tried to log into Disney employees’ accounts, locked 14 employees out of their accounts by trying to log in with an automated script, and maintained a folder of personal information about employees and turned up at one person’s home. A lawyer representing Scheuer did not comment on the allegations.

**Redline Infostealer Taken Offline After Infecting Millions of Computers**

For the past few years, infostealers have become a popular tool of choice for hackers, from cybercriminals trying to make money to sophisticated nation state groups. The malware, which is often bundled into pirated software, uses web browsers to collect usernames and passwords, cookies, financial information, and other data you enter into your computer. This week, cops around the world took down the Redline infostealer, which has been used to grab more than 170 million pieces of information and has been linked to large-scale hacks. An almost identical infostealer called Meta was also disrupted. As part of Operation Magnus, US officials identified Russian national Maxim Rudometov as being behind the development of Redline. As TechCrunch reports, Rudometov was identified following a series of operational security errors, including reusing online handles and emails across social media apps and other websites. In its criminal complaint, the US Department of Justice pointed out Rudometov’s dating profile, which apparently has “liked” 89 other users and received no likes in return.

**Strava Data Leaks Sensitive Locations of World Leaders (Again)**

In January 2018, it emerged that GPS data from running and cycling app Strava could expose secret military locations and the movements of people exercising around them. Officials warned that it was a clear security risk. Years later, many seemingly haven’t paid attention. French newspaper Le Monde has revealed in a series of stories that US Secret Service agents are leaking their data through the fitness app, allowing the movements of Joe Biden, Donald Trump, and Kamala Harris to be tracked. Security staff linked to French president Emmanuel Macron and Russian president Vladimir Putin are similarly exposing their movements. Those exposing their data used public profiles and often posted runs starting or finishing at the locations they were staying during official trips. Included in the leaks were bodyguards linked to Putin who were running near a palace the Russian leader has denied owning.

**A Huge Hacking Scandal Rocks Italy—and May Be Spreading**

Italian prosecutors placed four people under house arrest and revealed they are investigating at least 60 others after an intelligence firm in the country allegedly hacked government databases and gathered information on more than 800,000 people. Intelligence company Equalize allegedly gathered information about some of Italy’s most prominent politicians, entrepreneurs, and sports stars, Politico reported. It is alleged that the information accessed included bank transactions, police investigations, and more. The hacked information was reportedly sold or potentially used as part of extortion attempts, with those behind the scheme allegedly earning €3.1 million. The scandal, which has enraged Italian politicians, may also be wider than just its impact in Italy, with the latest reports suggesting Equalize counted Israeli intelligence and the Vatican as clients.

Florida Man Accused of Hacking Disney World Menus, Changing Font to Wingdings

The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.

Source: Tithi Luadthong via Alamy Stock Photo

Earlier this week, researchers uncovered a major cybercriminal operation, dubbed EmeraldWhale, after the attackers dumped more than 15,000 credentials into a stolen, open AWS S3 bucket in a massive Git repository theft campaign. The incident is a reminder to tighten up cloud configurations and review source code for mistakes like the inclusion of hardcoded credentials.

Over the course of the onslaught, EmeraldWhale targeted Git configurations in order to steal credentials, cloned more than 10,000 private repositories, and extracted cloud credentials from source code. 

The campaign used a variety of private tools to abuse misconfigured Web and cloud services, according to the Sysdig Threat Research Team, which discovered the global operation. Phishing is the primary tool the campaign used to steal the credentials, which can be worth hundreds of dollars per account on the Dark Web. The operation also makes money by selling its target lists on underground marketplaces for others to engage in the same activity.

**EmeraldWhale's First Breach**

The researchers were initially monitoring Sysdig TRT cloud honeypot when it observed a ListBuckets call using a compromised account — an S3 bucket dubbed s3simplisitter.

The bucket belonged to an unknown account and was publicly exposed. After launching an investigation, the researchers found evidence of a multifaceted attack, including Web scraping of Git files in open repositories. A massive scanning campaign occurred between August and September, according to the researchers, affecting servers with exposed Git repository configuration files, which can contain hardcoded credentials.

"As security professionals, we cannot afford to be complacent, particularly when it comes to keeping sensitive secrets, API tokens, and authentication credentials out of our source code," Naomi Buckwalter, director of product security at Contrast Security, wrote in an emailed statement to Dark Reading. "Not only should infosec professionals be on the front lines educating their development teams on how to securely store, manage, and access secrets, they should also regularly scan their source code for hard coded credentials and monitor credential usage for anomalous activity."

**Always Have Your Guard Up**

In general, Git directories contain "all information required for version control, including the complete commit history, configuration files, branches, and references."

"If the .git directory is exposed, attackers can retrieve valuable data about the repository's history, structure, and sensitive project information," added the researchers. "This includes commit messages, usernames, email addresses, and passwords or API keys if the repository requires them or if they were committed."

The incident is clear reminder that it's critical for businesses and organizations to have visibility on all services and get a clear view on potential attack surfaces in order to consistently manage them and mitigate threats.

"Many breaches occur because internal services are inadvertently exposed to the public Internet, making them easy targets for malicious actors," Victor Acin, head of threat intel at Outpost24, wrote in an emailed statement to Dark Reading.

Acin recommended that enterprises implement a "proper external attack surface management (EASM) platform" to keep track of potential misconfigurations and shadow IT.

And even when private repositories are supposedly secure, it's worth adding additional protections and ensuring that information is locked down.

EmeraldWhale's Massive Git Breach Highlights Config Gaps

The Recall AI tool will be available to Copilot+ PC subscribers in December, and can be used to record images of every interaction on the device for review later. Critics say this introduces major privacy and security concerns along with useful functionality.

Source: GK Images via Alamy Stock Photo

Microsoft has made the decision to once again delay the release of its new artificial Intelligence tool, Recall, while the company works through trying to make sure all of the handy data it delivers can't be abused by adversaries.

The Recall tool will be part of the suite of services delivered through Microsoft's AI Assistant software, Copilot+. Recall's job, once it's rolled out, will be to gather "snapshots" of each action on the PC to be accessible later through an easy search. The software will be able to "recall" the exact moment the user saw a website, used an app, or interacted with a document.

Compelling use cases aside, information security professionals have balked at Recall's ability to keep its snapshots secure from would-be threat actors. For its part, Microsoft has taken these cybersecurity concerns seriously. In June, Microsoft announced it had added new privacy and security features to Recall just days ahead of its intended rollout date. That release was ultimately pushed back to October in order to take extra steps to shore up the tool's security. Now, the release date has been pushed back again.

"We are committed to delivering a secure and trusted experience with Recall," according to a statement about the delay from Brandon LeBlanc, senior product manager for Windows. "To ensure we deliver on these important updates, we’re taking additional time to refine the experience before previewing it with Windows Insiders. Originally planned for October, Recall will now be available for preview with Windows Insiders on Copilot+ PCs by December."

Related:News Desk 2024: Hacking Microsoft Copilot Is Scary Easy

**Microsoft Pledges to Secure Recall**

In late September, David Weston, Microsoft's vice president of enterprise and OS security, detailed the company's commitment to the security of Recall data, stressing the tool is opt-in only, encrypted, and includes malware protection; and, its data is protected in a virtualization-based security (VBS) enclave inaccessible by even admin and kernel users without biometric authentication.

"Using VBS Enclaves with Windows Hello enhanced sign-in security allows data to be briefly decrypted while you use the Recall feature to search. Authorization will time out and require the user to authorize access for future sessions," Weston wrote. "This restricts attempts by latent malware trying to 'ride along' with a user authentication to steal data."

Weston further assured those concerned about Recall's security that: in-private browsing information is never saved by Recall; users have an option to filter out specific sites or apps from Recall recording; content filtering keeps data like credit card and Social Security numbers from being stored; users can delete stored information by date, content, app, or website; and an icon clearly shows when snapshots are being saved, so users can easily pause the function.

Related:Cybersecurity Job Market Stagnates, Dissatisfaction Abounds

"Recall’s secure design and implementation provides a robust set of controls against known threats," Weston added. "Microsoft is committed to making the power of AI available to everyone, while retaining security and privacy against even the most sophisticated attacks."

**Is Microsoft Eyeing Claude's 'Computer Use' Feature?**

It appears Microsoft is taking the warnings from the cybersecurity community about Recall's potential business risks seriously, Bugcrowd founder Casey Ellis tells Dark Reading. Redmond might also have its eye on a recent release of a similar tool in Anthropic's Claude AI before rolling out Recall, he adds.

"After the initial reaction to Recall — and some of the security and privacy concerns raised by how it was implemented — Microsoft appears to be hastening slowly here," Ellis says. "I wouldn’t be surprised if they’re taking the opportunity to learn from how the market responds to and uses Anthropic’s 'computer use' feature, which is very similar to Recall from a privacy, security, and functionality standpoint."

Related:Noma Launches With Plans to Secure Data, AI Life Cycle

Released just days ago, the computer use feature allows the latest version of Claude to interact with a computer in the same way as a human. Claude's new feature, like Recall, ingests screenshots from Internet-connected computers. And in its Oct. 22 announcement of the release, Anthropic admitted the tool does indeed come with inherent cybersecurity risks.

"In this spirit, our Trust & Safety teams have conducted extensive analysis of our new computer-use models to identify potential vulnerabilities," the release announcement said. "One concern they've identified is prompt injection — a type of cyberattack where malicious instructions are fed to an AI model, causing it to either override its prior directions or perform unintended actions that deviate from the user's original intent."

Anthropic added that it hopes to work out this and other issues in its public beta phase, which will certainly be of keen interest to Microsoft as it works through its Recall release.

Claude, according to Anthropic, will not use this user-submitted data to train its own AI model. But when it comes to Microsoft, security consultant John Bambenek isn't so sure Recall will adhere to the same standard.

"AI systems require tons of data, which means Microsoft wants all the data on how users are interacting with their computers," Bambenek says. "I am not sure the feature is terribly useful for end users, however, it certainly is for training future models. It has enormous privacy implications, so hopefully the delay is useful in terms of minimizing the risks and potential harms to end users."

While Microsoft security teams and Anthropic's Claude feature testing move forward, Patrick Harr, CEO of SlashNext Email Security, warns these tools remain vulnerable to cyberattack.

"We continually see phishing and socially engineered attacks from professional groups, mimicking support staff that target company users either through email, other messaging apps, or even bot calls to provide remote access to their desktops," Harr says. "Once accessed into Recall, the threat actors have perfect timeline and information about that user that can be exploited. Proceed with caution until this update is done."

Privacy Anxiety Pushes Microsoft Recall AI Release Again

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world's most visited travel website.

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its **booking.com** credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website.

According to the market share website **statista.com**, booking.com is by far the Internet’s busiest travel service, with nearly 550 million visits in September. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

The missive bore the name of the hotel and referenced details from their reservation, claiming that booking.com’s anti-fraud system required additional information about the customer before the reservation could be finalized.

The phishing message our reader’s friend received after making a reservation at booking.com in late October.

In an email to KrebsOnSecurity, booking.com confirmed one of its partners had suffered a security incident that allowed unauthorized access to customer booking information.

“Our security teams are currently investigating the incident you mentioned and can confirm that it was indeed a phishing attack targeting one of our accommodation partners, which unfortunately is not a new situation and quite common across industries,” booking.com replied. “Importantly, we want to clarify that there has been no compromise of Booking.com’s internal systems.”

The phony booking.com website generated by visiting the link in the text message.

Booking.com said it now requires 2FA, which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password.

“2FA is required and enforced, including for partners to access payment details from customers securely,” a booking.com spokesperson wrote. “That’s why the cybercriminals follow-up with messages to try and get customers to make payments outside of our platform.”

“That said, the phishing attacks stem from partners’ machines being compromised with malware, which has enabled them to also gain access to the partners’ accounts and to send the messages that your reader has flagged,” they continued.

It’s unclear, however, if the company’s 2FA requirement is enforced for all or just newer partners. Booking.com did not respond to questions about that, and its current account security advice urges customers to enable 2FA.

A scan of social media networks showed this is not an uncommon scam.

In November 2023, the security firm **SecureWorks** detailed how scammers targeted booking.com hospitality partners with data-stealing malware. SecureWorks said these attacks had been going on since at least March 2023.

“The hotel did not enable multi-factor authentication (MFA) on its Booking.com access, so logging into the account with the stolen credentials was easy,” SecureWorks said of the booking.com partner it investigated.

In June 2024, booking.com told the BBC that phishing attacks targeting travelers had increased 900 percent, and that thieves taking advantage of new artificial intelligence (AI) tools were the primary driver of this trend.

Booking.com told the BCC the company had started using AI to fight AI-based phishing attacks. Booking.com’s statement said their investments in that arena “blocked 85 million fraudulent reservations over more than 1.5 million phishing attempts in 2023.”

The domain name in the phony booking.com website sent to our reader’s friend — **guestssecureverification\[.\]com** — was registered to the email address **ilotirabec207@gmail.com**. According to DomainTools.com, this email address was used to register more than 700 other phishing domains in the past month alone.

Many of the 700+ domains appear to target hospitality companies, including platforms like booking.com and **Airbnb**. Others seem crafted to phish users of **Shopify**, **Steam**, and a variety of financial platforms. A full, defanged list of domains is available here.

A cursory review of recent posts across dozens of cybercrime forums monitored by the security firm Intel 471 shows there is a great demand for compromised booking.com accounts belonging to hotels and other partners.

One post last month on the Russian-language hacking forum **BHF** offered up to $5,000 for each hotel account. This seller claims to help people monetize hacked booking.com partners, apparently by using the stolen credentials to set up fraudulent listings.

A service advertised on the English-language crime community **BreachForums** in October courts phishers who may need help with certain aspects of their phishing campaigns targeting booking.com partners. Those include more than two million hotel email addresses, and services designed to help phishers organize large volumes of phished records. Customers can interact with the service via an automated Telegram bot.

Some cybercriminals appear to have used compromised booking.com accounts to power their own travel agencies catering to fellow scammers, with up to 50 percent discounts on hotel reservations through booking.com. Others are selling ready-to-use “config” files designed to make it simple to conduct automated login attempts against booking.com administrator accounts.

SecureWorks found the phishers targeting booking.com partner hotels used malware to steal credentials. But today’s thieves can just as easily just visit crime bazaars online and purchase stolen credentials to cloud services that do not enforce 2FA for all accounts.

That is exactly what transpired over the past year with many customers of the cloud data storage giant **Snowflake**. In late 2023, cybercriminals figured out that while tons of companies had stashed enormous amounts of customer data at Snowflake, many of those customer accounts were not protected by 2FA.

Snowflake responded by making 2FA mandatory for all new customers. But that change came only after thieves used stolen credentials to siphon data from 160 companies — including **AT&T**, **Lending Tree** and **TicketMaster**.

Booking.com Phishers May Leave You With Reservations

OWASP has released guidance materials addressing how to respond to deepfakes, AI security best practices, and how to secure open source and commercial generative AI applications.

Source: Jozef Sedmak via Alamy Stock Photo

The Open Worldwide Application Security Project (OWASP) has announced new security guidance materials to help organizations identify and manage the risks associated with the adoption, deployment, and management of large language models (LLMs) and generative artificial intelligence (GenAI) applications. 

The guidance is part of the OWASP Top 10 for LLM Application Security Project, a global, community-led open source project. Since its inception in 2023, the group has released research, guidance, and resource materials to help organizations develop a comprehensive strategy encompassing governance, collaboration, and practical tools.

*   The "Guide for Preparing and Responding to Deepfake Events" illustrates the problems posed by "hyper-realistic digital forgeries." An outgrowth of the AI Cyber Threat Intelligence initiative, this resource combines practical and pragmatic defense strategies to help organizations stay secure as deepfake technology improves. 
    
*   The "Center of Excellence Guide" helps businesses establish best practices and frameworks for creating AI security practices. The guidance helps organizations establish systems for risk management and interdepartmental coordination among security, legal, data science, and operations teams, as well as how to develop and enforce security policy and educate staff on AI security.
    
*   The "AI Security Solution Landscape Guide" is a broad reference on how to secure both open source and commercial LLM and GenAI applications. It categorizes existing and emerging security products and gives guidance on how to think about risks identified in the Top 10 list.
    

The project brings together more than 500 cybersecurity and AI experts from companies and organizations around the world to identify LLM vulnerabilities and mitigations. In early 2024, the project expanded its focus to include strategic stakeholders, like CISOs and compliance officers, in addition to developers, data scientists, and other security practitioners.

"We're two years into the generative AI boom, and attackers are using AI to get smarter and faster," said Steve Wilson, project lead for the OWASP Top 10 for LLM Project, in a statement. "Security leaders and software developers need to do the same. Our new resources arm organizations with the tools they need to stay ahead of these increasingly sophisticated threats."

**About the Author**

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Tag

#intel