L'Enisa recense 488 incidents dans la finance, les banques européennes sont les premières victimes
Pour la première fois, l'Agence de l'Union européenne pour la cybersécurité s'est penchée sur les menaces dans le secteur de la finance. Sur les 488 incidents publiquement signalés, 301 ont touché les établissements européens, suivis des organisations publiques liées aux finances. Pour lutter contre les cyberattaques, l'ENISA rappelle l'importance de se conformer au RGPD, NIS 2 et Dora.
"L'industrie financière est une cible privilégiée en raison de la grande valeur des données financières et du potentiel de gains financiers importants", résume l'Enisa, l'Agence de l'Union européenne pour la cybersécurité, à propos de son nouveau rapport sur le paysage des cybermenaces dans le secteur financier.
Si elle s'intéresse à ce secteur pour la première fois, c'est parce que les conséquences d'une cyberattaque dans ce domaine peuvent être gravissimes pour l'établissement victime mais aussi pour l'économie d'un pays, et qu'un tel incident coûte très cher. En effet, pour la 12ème année consécutive, l'industrie financière a enregistré le coût moyen le plus élevé au monde en cas de violation de données, au troisième rang après les administrations publiques et les organisations de transport.
Improving Kubernetes Security: Lessons from an Istio Configuration Finding
As a part of our ongoing work to secure cloud computing infrastructure, we delved into the inner workings of some popular Kubernetes add-ons. Our first subject of research was Istio, a popular service mesh add-on.
Istio is an open-source service mesh for Kubernetes that manages communication between microservices. It provides traffic management, security, and observability features without requiring code changes. Istio simplifies complex networking tasks, enhances security, and offers detailed insights into service interactions, improving overall application reliability and performance.
Our research focused on leveraging features of said add-ons to either gain additional access, escalate privileges in the cluster, or hide malicious privileged workloads “in the noise” of a cluster by abusing various features to hide in plain sight. While looking into Istio, we wanted to list all of the avenues an attacker could take advantage of in order to gain control of a cluster following a successful exploitation of a workload.
In this blog post, we cover the Istio feature that we chose to focus on in our research: the ProxyImage annotation. We share our research process, findings, possible ramifications, and the disclosure and remediation process.
Source : https://www.crowdstrike.com/en-us/blog/istio-configuration-finding-improve-kubernetes-security/
SolarWinds hack explained: Everything you need to know
Hackers targeted SolarWinds by deploying malicious code into its Orion IT monitoring and management software used by thousands of enterprises and government agencies worldwide.
2020 was a roller coaster of major, world-shaking events. We all couldn't wait for the year to end. But just as 2020 was about to close, it pulled another fast one on us: the SolarWinds hack, one of the biggest cybersecurity breaches of the 21st century.
The SolarWinds hack was a major event not because a single company was breached, but because it triggered a much larger supply chain incident that affected thousands of organizations, including the U.S. government.
What is SolarWinds?
SolarWinds is a major software company based in Tulsa, Okla., which provides system management tools for network and infrastructure monitoring, and other technical services to hundreds of thousands of organizations around the world. Among the company's products is an IT performance monitoring system called Orion.
As an IT monitoring system, SolarWinds Orion has privileged access to IT systems to obtain log and system performance data. It is that privileged position and its wide deployment that made SolarWinds a lucrative and attractive target.
Source : https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know
Manipulate GitHub Copilot
Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to. Researchers have discovered two new ways to manipulate GitHub's artificial intelligence (AI) coding assistant, Copilot, enabling the ability to bypass security restrictions and subscription fees, train malicious models, and more.
The first trick involves embedding chat interactions inside of Copilot code, taking advantage of the AI's instinct to be helpful in order to get it to produce malicious outputs. The second method focuses on rerouting Copilot through a proxy server in order to communicate directly with the OpenAI models it integrates with.
Researchers from Apex deem these issues vulnerabilities. GitHub disagrees, characterizing them as "off-topic chat responses," and an "abuse issue," respectively. In response to an inquiry from Dark Reading, GitHub wrote, "We continue to improve on safety measures in place to prevent harmful and offensive outputs as part of our responsible AI development. Furthermore, we continue to invest in opportunities to prevent abuse, such as the one described in Issue 2, to ensure the intended use of our products."
Jailbreaking GitHub Copilot "Copilot tries as best as it can to help you write code, [including] everything you write inside a code file," Fufu Shpigelman, vulnerability researcher at Apex explains. "But in a code file, you can also write a conversation between a user and an assistant."
....
Source : https://www.darkreading.com/vulnerabilities-threats/new-jailbreaks-manipulate-github-copilot
