The popular package manager for software developers has been vulnerable to this attack vector for a while, and negligent in fixing the problem, according to a former employee.

A weakness in Node Package Manager (npm) could allow anybody to hide malicious dependencies and scripts within their packages, a former GitHub employee claims.

Npm is owned by GitHub and is used for JavaScript code sharing, serving more than 17 million developers. It's the world's largest software registry, containing more than 2 million packages, according to the website.

In blog post on June 27, Darcy Clarke, former staff engineering manager for npm's command line interface team, detailed a weakness in the site he named "manifest confusion."

The "confusion" arises from the fact that npm doesn't validate the metadata associated with any given package, theoretically enabling any publisher to hide certain information about their packages, including the scripts it runs and the dependencies on which it relies.

**What Is Manifest Confusion?**

Npm — and other repositories like it — has been under pressure in recent months, with more and more hackers devising novel methods to poison packages and spread their malware through the code supply chain.

Not all credit goes to the hackers, though — some npm security risks arise from the way the platform itself works, as with its lagging efforts against typosquatting, and, now, manifest confusion, Clarke said.

The problem is that npm doesn't automatically cross-reference a package's "manifest" — what users first see when they visit a package on the site — against its package.json, the standard file describing its contents. Both the manifest and package.json contain metadata including, crucially, what scripts and dependencies the package runs on.

It stands to reason, then, that they should agree with one another, but a publisher can simply manipulate a package's manifest, and npm won't notice. As a case in point, Clarke created an npm package with a manifest stripped of any evidence of the dependencies in its package.json.

Theoretically, hackers could do the same with their own packages, in order to conceal the existence of malware from unwitting software developers.

**Why npm Doesn't Validate**

Clarke posited an historical precedent for manifest confusion. "Before the node ecosystem became what it is today," he wrote, "the number of people contributing to the corpus of software you trusted to use and download was very small. With a smaller community, you have more trust, and even as the npm registry was being developed, most aspects were open source and freely available to be contributed to and code inspected."

Even today, "various references in docs.npmjs.com \[point\] to the fact that the registry stores the contents of package.json as the metadata — and nowhere does it mention that the client is responsible for ensuring consistency," Clarke explained.

Exactly why the system works this way isn't clear. At the time of publication, GitHub had not responded to Dark Reading's request for comment.

"\[Who knows\] the real reasons they chose to do validation client-side versus server-side?" says Mike Parkin, senior technical engineer at Vulcan Cyber. "It seems they chose to lean toward easier organic growth versus a path that would have given more security but would have impacted ease of use."

**No Signs Manifest Confusion Will Be Fixed Soon**

According to Clarke, GitHub has been aware of the manifest confusion weakness since at least Nov. 4 last year, and Clarke himself submitted a report on it March 9. However, "GitHub closed that ticket and said they were dealing with the issue 'internally' on March 21st," he lamented in his posting. “To my knowledge, they have not made any significant headway, nor have they made this issue public.”

But "GitHub is understandably in a tough spot," he acknowledged. "The fact that npmjs.com has functioned this way for over a decade means that the current state is pretty much codified."

Clarke, it may be noted, is the founder of an alternative website for JavaScript packages, vlt.

With no solution in sight, it will be up to developers to make sure they're not downloading anything they don't realize is in a package. Clarke recommended that developers rely only on the metadata indicated by the package's contents, not its manifest, to account for any potential discrepancies.

To Parkin, taking care around third-party code needs to be mandatory practice for any developer and organization. "That's especially true with obscure libraries, or older ones that haven't seen a lot of active development and may have been orphaned, or libraries that were recently added," he says. "While none of those factors are immediate red flags that would preclude using them in a project, they are factors that make vetting the sources even more important."

It doesn't have to be difficult, though — plenty of vendors have been working on this problem for a while.

"There are automated tools that can scan code for unusual features and obvious exploits, and those tools need to be part of the developer's toolkit," Parkin says, pointing to OWASP's list of source code analysis tools.

"Validating your packages should not be an optional step," he concludes. "Instead, it should be built into any coding project that relies on third party libraries. Full stop."

Npm Plagued With 'Manifest Confusion' Malware-Hiding Weakness

With at least 13,000 compromised devices in the data leak, it is still unknown who the threat actor is or whether or not victims will be personally notified.

LetMeSpy, an Android phone-tracking company that has been used to track more than 236,000 phones, was hacked on June 21, resulting in threat actors gaining unauthorized access to its users' data dating as far back as 2013.

The hack was discovered by a Polish security research team at Niebezpiecznik, which contacted the maker of the spyware app — but the researchers instead received a response from the threat actor, suggesting the person had taken over the LetMeSpy domain. It is unknown who the threat actor is or what the motives are. 

The phone-tracking app, designed to be hidden from the home screen of a phone in order to remain undetected, was created for and marketed toward parents to control the phone usage of minors and for employers to monitor employees. But the app can also be used in more malicious and threatening "stalkerware" ways, such as an abusive spouse planting the app in a partner's phone, allowing access to any data the stalker deems necessary. Once the app is downloaded, it uploads information — including texts, call logs, and location data — so that an individual can be tracked to a precise location.

**Target for Leaks and Hacks**

Because they have a deep level of accessibility into phone, these types of apps are targets for leaks and hacks.

"The database we reviewed contained current records on at least 13,000 compromised devices, including detailed phone records, though some of the devices shared little to no data with LetMeSpy (LetMeSpy claims to delete data after two months of account inactivity)," stated TechCrunch, which obtained a copy of the leaked data.

LetMeSpy has stated that it has notified law enforcement and its local data protection authority, UODO, but it is unknown as to whether or not it will be notifying victims who have compromised phones.

LetMeSpy Phone-Tracking App Hacked, Revealing User Data

Because social engineering usually succeeds, companies need to test whether their defenses can block adversaries that gain employees' trust.

When Alethe Denis conducts a social engineering attack as part of a red team exercise, the Bishop Fox security consultant often presents the targets with the exact email template that her team intends to use — such as a dress-code missive from human resources — and yet the attack almost always succeeds.

"They've literally seen the email template, and I've highlighted the fact in my training that HR-based pretexts are extremely common and incredibly successful — 'Here's an example of a dress-code e-mail template,'" she says. "And they go, 'Yes, yes, yes.' And then on the day that I send the campaign, at least one person clicks."

Pretext attacks and phishing have taken off as attackers have come to rely on them as an effective approach to compromising businesses, with about one in every six attacks including a social engineering component, according to Verizon's recently released "2023 Data Breach Investigations Report" (DBIR). For that reason, social engineering has also become a necessary part of red team exercises and penetration tests, and more providers are expanding their service offerings. Bishop Fox, for example, announced on June 28 that the firm had expanded its red team offerings to include social engineering attack emulation, more in-depth reporting on human-focused attacks, and the ability for customers to "ride along" to both learn from and oversee any exercises.

The goal is not only to show the potential threat that the social engineering vector poses for initial access, but to highlight how companies can react effectively following a successful attack, Denis says.

"We don't rely simply on testing humans when we're conducting social engineering," she says. "Our goal is to understand the weaknesses and then make recommendations that would allow the organization to put technical controls in place to prevent phishing and social engineering."

The shift is another way that today's red team engagements and penetration testing differ from those of a decade ago. Consultants are more focused on emulating the attackers, not just outfoxing the defenders and finding the easiest way to a business' crown jewels. In addition, penetration testing is more integrated with other security tools, such as those used by security operations centers and application security teams. And because more companies have grown accustomed to crowdsourcing, penetration-testing services now offer more frequent engagements.

**Understanding the Impact of Social Engineering**

By including social engineering in a penetration-testing engagement, companies gain the opportunity to learn about specific weak points in their training and environments, such as lax security protocols and a lack of security awareness among employees, says Chris Scott, managing partner at Unit 42 at Palo Alto Networks.

"These tests are more than just seeing if an attack could succeed, but also to discover how it could succeed within your environment," he says. "Social engineering is part of the early phases of an attack, and being able to detect and respond to these attacks is key to limiting their impact."

Attackers continue to gather more passive intelligence on their targets, prior to an attack, according to experts. While a penetration test can help you discover easily exploitable vulnerabilities, focusing on social engineering tactics will make it that much harder for an attacker to succeed, says Andrew Obadiaru, chief information security officer at crowdsourced pen-testing service Cobalt.

"Threat actors understand what motivates people to enter their credentials, reply to an email, or click a link," he says. "Mitigating endpoint security, such as social engineering, is important because it shows how people react to urgent situations and whether or not they are willing to disclose personal or intellectual information."

**Purple Is the New Black**

The ultimate reason to add social engineering to a red team exercise or penetration-testing engagement is to allow companies to uncover the unexpected ways that an attacker could parlay a simple email message into a significant compromise. Conducting tabletop exercises internally has its limits, says Erich Kron, a technical evangelist at security awareness firm KnowBe4.

"Testing yourself for vulnerabilities is a lot like grading your own homework, so it is important to have an outside view and approach to finding vulnerabilities in your organization," he says.

Thus, the "purple team" approach — where penetration testers, or red teams, work with the internal security team, or blue team — is critical, Kron adds.

"A penetration test that provides the organization with a list of vulnerabilities is far less useful than coordinating with the defensive team so they understand the vulnerabilities and how to mitigate them," he says.

Overall, companies need to make sure that their security operations can respond in the right way to a successful social engineering attack and find ways to prevent the initial compromise. Putting rules in the browser that prevent people from visiting newly registered domains and rolling out multifactor authentication are two good ways for businesses to harden their IT environments against social engineering, Bishop Fox's Denis says.

"Regimented, compliance-driven phishing exercises are great to support training efforts and security awareness training to help individuals identify when they're being manipulated," she says. "But while they're great for training purposes, they should not be relied upon for protection of the organization against social engineering."

Social Engineering Adds Depth to Red Team Exercises

The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services.

**New York, June 28, 2023** – Astrix Security, the enterprise’s trusted solution for securing non-human identities, has secured $25 million in Series A funding led by CRV with participation from existing investors Bessemer Venture Partners and F2 Venture Capital. This new investment brings Astrix’s total funding to almost $40 million. 

Fueled by the increased adoption of automation and generative AI initiatives, the enterprise’s connectivity to third-party applications is growing, resulting in an increase in cyber attacks targeting non-human app-to-app connections (via API keys, access tokens, service accounts, etc.) – as seen in high profile attacks against CircleCI, Mailchimp, GitHub, Microsoft, and Slack. 

Despite financial instability within the market, Astrix is experiencing exponential year-over-year growth and momentum as a leader in securing this growing threat vector. The company recently added Figma, Priceline, Bloomreach, Rapyd and many others to its customer roster and was recognized as a finalist in the 2023 RSA Innovation Sandbox contest. The business also doubled its headcount, and will use this funding to continue expanding the team in both the U.S. and Tel Aviv offices, including its research team who recently discovered GhostToken, a critical 0-day vulnerability in the Google Cloud Platform. 

“We founded Astrix to close a significant and unaddressed security gap, by allowing security teams to extend access management and threat detection to the non-human identity layer,” said Alon Jackson, CEO and co-founder at Astrix. “It’s amazing to experience the tremendous adoption by security teams, as well as see Astrix’s capabilities become essential to their every-day security arsenal. We look forward to continuing to expand our capabilities and partnerships, allowing organizations to truly reap the benefits of third-party services, especially Gen-AI apps, without compromising security.”

The enterprise environment depends on a vast web of interconnected apps, supported with an average of 10,000 app-connections for every 1,000 employees. More so, with AI-powered apps being downloaded 1506% more than last year, and often connected by employees across departments without the security team’s knowledge, having visibility and governance into every third-party connection is virtually impossible. While existing solutions focus on securing user-connections, Astrix is the first solution to focus on securing app-connections, allowing the enterprise to ensure their core systems are securely connected to each other and to third-party services.

“As a growing threat vector, there has been a shift in the market to focus on third-party connectivity,” said James Green, General Partner at CRV. “Astrix caught our eye for their innovative approach to extending IAM and threat detection to all non-human identities, giving unprecedented capabilities to manage the growing API-based third-party attack surface across all environments.”

“Partnering with Astrix from inception, we’ve seen the vast impact they’ve had on the industry in a short amount of time,” said Amit Karp, Partner at Bessemer Venture Partners. “From raising awareness to this growing attack surface to supporting some of the leading companies in the world, we’re excited for what’s to come as Astrix expands and continues protecting customers from the next supply chain attack.”

“The progress Astrix has made from seed funding to now is incredible,” said Jonathan Saacks, Managing Partner at F2 Venture Capital. “The company has made a mark on the industry already, and with the wealth of knowledge and experience from this team, we are confident they will continue to be the security asset every business needs and relies on in their toolbox.”

The Astrix Security Platform is the first solution to provide holistic visibility into all non-human connections and identities. Astrix provides a consolidated, comprehensive view of all the internal and third-party integrations within a business environment, as well as all access keys in use (i.e., API keys, OAuth tokens, service accounts, and webhooks) and the permissions and level of access granted to each one. With Astrix, businesses can extend their identity threat detection and response capabilities to non-human identities by continuously running behavioral analysis of internal and third-party apps connected to core SaaS, IaaS and PaaS systems to detect anomalies that may indicate compromised access tokens and automatically remediate risky connections.

**About Astrix Security**

Founded in Tel Aviv in 2021, Astrix Security helps cloud-first companies defend against a new generation of supply chain attacks. Astrix provides holistic visibility into all non-human connections and identities – automatically detecting and remediating over-privileged, unnecessary, misbehaving and malicious app-to-app connections to prevent supply chain attacks, data leaks and compliance violations. Led by two veterans of the Israel Defense Force 8200 military intelligence unit, CEO Alon Jackson and CTO Idan Gour, Astrix’s team is rapidly expanding. Astrix has raised nearly $40M in funding, with a Series A led by CRV, and additional investments from Bessemer Venture Partners, F2 Venture Capital, Venrock and Kmehin Ventures. Learn more at https://astrix.security or follow us on LinkedIn.

**About CRV**

CRV is a venture capital firm that invests in early-stage startups. Since 1970, the firm has invested in more than 500 startups at their most crucial stages, including Airtable, DoorDash and Vercel. Founders need more than capital to build a great company. It takes a partner who understands the entrepreneurial journey and knows what it takes to win. From founding to IPO and beyond, CRV is there every step of the way. Founders rely on CRV to be trusted, long-term, committed partners, which has helped make CRV into one of the longest-running venture capital firms in the world. Learn more about CRV and the companies shaping the future at https://www.crv.com.

**About Bessemer Venture Partners** 

Bessemer Venture Partners helps entrepreneurs lay strong foundations to build and forge long-standing companies. With more than 145 IPOs and 300 portfolio companies in the enterprise, consumer and healthcare spaces, Bessemer supports founders and CEOs from their early days through every stage of growth. Bessemer’s global portfolio has included Pinterest, Shopify, Twilio, Yelp, LinkedIn, PagerDuty, DocuSign, Wix, Fiverr, and Toast and has $20 billion of assets under management. Bessemer has teams of investors and partners located in Tel Aviv, Silicon Valley, San Francisco, New York, London, Hong Kong, Boston, and Bangalore. Born from innovations in steel more than a century ago, Bessemer’s storied history has afforded its partners the opportunity to celebrate and scrutinize its best investment decisions (see Memos) and also learn from its mistakes (see Anti-Portfolio). 

**About F2**  

F2 Venture Capital is a Tel Aviv-based VC firm that invests in early-stage technology companies on the cutting edge.

Our team members have been investors, operators, and engineers in startups and multinational giants that changed the game over the last twenty years. With $500 million assets under management and personalized support, F2 powers visionary founders on their bold missions.

F2 also operates Israel’s most active pre-seed investment platform, to back founders with guidance, network, and capital from day zero. More details @ www.f2vc.com

Astrix Security Raises $25M in Series A Funding

The combination of data science expertise, cloud resources, and Cato's vast data lake enables real-time, ML-powered protection against evasive cyberattacks, reducing risk and improving security.

**TEL AVIV, Israel, June 27, 2023** — Cato Networks, provider of the world's leading single-vendor SASE platform, introduced today real-time, deep learning algorithms for threat prevention as part of Cato IPS. The algorithms leverage Cato's unique cloud-native platform and vast data lake to provide highly accurate identification of malicious domains, which are often used in phishing and ransomware attacks. In testing, the deep learning algorithms identified nearly six times more malicious domains than reputation feeds alone. Cato's Security Research Manager, Avidan Avraham, and Cato Data Scientist Asaf Fried presented on the use of machine learning to detect C2 communications at the AWS Summit in Tel Aviv.

**Tapping Deep Learning to Stop Phishing and Ransomware Attacks**

Real-time identification of malicious domains and IPs is essential to stopping phishing, ransomware, and other cyber threats. The traditional approach – relying on domain reputation feeds to categorize and identify malicious domains – has proven far too inaccurate as domain generation algorithms (DGAs) enable attackers to quickly generate new domains, which lack reputation. At the same time, users continue to click through to malicious domains mimicking well-known brands (such as microsoftt\[dot\]com or amazonlink\[dot\]online) whose lack of reputation also makes detection by reputation feeds alone unreliable. 

Cato's real-time, deep-learning algorithms address both problems. The algorithms prevent access to DGA-registered domains by identifying those new domains infrequently visited by users and with letter patterns common to DGAs. They block cybersquatting by hunting for domains with letter patterns similar to well-known brands. And the algorithms stop brand impersonation by examining parts of the webpage, such as the favicon, images, and text. 

These radical advancements in network security are enabled by the cloud-native architecture of Cato’s technology. Real-time deep learning algorithms require significant compute resources to avoid disrupting the user experience. The Cato SASE Cloud provides those resources. In milliseconds, Cato inspects flows, extracts their destination domain, measures the domain's risk, and infers the necessary results from the traffic without disrupting the user experience. 

At the same time, deep learning models need extensive training data. The massive data lake underlying Cato SASE Cloud provides that resource. Built from the metadata of every flow traversing Cato and further enriched by 250+ threat intelligence feeds, the deep learning algorithms benefit from analyzing patterns across all Cato customers. Those insights are further enhanced by custom analyses derived from customers' traffic—the result: precise, algorithmic identification of suspicious domains. 

**Real-time Deep Learning Yields 6X Improvement in Threat Detection**

Cato Research Labs routinely observes tens of millions of network connection attempts to DGA domains from across the 1700+ enterprises using the Cato SASE Cloud. For example, of the 457,220 network connection attempts to DGA domains made in a sample period, only 66,675 (15 percent) were listed in the 250+ threat intelligence feeds consumed by Cato. By contrast, Cato algorithms identified the rest, over 390,000 additional DGA domains, a nearly six-fold improvement.

**Real-time, Deep Learning: Just One Part of Cato’s Multitiered Security Protection **

Cato's real-time, deep learning algorithms are not the only way Cato detects and stops threats. The Cato SASE Cloud's combination of SWG, NGFW, IPS, NGAM, CASB, DLP, RBI, and ZTNA provides multitiered protection against exploitations, disrupting cyberattacks at multiple points in MITRE's ATT&CK Framework.

The deep learning algorithms are the latest AI and ML additions to the Cato SASE Cloud. Cato has long used machine learning for offline analysis to solve problems at scale, such as OS detection, client classification, and automatic application identification. ChatGPT is also used in various ways, including automatically generating descriptions of threats for Cato's threat catalog. 

To learn more about Cato and its security capabilities, visit https://www.catonetworks.com/security-service-edge/.

**Supporting Quotes**

**Elad Menahem, senior director of security, Cato Networks**

"ML and AI are essential to defending against the ever-evolving, sophisticated, and evasive cyber-attacks. But that’s easier marketed than done,” says Elad Menahem, senior director of security at Cato Networks. “ML algorithms must be trained and re-trained on high-quality data to provide value. Cato’s data lake provides an enormous advantage in that area. Its convergence of rich networking data and security sources, coupled with its sheer scale, enables Cato to train algorithms in unique ways. Our current work is only the start of AI and ML innovation.” 

**Asaf Fried, Data Scientist, Cato Networks**

"Real-time ML must be continuously trained and updated to deal effectively with evasive attacks. A SASE cloud allows training on quality data at scale and continuous updates. Appliance-based solutions can’t offer either, making enterprises who rely on them for their network security an easier target."

**Supporting Resources**

*   Read Cato Blog 
*   Read about Elad Menahem
*   Read about Asaf Fried

*   For more information about Cato's news and activities, follow the company via Twitter, LinkedIn, Facebook, Instagram, and YouTube. 

**About Cato Networks**  
Cato provides the world's most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, into a global cloud service. Cato SASE Cloud optimizes and secures application access for all users and locations everywhere. Using Cato, customers easily replace costly and rigid legacy MPLS with modern network architecture based on SD-WAN, secure and optimize a hybrid workforce working from anywhere, and enable seamless cloud migration. Cato enforces granular access policies, protects users against threats, and prevents sensitive data loss, all easily managed from a single pane of glass. With Cato, businesses are ready for whatever's next.

Cato Networks Revolutionizes Network Security With Real-Time, Machine Learning-Powered Protection

Survey also uncovers 63% of respondents distrust ChatGPT while 51% question AI's ability to improve Internet safety.

**SANTA CLARA, Calif.****,** **June 27, 2023** **/PRNewswire/ --** Malwarebytes, a global leader in real-time cyber protection, today released the results of its consumer pulse survey, exposing deep reservations about ChatGPT, with optimism in startlingly short supply.

"An AI revolution has been gathering pace for a very long time, and many specific, narrow applications have been enormously successful without stirring this kind of mistrust," said Mark Stockley, Cybersecurity Evangelist at Malwarebytes. "At Malwarebytes, Machine Learning and AI have been used for years to help improve efficiency, to identify malware and improve the overall performance of many technologies. However, public sentiment on ChatGPT is a different beast and the uncertainty around how ChatGPT will change our lives is compounded by the mysterious ways in which it works."

The survey findings indicate that ChatGPT has a trust issue. Only 10% surveyed agreed with the following statement, "I trust the information produced by ChatGPT," while 63% disagreed. Similar sentiment was held among respondents in relation to accuracy with only 12% agreeing with the statement, "the information produced by ChatGPT is accurate," while over half (55%) disagreed.

Beyond concerns around trust and accuracy, a resounding 81% of respondents believed ChatGPT could be a possible safety or security risk with 52% of respondents calling for a pause on ChatGPT work for regulations to catch up – echoing similar tech luminary concerns voiced earlier this year. 

**Key Findings**

Despite the avalanche of ChatGPT media coverage and online chatter, only 35% of respondents agreed with the statement "I am familiar with ChatGPT," significantly less than the 50% that disagreed.

Of those who said they were familiar with ChatGPT:

*   12% agree the information produced by ChatGPT is accurate
*   81% are concerned about possible security and safety risks
*   63% distrust ChatGPT information
*   51% question whether AI tools can improve internet safety 
*   52% want ChatGPT developments paused in order for regulations to catch up

To read the full findings, visit our blog: www.malwarebytes.com/blog/news/2023/06/chatgpt.

To read more about the latest threats and cyber protection strategies, visit our newsroom, or follow us on Facebook, Instagram, LinkedIn, TikTok, and Twitter.

**Survey Methodology**

Malwarebytes conducted a pulse survey of its newsletter readers across the globe between May 29 and May 31, 2023, via the Alchemer Survey platform. In total, 1449 people responded.

**About Malwarebytes**

Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes' award-winning endpoint protection, privacy and threat prevention solutions along with a world-class team of threat researchers protect millions of individuals and thousands of businesses across the globe daily. Malwarebytes solutions are consistently recognized by independent tests including MITRE Engenuity, MRG Effitas, AVLAB and AV-TEST (consumer and business). Customers award Malwarebytes for being the most implementable and most usable endpoint protection product with the best results on G2 and Gartner Peer Insights. The company is headquartered in Californiawith offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.

Malwarebytes ChatGPT Survey Reveals 81% are Concerned by Generative AI Security Risks

Half-day virtual Authenticate Summit to educate on how passkeys can fit into a variety of enterprise environments.

**MOUNTAIN VIEW, Calif.****,** **June 27, 2023** **/PRNewswire/ --** Passkeys are a game changer for signing in to online services and apps, providing phishing-resistant security and easy user experience far superior to passwords and other phishable forms of authentication. Enterprises globally are interested in passkeys but may be wondering: how do I start? And "what type of passkey is right for my environment?"

The FIDO Alliance addresses these questions in a new series of papers providing considerations for leveraging passkeys across different enterprise use cases. The series was developed by the FIDO Alliance's Enterprise Deployment Working Group (EDWG) and can be found at https://fidoalliance.org/fido-in-the-enterprise/. 

The papers in the series are:

*   FIDO Deploying Passkeys in the Enterprise – Introduction
*   Replacing Password-Only Authentication with Passkeys in the Enterprise
*   FIDO Authentication for Moderate Assurance Use Cases
*   High Assurance Enterprise FIDO Authentication

A fifth paper in the series, "Displacing Password + SMS OTP Authentication with Passkeys," is expected to publish later this summer.

"Passkeys are a new concept to many enterprise organizations, in terms of both terminology and FIDO authentication capabilities," said Andrew Shikiar, executive director and CMO of the FIDO Alliance. "These papers demystify synced and device-bound passkeys and provide the decision points for how to leverage them across a variety of use cases, whether they are using passwords alone, legacy MFA or FIDO-based solutions today. These papers provide a great foundation for anyone looking to understand how passkeys can increase their organization's security posture, meet legal and regulatory requirements and decrease support and other costs associated with authentication."

**Get an Overview Live at Authenticate Virtual Summit: Considerations for Passkeys in the Enterprise**

Those interested in this topic are encouraged to join the FIDO Alliance and members of its Enterprise Deployment Working Group on June 29, 2023 at 9:00 am PT / 12:00 pm ET for the free Authenticate Virtual Summit: Considerations for Passkeys in the Enterprise to learn how passkeys can fit into a variety of enterprise environments.

Sessions will cover introductory material, considerations across various use cases, and criteria to evaluate how synced passkeys and device-bound passkeys can meet varying legal, regulatory, and security requirements across enterprise environments.

Learn more and register for the free virtual summit at https://authenticatecon.com/event/passkeys-in-the-enterprise/.

**About the Enterprise Deployment Working Group (EDWG)**

The FIDO Alliance's Enterprise Deployment Working Group (EDWG) aims to accelerate enterprise deployments of FIDO solutions and advance the FIDO Alliance's vision for a strong, interoperable modern authentication ecosystem. The EDWG acts as a group of subject matter experts and internal advisors within the FIDO Alliance on issues affecting the deployment of FIDO solutions at the enterprise level. FIDO Alliance members interested in joining the EDWG can contact \[email protected\] for information on how to participate.

**About the FIDO Alliance**

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with 

standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise

Saudi Arabia is one of the world's leaders in cybersecurity development and preparedness, according to the latest rankings.

The Kingdom of Saudi Arabia has secured second place in the Global Cybersecurity Index in the World Competitiveness Yearbook for 2023.

According to the International Institute for Management Development, the development of a National Cybersecurity Authority (NCA) and the planned development of a Global Cybersecurity Forum institute in the country have both affirmed Saudi Arabia's role in the field of cybersecurity.

The Kingdom also ranked 17th overall in 2023 — jumping by seven places from 2022 — in the competitiveness ranking, the Saudi Press Agency reported.

The International Telecommunications Union (ITU) has also designated Saudi Arabia as a global leader in cybersecurity, ranking Saudi Arabia also second on its Global Cyber Security Index.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Saudi Arabia's Cyber Capabilities Ranked Second Globally

Developers' enthusiasm for ChatGPT and other LLM tools leaves most organizations largely unprepared to defend against the vulnerabilities that the nascent technology creates.

Organizations' rush to embrace generative AI may be ignoring the significant security threats that large language model (LLM)-based technologies like ChatGPT pose, particularly in the open source development space and across the software supply chain, new research has found.

A report by Rezilion released June 28 explored the current attitude of the open source landscape to LLMs, particularly in their popularity, maturity, and security posture. What researchers found is that despite the rapid adoption of this technology among the open source community (with a whopping 30,000 GPT-related projects on GitHub alone), the initial projects being developed are, overall, insecure — resulting in an increased threat with substantial security risk for organizations.

This risk only stands to increase in the short-term as generative AI continues its rapid adoption throughout the industry, demanding an immediate response to improve security standards and practices in the development and maintenance of the technology, says Yotam Perkal, director of vulnerability research at Rezilion.

"Without significant improvements in the security standards and practices surrounding LLMs, the likelihood of targeted attacks and the discovery of vulnerabilities in these systems will increase," he tells Dark Reading.

As part of its research, the team investigated the security of 50 of the most popular GPT and LLM-based open source projects on GitHub, ranging in length of development time from two to six months. What they found is that while they were all extremely popular with developers, their relative immaturity was paired with a generally low security rating.

If developers rely on these projects to develop new generative-AI-based technology for the enterprise, then they could be creating even more potential vulnerabilities against which organizations are not prepared to defend, Perkal says.

"As these systems gain popularity and adoption, it is inevitable that they will become attractive targets for attackers, leading to the emergence of significant vulnerabilities," he says.

**Key Areas of Risk**

The researchers identified four key areas of generative AI security risk that the adoption of generative AI in the open source community presents, with some overlap between the groups:

*   Trust boundary risk; 
*   Data management risk; 
*   Inherent model risk; 
*   And basic security best practices.

_**Trust boundaries**_ in open source development help organizations establish zones of trust in which they can have confidence in the security and reliability of an application's components and data. However, as users enable LLMs to use external resources such as databases, search interfaces, or external computing tools — thus greatly enhancing their functionalities — the inherent unpredictability of LLM completion outputs can be exploited by malicious actors.

"Failure to address this concern adequately can significantly elevate the risks associated with these models," the researchers wrote.

_**Data-management risks**_ such as data leakage and training-data poisoning also expose enterprises to risk if not addressed by developers when working not just with generative AI, but any machine-learning (ML) system, the researchers said. Not only can LLM unintentionally leak sensitive information, proprietary algorithms, or other confidential data in its responses, threat actors also deliberately can poison an LLM's training data to introduce vulnerabilities, backdoors, or biases that can undermine the security, effectiveness, or ethical behavior of the model, the researchers warned.

_**Inherent underlying model risks**_ meanwhile account for two of the top LLM security problems: inadequate AI alignment and overreliance on LLM-generated content. "In fact, OpenAI, the creator of ChatGPT, warns its users about these risks in the main ChatGPT interface," the researchers noted in the report.

These risks refer to the phenomenon of generative AI like ChatGPT returning false or fabricated data sources or recommendations, commonly called "hallucinations," which researchers from Vulcan Cyber's Voyager18 already have warned could open up organizations to supply-chain attacks. This can occur when a developer asks ChatGPT or another generative AI solution from recommendations for code packages that don't exist, both Vulcan and Rezilion researchers noted. An attacker can identify this and publish a malicious package as a substitute, which developers will then use and write directly into an application.

Other users, unaware of the malicious intent, can then pose similar questions to ChatGPT, and the risk spreads from there across the supply chain because the AI model is unaware of the code manipulation, they noted. "Consequently, unsuspecting users may unknowingly adopt the recommended package, putting their systems and data at risk," the researchers wrote.

And finally, general security best-practice risk stems from open source adoption of generative AI, in the areas of improper error handling or insufficient access controls (which are not unique to LLMs or ML models). An attacker can exploit the information in the LLM error messages to gather sensitive information or system details, which they can then use to launch a targeted attack or exploit known vulnerabilities, the researchers said. And insufficient access controls also could allow users with limited permissions to perform actions beyond their intended scope, potentially compromising the system.

**How Organizations Can Prepare, Mitigate Risk**

Rezilion researchers presented specific ways that organizations can mitigate each of these risks, as well as overall advice for how they can prepare as the open source community continues to embrace these models for next-generation software development.

The first step to this preparation is an awareness that integrating generative AI and LLMs comes with unique challenges and security concerns that may be different than anything organizations have encountered before, Perkal says. Moreover, the responsibility for preparing and mitigating LLM risks lies not only with organizations integrating the technology but also the developers involved in building and maintaining these systems, he notes.

As such, organizations should adopt what Perkal calls a "secure-by-design" approach when implementing generative AI-based systems, he says. That entails leveraging existing frameworks like the Secure AI Framework (SAIF), NeMo Guardrails, or MITRE ATLAS to incorporate security measures directly into their AI systems, Perkal says.

It's also "imperative" that organizations monitor and log LLM interactions and regularly audit and review the AI system's responses to detect potential security and privacy issues, and then to update and tweak the LLM accordingly, he concludes.

Generative AI Projects Pose Major Cybersecurity Risk to Enterprises

With the National Cybersecurity Strategy planning to add real teeth into enforcement actions, software vendors have extra incentive to reduce applications' security debt.

We're in the midst of a transformational shift in software security. Companies will soon bear responsibility for insecure software and can no longer play the victim card.

Recently, President Biden's administration released its long-awaited National Cybersecurity Strategy, created with the hope to "secure the full benefits of a safe and secure digital ecosystem." As expected, it focuses to a large extent on software security and who should be liable for its vulnerabilities. Stating that "markets impose inadequate costs on — and often reward — entities that introduce vulnerable products or services," the strategy calls for making organizations more liable for shipping insecure software.

Putting aside the debate about regulation versus market forces, it's hard to argue with the strategy's implicit assertion that insecure software code is endemic. As security professionals, it's our job to examine why insecure software is so prevalent and understand how to address it. Furthermore, with this plan, software security would no longer be a nice-to-have: Companies will be liable for the security of their products. Therefore, now is the time to bring rigor to software security.

**The Root of Vulnerabilities**

Insecure software often starts at the beginning, where flaws are introduced. But before diving in, it's important to be clear about the terminology.

A "flaw" is an implementation defect introduced when code is written that can lead to a "vulnerability" — an exploitable condition within software code that opens the door to an attack. Flaws accumulate over time resulting in "security debt" — the flaws you don't fix over the lifetime of an application. Security debt has been an important driver in the rise of DevSecOps, which integrates security throughout the software development life cycle.

Veracode's most recent "State of Software Security" research report took a fine-grained look at the factors contributing to flaw introduction, using data drawn from static analysis of more than 750,000 applications.

It found that no matter the size, applications grow steadily at about 40% a year through the first five years. But the rate of new flaw introduction follows a different pattern. When a new application is onboarded, the number of flaws undergoes a precipitous drop, most likely as an initial scan discovers accumulated flaws. The app then enters the "honeymoon phase" through the first year and a half, during which nearly 80% of applications introduce no new flaws. When the honeymoon ends, however, the introduction of flaws grows steadily until plateauing around year five.

The most common flaws discovered vary widely depending on the type of scan conducted, as static, dynamic, and software composition analyses involve different techniques and can detect different issues. There was some overlap among the top flaws found — information leakage showed up in all three — but there were enough differences to underscore the importance of using multiple scan types.

Scan frequency also has an impact. We found a marked reduction in both the probability of new flaws and the actual number of them when scans were performed the previous month. Using application programming interfaces (APIs) to automate the scanning process was also beneficial in reducing the probability and number of flaws.

**Stepping Toward More Secure Applications**

Preventing all flaws from being introduced in the first place would be ideal, but it's just not practical. Our research uncovered three recommendations for making applications more secure.

Our first piece of guidance is to remediate security flaws as early and quickly as possible. By the time an application is two years old, we see applications increasingly accumulating flaws. It's clear that something happens to the application or to the groups developing them. Whether increasing application complexity from years of steady growth or diminishing focus on production applications over time, this familiar pattern of an upwards slant, shown in our research, is clear.

Our next piece of guidance is to prioritize automation and developer training. Awareness of the most common flaws and how they are introduced makes a notable difference in reducing their numbers. We saw this in results from organizations whose developers had completed 10 hands-on security training courses. Our research found that completion of 10 training courses correlates to a 12% reduction in the number of flaws introduced.

Lastly, companies need to establish application life-cycle management. Establishing who owns an application will help keep it secure, but don't try to make a comprehensive list upfront, because you'll never finish it. It would be better to start with the necessary information for a few applications and build the list iteratively from there.

Maintaining an application isn't just a matter of deciding whether it's needed, but also how long it should be in production. This is important given the growth of flaws that occur over time and the amount of attention that will be paid to it in later years.

**Rigor Is a Requirement**

In today's security climate, software security is paramount. With the National Cybersecurity Strategy planning to add real teeth into enforcement actions, software vendors have extra incentive to reduce the security debt of their applications.

Understanding how flaws are created and how best to remediate them can help ensure both the security and viability of software products.

Rigor in software security means being thorough at every stage of the modern software development life cycle as the shift of responsibility turns to you.

Source

DARKReading