Acquisition strengthens Deepwatch Platform capabilities with actionable insights and risk-based prioritization.

Source: Gajus via Adobe Stock Photo

NEWS BRIEF

Deepwatch, an artificial intelligence (AI) and human cyber-resilience platform provider, has announced its acquisition of security intelligence solutions startup Dassana. Deepwatch plans to integrate Dassana's AI-powered risk and threat exposure management technology, CISO Copilot, into its Deepwatch Platform.

The integration will also allow CISOs and security leaders to get real-time insights into their security posture, said Deepwatch CEO John DiLullo in a statement. The acquisition will give Deepwatch's internal SOC operations and customers better tools around automation, compliance reporting, and proactive security management.

Dassana's products integrate with existing security infrastructure and aggregate and normalize data from various security tools to provide a unified view of an organization's security environments. Organizations gain real-time visibility into their security posture and can apply the actionable insights to expedite remediation efforts and enhance the effectiveness of security controls. CISO Copilot automates evidence collection for compliance, allocates resources based on business impact, and accesses real-time board-level metrics, allowing CISOs to make data-driven decisions.

"By joining forces with Dassana, our mission to democratize and make our AI capabilities available to companies of all sizes has taken a giant leap forward," DiLullo said. "We believe cyber-resilience should be available to all and that everyone deserves to conduct their businesses free from the scourge of cyber attacks."

Financial details of the deal were not disclosed.

**About the Author**

Deepwatch Acquires Dassana to Boost Cyber-Resilience With AI

Attackers are using patched bugs to potentially gain unfettered access to an organization's Windows environment under certain conditions.

Soure: T. Schneider via Shutterstock

A popular small to midrange Xerox business printer contains two now-patched vulnerabilities in its firmware that allow attackers an opportunity to gain full access to an organization's Windows environment.

The vulnerabilities affect firmware version 57.69.91 and earlier in Xerox VersaLink C7025 multifunction printers (MFPs). Both flaws enable what are known as pass-back attacks, a class of attacks that essentially allow a bad actor to capture user credentials by manipulating the MFPs' configuration.

**Complete Access to Windows Environments**

In certain situations, a malicious actor who successfully exploits the Xerox printer vulnerabilities would be able to capture credentials for Windows Active Directory, according to researchers at Rapid7 who discovered the flaws. "This means they could then move laterally within an organization's environment and compromise other critical Windows servers and file systems," Deral Heiland, principal security researcher, IoT, for Rapid7 wrote in a recent blog post.

Xerox describes VersaLink C7025 as a multifunction printer featuring ConnectKey, a Xerox technology that allows customers to interact with the printers over the cloud and via mobile devices. Among other things, the technology includes security features that, according to Xerox, help prevent attacks, detect potentially malicious changes to the printer, and protect against unauthorized transmission of critical data. Xerox has positioned its VersaLink family of printers as ideal for small and medium-sized workgroups that print around 7,000 pages per month.

The two vulnerabilities that Rapid7 discovered in the printer, and which Xerox has since fixed, are CVE-2024-12510 (CVSS score: 6.7), an LDAP pass-back vulnerability; and CVE-2024-12511 (CVSS score: 7.6) an SMB/FTP pass-back vulnerability.

The vulnerabilities, according to Rapid7, allow an attacker to change the MFP's configuration so as to cause the printer to send a user's authentication credentials to an attacker-controlled system. The attack would work if a vulnerable Xerox VersaLink C7025 printer is configured for LDAP and/or SMB services.

In such a situation, CVE-2024-12510 would allow an attacker to access the MFP's LDAP configuration page and change the LDAP server IP address in the printer's settings to point to their own malicious LDAP server. When the printer next tries to authenticate users by checking the LDAP User Mappings page, it connects to the attacker's fake LDAP server instead of the legitimate corporate LDAP server. This paves the way for the attacker to capture clear text LDAP service credentials, Heiland wrote.

CVE-2024-12511 allows similar credential capture when the SMB or FTP scan function is enabled on a vulnerable Xerox VersaLink C7025 printer. An attacker with admin-level access can modify the SMB or FTP server's IP address to their own malicious IP and capture SMM or FTP authentication credentials.

All it takes for an attacker to discover a vulnerable printer is to connect to an affected Xerox MFP device through a Web browser, validate that the default password is still enabled, and ensure that the device is configured for LDAP and/or SMB services, Heiland tells Dark Reading. "Also, it is often possible to query an MFP via SNMP and identify if LDAP services are enabled and configured."

The risk for organizations is that if a malicious actor were to gain any level of access to a business network, they could use the pass-back attack to easily harvest Active Directory credentials without being detected, he says. That would then allow them to pivot to more critical Windows systems within a compromised environment. "Sadly," he adds, "it's also not uncommon to find LDAP settings on MFP devices that contain Domain Admin credentials," which potentially could give a bad actor complete control of an organization's Windows environment.

"Since LDAP and SMB settings on MFP devices typically contain Windows Active Directory credentials, a successful attack would give a malicious actor access to Windows file services, domain information, email accounts, and database systems," Heiland says. "If a Domain Admin account or account with elevated privileges was used for LDAP or SMB, then an attacker would have unfettered access to potentially everything within the organization's Windows environment."

**An Ideal Scenario for Threat Actors**

Jim Routh, chief trust officer at Saviynt, says an attacker would need relatively sophisticated technical skills to exploit these kinds of vulnerabilities. But for those who can, the LDAP vulnerability enables access to Windows Active Directory where all administrator profiles and credentials reside. "It's the ideal scenario for the threat actor," he notes. Every device connected to the Internet has configuration options that offer … an attack surface for the cybercriminal."

Xerox has released a patched version of the affected Xerox VersaLink MFP firmware, allowing customer organizations to update and fix the issues. Organizations that cannot immediately patch should set a "complex password for the admin account and also avoid using Windows authentication accounts that have elevated privileges, such as a Domain Admin account for LDAP or scan-to-file SMB services," according to the Rapid7 blog post. "Also, organizations should avoid enabling the remote-control console for unauthenticated users."

Printer vulnerabilities are a growing problem for many organizations because of the rise in remote and hybrid work models. A 2024 study by Quocirca found 67% of organizations had experienced a security incident tied to a printer vulnerability, up from 61% the prior year. Despite the trend, many organizations continue to underestimate printer-related threats, making it a soft spot for attackers to target.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Xerox Printer Vulnerabilities Enable Credential Capture

Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.

Source: KB Photodesign via Shutterstock

NEWS BRIEF

Winnti, a China-affiliated threat actor, has been linked to a new cyber campaign called RevivalStone, which has been observed targeting Japanese companies within the manufacturing, materials, and energy sectors.

Winnti has been active since at least 2012, but only started targeting Asian manufacturing and materials organizations within the past few years. 

The group's activity, according to researchers at LAC, notably overlaps with a group known as Earth Freybug, a subset of APT41, a well-known cyber espionage group.

In targeting organizations in the Asia-Pacific region, Winnti is exploiting vulnerabilities found in applications like IBM Lotus Domino to deploy malicious malware, including DEATHLOTUS, UNAPIMON, PRIVATELOG, CUNNINGPIGEON, WINDJAMMER, and SHADOWGAZE.

LAC researchers have also observed Winnti exploiting an SQL injection vulnerability in an enterprise resource planning system to drop Web shells on an infected server. Once gaining access, the threat actor collects credentials, performs reconnaissance, and delivers the Winnti malware.

This malware is an improved version, capable of expanding further to breach a managed service provider.

According to a statement by the LAC researchers, "The new Winnti malware has been implemented with features such as obfuscation, updated encryption algorithms, and evasion by security products, and it is likely that this attacker group will continue to update the functions of the Winnti malware and use it in attacks."

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

China-Linked Threat Group Targets Japanese Orgs' Servers

PRESS RELEASE

BOSTON, Feb. 13, 2025 (GLOBE NEWSWIRE) -- Thrive, a global technology outsourcing provider for cybersecurity, Cloud, and IT managed services, today announced the acquisition of Secured Network Services (SNS), a leading New Hampshire-based IT provider for organizations across industries, including healthcare, non-profit, and municipal government. The acquisition will enable Thrive to enter the New Hampshire market to deepen its presence in New England, bringing its industry-leading global Security Operation Center (SOC) & Hybrid Cloud solutions to SNS’ customers.

Cyber regulations are continuing to get more complex across industries – for example, the Health Insurance Portability and Accountability Act (HIPAA) is facing several proposed changes to its Privacy and Security rules in 2025. With the acquisition of SNS, Thrive will deepen its vertical industry knowledge, ensuring healthcare, non-profit, and government customers are backed with the latest industry insights to navigate these challenging landscapes. Together, Thrive and SNS will enable customers in New Hampshire and beyond to have access to industry-leading resources and Thrive’s global high-touch 24x7x365 service mandate.

“SNS’ similar philosophy of providing the highest caliber of technical expertise and unwavering dedication to customers greatly resonated with us,” said Bill McLaughlin, CEO of Thrive. “Coupled with their deep vertical knowledge, SNS will ensure we continue delivering the best technology solutions to businesses across industries.”

This acquisition builds upon Thrive’s tremendous growth, having completed eleven previous acquisitions over the past two years, most recently acquiring Michigan-based Safety Net and North Carolina-based The Longleaf Network. Along with geographic expansion, Thrive also received a strategic investment from Berkshire Partners and Court Square Capital Partners to continue scaling the capabilities of the company.

“Our team is excited to accelerate our growth and enable our customers to have access to Thrive’s NextGen solutions,” Kevin M. Low, Founder & CEO at SNS. “Our mission of helping businesses get the most from their technology aligns seamlessly with Thrive’s dedication to delivering outsized ROI and the best technology outcomes for each customer. We look forward to advancing our capabilities to better help our customers navigate the complex IT landscape with Thrive’s partnership.”

To learn more about Thrive and its offerings, visit the website.  

About Thrive    
Thrive delivers global technology outsourcing for cybersecurity, Cloud, networking, and other complex IT requirements. Thrive’s NextGen platform enables customers to increase business efficiencies through standardization, scalability, and automation, delivering oversized technology returns on investment (ROI). They accomplish this with advisory services, vCISO, vCIO, consulting, project implementation, solution architects, and a best-in-class subscription-based technology platform. Thrive delivers exceptional high-touch service through its POD approach of subject matter experts and global 24x7x365 SOC, NOC, and centralized services teams. Learn more at www.thrivenextgen.com or follow us on LinkedIn.

Thrive Acquires Secured Network Services

PRESS RELEASE

As AI adoption accelerates, organizations lack the tools to secure these rapidly evolving technologies. While AI's potential in cybersecurity is vast, there is currently a significant gap between innovation and implementation. Many existing security solutions are either proprietary, insufficient, or simply inaccessible. 

SANS Institute, the global leader in cybersecurity training and research, is launching the AI Cybersecurity Hackathon, a month-long event designed to address the urgent need for the development of these tools. The hackathon aims to inspire participants to develop expertise in AI security, identify and support cybersecurity talent, and drive progress in AI security research through open-source contributions. Running from February 15 to March 15, 2025, this hackathon provides an opportunity for cybersecurity professionals, ethical hackers, developers, and students to cultivate the critical skills and develop the open-source tools needed to address emerging AI security challenges.

"AI is transforming cybersecurity at an unprecedented rate, but organizations are struggling to find professionals with the right expertise to secure these evolving technologies," emphasized Rob Lee, Chief of Research at SANS Institute. "Through this hackathon, SANS hopes to not only contribute vital open-source tools but also encourage individuals to pursue and refine the AI security skills the industry desperately needs." 

SANS has a long history of empowering the cybersecurity community, not just through training but by developing and distributing open-source security tools. From Rob Lee's SIFT Workstation, to Ed Skoudis' Holiday Hack Challenge, to Johannes Ullrich's Internet Storm Center (ISC), SANS has repeatedly delivered solutions that security professionals can use immediately.

The AI Cybersecurity Hackathon continues this tradition, offering participants a chance to build and contribute critical tools that will shape the future of AI security. Participants will have the opportunity to develop AI-driven security solutions that address emerging threats, enhance system security, and improve data protection. The hackathon welcomes both experienced professionals and newcomers who want to explore the intersection of AI and cybersecurity.

Kate Marshall, Director of Summits at SANS Institute, underscored the hackathon's significance. "We don't just want to talk about AI security, we want to build the tools that solve these challenges. Even if this event results in just one essential tool, that's a win for the entire cybersecurity community. We hope this inspires long-term innovation and a new generation of AI security experts."

**How to Participate **

2.  Collaborate or Go Solo: Participants can join teams or work independently. 
    
3.  Develop & Submit: Build an AI-powered security solution and submit it by March 15, 2025. 
    

SANS will select high-quality submissions that can be further highlighted, promoted, and published as open-source tools for future security initiatives. 

To learn more and sign up, visit SANS AI Cybersecurity Hackathon. Don't miss this opportunity to develop valuable AI security skills, contribute to cutting-edge cybersecurity solutions, and connect with a global community of innovators.

SANS Institute Launches AI Cybersecurity Hackathon

Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.

Source: Africa Studio via Alamy Stock Photo

Attackers are wielding a new variant of one of the biggest threats to the macOS platform, malware called XCSSET, Microsoft is warning. The fresh version has so far been seen in a handful of attacks targeting Apple developers, but its reach could grow much longer in the coming weeks.

XCSSET can read and dump data from Safari browsers; inject JavaScript backdoors into websites; steal information from the victim's Skype, Telegram, WeChat, Notes, and other apps; take screenshots; encrypt files; and exfiltrate data to attacker-controlled systems. The new variant — which features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies — is the first known update to the malware since 2022, Microsoft Threat Intelligence revealed in a post on X this week.

"These enhanced features add to this malware family's previously known capabilities, like targeting digital wallets, collecting data from the Notes app, and exfiltrating system information and files," according to the post.

Researchers at Trend Micro first discovered XCSSET in 2020 when investigating a security incident related to Xcode developer projects; the malware in the past has targeted software developers by exploiting vulnerabilities and then infecting their projects, using this as a means to spread. If one of the infected projects is downloaded and built by another developer, XCSSET also infects their projects, which could in turn be downloaded by others. This gives the malware wormable capability, and the potential for a broader supply chain attack.

**Significant Enhancements to macOS Malware**

The variant appears to be a significant update to the modular malware, with various new features that make it easier for attackers to spread XCSSET and also obscure their malicious activities.

Enhanced obfuscation methods present in XCSSET use "a significantly more randomized approach for generating payloads to infect Xcode projects," randomizing both its encoding technique and a number of encoding iterations, according to Microsoft.

And while older XCSSET variants only used xxd (hexdump) for encoding, the latest one also incorporates Base64 and obfuscates module names. This makes it more challenging to determine the intent of the malware's modules, Microsoft said.

Its operators also have outfitted the variant with two distinct new persistence mechanisms: the "zshrc" method and the "dock" method. In the former method, the malware creates a file named ~/.zshrc\_aliases that contains the payload, according to Microsoft. "It then appends a command in the ~/.zshrc file to ensure that the created file is launched every time a new shell session is initiated, guaranteeing the malware's persistence across shell sessions," according to the post.

The dock method involves downloading a signed dockutil tool from a command-and-control (C2) server to manage the dock items, and then creating a fake Launchpad application, replacing the legitimate Launchpad's path entry in the dock with this fake one.

"This ensures that every time the Launchpad is started from the dock, both the legitimate Launchpad and the malicious payload are executed," according to Microsoft.

The variant also employs new infection methods that determine where the payload is placed in Xcode projects. The method is chosen from one of the following options: TARGET, RULE, or FORCED\_STRATEGY, while an additional method involves placing the payload inside the TARGET\_DEVICE\_FAMILY key under build settings and running it at a later phase.

**Advice for macOS Cyber Defenders**

Though traditionally not a target for threat actors, the macOS platform has become increasingly more at risk to malware and other security threats in recent years, mainly due to Apple's growing market share in a shrinking PC market.

To avoid downloading Xcode projects infected with XCSSET, Microsoft recommends that developers and users "always inspect and verify any Xcode projects downloaded or cloned from repositories" that potentially will spread the malware.

"They should also only install apps from trusted sources, such as a software platform’s official app store," according to Microsoft.

Users of Microsoft Defender for Endpoint on Mac should be protected against XCSSET, including its new variant, the company added, because it can detect all currently known versions of the malware.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild

PRESS RELEASE

AUSTIN, Texas, Feb. 13, 2025 /PRNewswire/ -- enQase, a groundbreaking quantum-safe security solution, launches today to safeguard the most sensitive information against the threat of quantum attacks. This innovative solution addresses the urgent calls from leading business technology analyst, cybersecurity experts, and governments worldwide who are stressing the importance to fortify digital defenses against quantum computing threats.

The urgency to act is because the stakes are high, as malicious hackers who acquire highly sensitive encrypted data today could decrypt soon with quantum computers – thus the term "harvest now, decrypt later".

Why enQase exists 

In August 2024, the National Institute of Standards and Technology (NIST) released its recommendations for PQC urging all sectors to urgently begin transitioning to higher levels of cryptographic protection.

Experts, including the World Economic Forum, recommend combining PQC with Quantum Random Number Generation (QRNG) to provide organizations with the strongest protection against future quantum computing threats. While PQC is anticipated to offer good data security, the integration of both technologies is considered the most comprehensive approach to safeguarding sensitive information in the post-quantum era.

Certain limitations that have prompted organizations and sectors to explore more comprehensive security solutions for their most highly sensitive information include:

*   Theoretical foundations: PQC standards are grounded on theoretical analyses and projections of quantum computer capabilities. The security of these algorithms relies on mathematical assumptions that may be challenged as quantum technology advances.
    
*   Deterministic Algorithms: PQC utilizes deterministic algorithms, which could potentially be vulnerable to unforeseen weaknesses or breakthroughs in quantum computing.
    
*   Reliance on PRNGs: PQC implementations often depend on Pseudo-Random Number Generators (PRNGs) for key generation and other random values. The security of these systems could be compromised if the PRNGs are found to be predictable or vulnerable to quantum attacks.
    

In comparison, enQase takes quantum-safe security beyond conventional standards by harnessing the power of quantum mechanics to fortify and 'enQase' NIST's PQC standards. This innovative approach provides organizations with unparalleled assurance that their information will remain secure today, against "Harvest now, Decrypt later" attacks, and well into the future.

How enQase ensures future-proof security

In an era where traditional encryption methods are increasingly vulnerable, enQase stands as a beacon of innovation. Our quantum-enhanced security platform doesn't just meet today's standards—it defines tomorrow's.

The comprehensive platform leverages PQC, Quantum Random Number Generator (QRNG), digital Quantum Key Distribution (dQKD), and Quantum Key Distribution (QKD). At the forefront of innovation, enQase offers an industry-first hybrid key distribution system that uniquely combines both QKD and dQKD technologies.

enQase offers unparalleled deployment flexibility, with options ranging from Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), perpetual licensing and on-premises hardware solutions. The platform seamlessly integrates with existing infrastructure while ensuring full-stack interoperability and scalability to meet evolving security needs.

"enQase counters this threat with a robust data security solution that leverages quantum mechanics to enhance NIST Post-Quantum Cryptography (PQC) protection. The platform offers unique deployment flexibility and scalability demanded by Global 500 companies and government organizations to protect their entire information lifecycle."  
     -Mike Kramer, co-founder and CEO of enQase.

enQase solutions are fully compliant with NIST and ETSI guidelines, positioning clients at the forefront of secure networks. enQase simplifies quantum security management through an intuitive central console, reducing the need for specialized expertise while delivering practical, business-centric solutions.

As global quantum security pioneers with 15 patents, enQase continuously innovates and develops next-generation solutions, including advanced QKD implementations for terrestrial and space-based networks.

About enQase

enQase offers security beyond PQC; the only comprehensive, flexible, scalable solution that utilizes enhanced quantum technologies to protect data against current and future quantum threats without compromising operational performance.

The company's technology addresses critical shortcomings in existing cybersecurity measures, particularly in the face of emerging quantum computing threats. By offering a truly future-proof solution, enQase enables businesses to stay ahead of sophisticated quantum and AI-driven hacking attempts.

enQase offers versatile solutions spanning various deployment options, including SaaS, Cloud, PaaS, on-premises, and hardware-based implementations. Recognizing that every organization safeguards sensitive data —and for certain industries the stakes are far higher— enQase ensures that critical sectors such as finance, healthcare, government, critical infrastructure, and defense, are equipped to shield their most sensitive information with unwavering vigilance.

For more information about how enQase can secure an organization's future, visit www.enqase.com.

Introducing enQase for Quantum-Safe Security

Credible Security's founders bring their varied experiences to help growing companies turn trust into a strategic advantage.

Source: Ronstik via Alamy Stock Photo

Teaching students or learning the classics may not be the typical career path for cybersecurity professionals, but the founders of independent security consultancy Credible Security believe a diversity of backgrounds can be a superpower.

"Working together has taught us that the thing that makes the difference between an acceptable and a great approach to security within any organization is not technical knowledge or skill sets or backgrounds," says co-founder Josh Yavor. Qualifications are a given, but more importantly, a security team needs leadership "empowered in the right ways with empathy and effective communication and a bias toward building relationships that are based on trust."

Yavor, along with Kim Burton and Jessica Walters, launched Credible Security at the start of 2025. The company works with business-to-business companies that offer cloud services and software-as-a-service, with a specific focus on underserved teams within organizations. That includes go-to-market teams that have public-facing functions and early-stage companies that are finding their security footing while still forming a growth strategy.

**Diversity Leads to Stronger Security Mindset**

The founding partners — "We haven't really fought over those titles yet," Yavor jokes — had worked together before at Tessian, Cisco, and Duo Security. When Proofpoint acquired Tessian in 2023, Yavor was CISO, Burton was head of trust and compliance, and Waters was senior security manager. They each had extensive security experience but had taken different paths to get there.

Prior to holding security leadership roles at Cisco Secure, Duo Security, and Facebook, Yavor was a school teacher and owned an IT consulting business. Burton studied literature and classical languages in graduate school. Walters was chief of staff of Cisco's Security Business Group team. All three say their experiences at Duo Security demonstrated the value of bringing together practitioners from different backgrounds. They stayed at Duo through its Cisco acquisition in 2018 and landed in the same team at Cisco. When Yavor joined Tessian in 2021, Burton and Walters "came over to continue the journey."

The team members' varied backgrounds "make it so that when you encounter something that you haven't seen before, everyone is able to actually relate to something that they have, in fact, experienced," Burton says. "When you have a team of people who've come from the same programs, the same location, the same ideas all the time, you actually end up with groupthink. We do not have that problem."

**Developing Strategy With a Trusted Partner**

Having different perspectives is particularly important when helping customers develop and execute their cloud strategies, according to the trio. Cloud services touch every aspect of people's lives, so B2B enterprises need to prioritize building trust with end users as part of their strategy. In the past 10 to 15 years, enterprises have made strides in thinking about risk and how to manage it, but they haven't mastered the strategy in all areas, Yavor says.

The missing part that Credible Security targets "is having consistent strategy and outcomes in evaluating and delivering trust on both sides of the equation \[end users and service providers\]," Yavor says. Trust is critical at every juncture of that pipeline; with some proactive security thinking and investment, businesses can boost results.

"We are helping our clients simplify their strategies and align them to their actual business objectives so that they have a much easier and more efficient approach to developing not just minimum viable security for whatever their product is, but actually using it as a competitive advantage as they try to earn their customers' trust and then maintain it through a long-term relationship," Yavor says.

When managing risk, many companies still conflate trust with compliance, "where you're doing checkbox exercises because you have to show up to an auditor and tell them about it. But that's a backward way of thinking about it," Burton says. Compliance is only a way to verify trustworthiness, and trust develops as consultants show that they are working with the same values and goals in mind.

"It's saying: 'Hey, how can you actually design your product and your process so that the customers that you are finding actually understand this deep-felt sense that they know you will do the best by them?'"

**'Layered Experiences'**

Another advantage Credible Security offers is the ability to tap the team's experience as both buyers of security products and on the developer side of the process.

"All three of us have these layered experiences of both things we've done or built, but then also seeing teams and brands that really showed up in a way that we would want family members to experience," Walters says. The variety of positions they have held — CISO, head of compliance, chief of staff — also give them internal perspective, Yavor adds.

"That's actually one of the most exciting differentiators about our company, that all three of us, we haven't just been in the industry, we have been in the roles that we are seeking to help," he says. "We've actually done the work."

**About the Author**

Contributing Writer, Dark Reading

Mercedes Cardona is a New York-based business journalist. She is the former editor of The Economist Group’s “Marketing Unbound” blog and WP Engine’s “Velocitize.” She also has served as the Assistant Business Editor for features at the Associated Press and Financial Editor at Advertising Age. She has contributed to books including The Advertising Age Encyclopedia of Advertising and Single Women and Money.

This Security Firm's 'Bias' Is Also Its Superpower

Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities.

Source: Zoonar GmbH via Alamy Stock Photo

Attackers are finding more and more ways to post malicious projects to Hugging Face and other repositories for open source artificial intelligence (AI) models, while dodging the sites' security checks. The escalating problem underscores the need for companies pursuing internal AI projects to have robust mechanisms to detect security flaws and malicious code within their supply chains.

Hugging Face's automated checks, for example, recently failed to detect malicious code in two AI models hosted on the repository, according to a Feb. 3 analysis published by software supply chain security firm ReversingLabs. The threat actor used a common vector — data files using the Pickle format — with a new technique, dubbed "NullifAI," to evade detection.

While the attacks appeared to be proofs-of-concept, their success in being hosted with a "No issue" tag shows that companies should not rely on Hugging Face's and other repositories' safety checks for their own security, says Tomislav Pericin, chief software architect at ReversingLabs.

"You have this public repository where any developer or machine learning expert can host their own stuff, and obviously malicious actors abuse that," he says. "Depending on the ecosystem, the vector is going to be slightly different, but the idea is the same: Someone's going to host a malicious version of a thing and hope for you to inadvertently install it."

Related:This Security Firm's 'Bias' Is Also Its Superpower

Companies are quickly adopting AI, and the majority are also establishing internal projects using open source AI models from repositories — such as Hugging Face, TensorFlow Hub, and PyTorch Hub. Overall, 61% of companies are using models from the open source ecosystem to create their own AI tools, according to a Morning Consult survey of 2,400 IT decision-makers sponsored by IBM.

Yet many of the components can contain executable code, leading to a variety of security risks, such as code execution, backdoors, prompt injections, and alignment issues — the latter being how well an AI model matches the intent of the developers and users.

**In an Insecure Pickle**

One significant issue is that a commonly used data format, known as a Pickle file, is not secure and can be used to execute arbitrary code. Despite vocal warnings from security researchers, the Pickle format continues to be used by many data scientists, says Tom Bonner, vice president of research at HiddenLayer, an AI-focused detection and response firm.

"I really hoped that we'd make enough noise about it that Pickle would've gone by now, but it's not," he says. "I've seen organizations compromised through machine learning models — multiple \[organizations\] at this point. So yeah, whilst it's not an everyday occurrence such as ransomware or phishing campaigns, it does happen."

Related:How Banks Can Adapt to the Rising Threat of Financial Crime

While Hugging Face has explicit checks for Pickle files, the malicious code discovered by ReversingLabs sidestepped those checks by using a different file compression for the data. Other research by application security firm Checkmarx found multiple ways to bypass the scanners, such as PickleScan used by Hugging Face, to detect dangerous Pickle files.

Despite having malicious features, this model passes security checks on Hugging Face. Source: ReversingLabs

"PickleScan uses a blocklist which was successfully bypassed using both built-in Python dependencies," Dor Tumarkin, director of application security research at Checkmarx, stated in the analysis. "It is plainly vulnerable, but by using third-party dependencies such as Pandas to bypass it, even if it were to consider all cases baked into Python, it would still be vulnerable with very popular imports in its scope."

Rather than Pickle files, data science and AI teams should move to Safetensors — a library for a new data format managed by Hugging Face, EleutherAI, and Stability AI — which has been audited for security. The Safetensors format is considered much safer than the Pickle format.

Related:Warning: Tunnel of Love Leads to Scams

**Deep-Seated AI Vulnerabilities**

Executable data files are not the only threats, however. Licensing is another issue: While pretrained AI models are frequently called "open source AI," they generally do not provide all the information needed to reproduce the AI model, such as code and training data. Instead, they provide the weights generated by the training and are covered by licenses that are not always open source compatible.

Creating commercial products or services from such models can potentially result in violating the licenses, says Andrew Stiefel, a senior product manager at Endor Labs.

"There's a lot of complexity in the licenses for models," he says. "You have the actual model binary itself, the weights, the training data, all of those could have different licenses, and you need to understand what that means for your business."

Model alignment — how well its output aligns with the developers' and users' values — is the final wildcard. DeepSeek, for example, allows users to create malware and viruses, researchers found. Other models — such as OpenAI's o3-mini model, which boasts more stringent alignment — has already been jail broken by researchers.

These problems are unique to AI systems and the boundaries of how to test for such weaknesses remains a fertile field for researchers, says ReversingLabs' Pericin.

"There is already research about what kind of prompts would trigger the model to behave in an unpredictable way, divulge confidential information, or teach things that could be harmful," he says. "That's a whole other discipline of machine learning model safety that people are, in all honesty, mostly worried about today."

Companies should make sure to understand any licenses covering the AI models they are using. In addition, they should pay attention to common signals of software safety, including the source of the model, development activity around the model, its popularity, and the operational and security risks, Endor's Stiefel says.

"You kind of need to manage AI models like you would any other open source dependencies," Stiefel says. "They're built by people outside of your organization and you're bringing them in, and so that means you need to take that same holistic approach to looking at risks."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities

Banking fraud and financial crimes are growing more sophisticated every day. By understanding the threats and building strong collaborations, banks can protect themselves and their clients.

Source: Panther Media GmbH via Alamy Stock Photo

COMMENTARY

Banking executives have a lot to consider when it comes to financial crime. With new technologies at their disposal, fraudsters are becoming more sophisticated, underscoring the importance of staying vigilant in protecting against these emerging threats. In the near future, synthetic identity fraud and account takeovers will increasingly be leveraged to maximize gains, and AI and machine learning will rapidly adapt to a bank's detection methods. While most banks recognize the importance of fraud prevention, having a clear strategy and best practices is essential to mitigate the rising risks posed by these evolving technologies.

**Risk of Fraud and Financial Crimes Grows**

Last year, US fraud losses totaled a staggering $12.3 billion, and the emergence of new technologies will amplify financial crimes further. Research from Deloitte expects US fraud losses to grow to $40 billion by 2027, representing a compound annual growth rate (CAGR) of 32%. Generative AI is one reason why bank fraud is growing. At Grasshopper, we've seen fraudsters try to use generative AI (GenAI) to create fake business profiles and descriptions when applying for small business loans. To combat this, banks need to implement advanced AI-driven fraud monitoring and detection tools, enhance identity verification processes, and stay vigilant with continuous monitoring and staff training to recognize anomalies.

The rise of banking-as-a-service (BaaS) and embedded banking has also created more opportunities for bad actors to try to exploit gaps in fraud prevention. In this model, banks lose the direct connection with the end user, adding complexity to fraud prevention efforts. BaaS and embedded finance solutions offer significant advantages for modern banking, but they also present new challenges in fraud prevention. PYMNTS.com reports that bad actors are targeting application programming interfaces (APIs) — serving as the bridge between banks and their BaaS partners — are being viewed by bad actors as entry points. Earlier this year, attacks on APIs were up 20% year over year. Although the benefits of BaaS far outweigh the risks, fraud activity continues to accelerate. To stay protected, banks and their BaaS partners need a systemic approach to manage risk tolerance across the platform and protect themselves and their clients. 

**Implementing Best Practices for a Strong BaaS Partnership **

Banks and BaaS partners who collaborate closely to continuously improve their risk programs can navigate the evolving risks and rewards of AI. The most successful way to be effective and successful in preventing fraud is to have a shared understanding of the risk appetite and compliance program. Sometimes, this will mean the bank has to say no to a potential BaaS partnership, if the partner doesn't align with the bank's risk culture. This can be as simple as one partner shifting focus to a specific industry that the other is not as committed to serving. If one partner is choosing to pivot in a specific direction and the other is not, the partnership is no longer aligned. A shared understanding should be established at the onset of the relationship, but partners should also routinely check in to ensure they remain aligned, as risk appetite is always evolving alongside growth.

The partnership should also clearly identify roles and responsibilities to create clarity and transparency in the fraud prevention strategy. The professionals engaged in the relationship should know how responsibilities are allocated to create a solid foundation of the risk framework. From there, teams should share resources through joint training programs and guides for new regulation or threat activity. Ultimately, a robust program doesn't just identify gaps — it actively closes them. Through regular audits and swift, actionable responses, it ensures vulnerabilities are eliminated, keeping fraud prevention strong and resilient. By embracing these strategies, banks can confidently drive the innovation economy forward, unlocking the full potential of BaaS partnerships while safeguarding against financial crime.

**The Human Response Is Essential**

Technology is a critical component of a successful fraud prevention program, but it can't stand alone. The fact is, humans have an innate ability to detect when something doesn't feel right — robotic behavior, no matter how sophisticated, still raises red flags for human analysts. Outliers that slip past automated systems are often identified by skilled anti-fraud professionals who can spot the subtle signs that machines miss. 

Banking fraud and financial crimes are growing more sophisticated every day, and the banking industry continues to evolve by forging relationships with new partners. While these partnerships can introduce new fraud risks, banks don't have to be vulnerable. By understanding the threats, building strong collaborations, and investing in advanced detection tools, banks can stay one step ahead and protect themselves and their clients. 

**About the Author**

BSA Manager, Grasshopper Bank

Alena Robertson is a seasoned financial crime governance leader with more than a decade of experience in BSA/AML compliance and fraud prevention within financial institutions. As BSA manager at Grasshopper Bank, she spearheads the development and implementation of BSA procedures, ensuring regulatory compliance while mitigating financial crime risks. Alena has a strong track record of building high-performing teams, driving cross-functional collaboration, and forecasting emerging threats to enhance institutional resilience. Before joining Grasshopper, she held key compliance roles at Barclays, Station Casinos, MidFirst Bank, and Nevada State Bank, where she specialized in AML investigations, sanctions monitoring, and regulatory reporting. Recognized for her strategic approach to risk management, Alena continues to lead initiatives that strengthen governance frameworks and align compliance strategies with organizational objectives.

Source

DARKReading