Most investors aren't demanding cybersecurity preparedness from startups, but founders should still be worried about the risks.

Source: Illia Uriadnikov via Alamy Stock Photo

It was a tale of two startups.

"A company that I invested in — about, oh, five years ago — happened to be in the proptech \[property technology\] space," said David Rose, managing partner at Rose Tech Ventures, during a panel at Cybertech NYC last week. The property tech startup he was referring to helped people build their credit by paying their rent with credit cards. "So it was a really cool company, \[and\] it was going great. And then it turned out they had been hit by scammers, who were setting up fake buildings and fake credit cards, using them \[for fraud\]. And the entire company blew up because of that."

Another company from one of Rose's protégés had a similar idea and business model, but because the company had better security, it was able to grow. "So you see a company that had really interesting ideas, demonstrated a great potential, smart guys, but the company got killed because of cyber," Rose noted.

Startups are valued for their forward thinking, their financials, and their talent. No investment negotiation has ever broken down over the issue of cyber preparedness. Yet, clearly, an incident can be catastrophic to a promising but volatile new business, and anecdotal evidence suggests investors and founders alike are starting to take that risk seriously.

**The Threat to Startups**

Volt Typhoon, the Chinese advanced persistent threat (APT) du jour, has compromised critical infrastructure providers of every kind — Internet service providers, electric utilities, wastewater treatment, energy, and more — on multiple continents, targeting military organizations along the way. Its attacks are of the highest caliber among known APTs. But a few weeks ago, it went after a different type of prey: a startup.

Versa Networks attracted a lot of attention with its secure access service edge (SASE) software-as-a-service offering and earned $120 million in pre-IPO funding in October 2022. Less headline-grabbing was a bug in its software-defined wide area networking (SD-WAN) technology (CVE-2024-39717). The vulnerability — rated as "high" severity with a CVSS score of 7.2 — allowed Volt Typhoon to push a custom, credential-grabbing Web shell through the Versa Director platform, allowing the attackers to breach four Versa customers in the United States and one in India.

Though attacks and breaches can happen to any company, startups like Versa Networks, security camera firm Verkada — which was fined $3 million by the FTC last month following its breach where attackers took over customer cameras — and Rose's proptech failure are particularly vulnerable. Like any small or medium-sized businesses, they might struggle with budgets and resource allocation. More so than other businesses, though, startups sell excitement and promise. Where a typical business might aim to be secure, but simply lack the money and manpower to do it right, startups that aim to move fast and break things might simply deprioritize a cost that does not incur growth.

As Rose told Dark Reading at Cybertech, "In the case of the company that I mentioned, it \[cybersecurity\] hadn't even occurred to them. They were thinking about the upside \[of the business\], not the downside."

Unfortunately, the answer to securing startups isn't straightforward.

**When Startups Need to Think About Security**

When established companies shift their attention to beefing up their cybersecurity, they typically invest in personnel, training, and layered security software (among other things). But as Rose points out, "Virtually no founders we are speaking with are facing cyber security challenges because they don't have any product!"

Startup security is a more nuanced matter which largely rests on timing, explains Bob Ackerman, founder and managing director of the early-stage VC company AllegisCyber.

"When you're looking at a stage zero startup, security probably is not the number one consideration. It's, 'Is this a good idea?', 'Can this team perform?', 'Is there actually a business here?' But as companies gather steam, establish critical mass, the consequences of getting cybersecurity wrong increase," Ackerman says.

"Usually a mid-stage or later-stage company has enough cybersecurity questions for it to be obvious that we need a security team, a security program, \[and\] a security budget as well," says Will Lin, author of The VC Field Guide. "If I were to force a number, I would say that for companies over, say, 3,000 employees, it starts becoming more of a key topic for investors."

Lin cautions, though, that needs vary widely across companies of different kinds.

"You might find very, very large organizations — even above 3,000 people, for example — that have a tiny, three-person-or-less security team, and then you might find a small organization of 200 people spending quite a lot per year on security. Security budgets and programs and everything tends to be more reactive than \[saying\] 'Obviously, the next step of the company is we need to do X, Y, Z," Lin explains.

The variation occurs not just due to size and maturity, Ackerman adds, but also industry.

"Maybe a financial services company is going to have cyber risk exposure, and so \[be\] aware of it from a very early stage, particularly in sectors like financial services, where there is a lot of personally identifiable information, or anything in supply chain, where a compromise could be disruptive and have an adverse consequence," he says.

**Nudging Security to a Higher Priority**

According to a February survey from business insurance company Embroker, more than two thirds of founders have experienced a cyberattack against one of their businesses.

Founders seem to be extra cautious about security. In the survey, 86% reported owning some kind of cyber insurance, and 71% were considering additional security protections in addition to having insurance. About a third (31%) of the respondents reported being more concerned with security than they were the year prior.

Those who aren't thinking about cybersecurity may be nudged into doing something by the investors themselves. As Rose points out, "One of the things that we have on our standard investor checklist when we do full-on due diligence is: What is your cybersecurity plan? How is it going to work? Actually, in many cases, it's the first time anybody ever asked the startup founder about security."

He continues, "I would be very happy if they have something in their deck — at least in their appendix to their deck — which would say: 'Here's our thoughts, here's our plan, here's our vulnerability.' Just tell me that you've actually given more than two-and-a-half minutes worth of thought to the subject, and you will be ahead of 95% of other companies."

More mature, later-stage startups need to start making material investments, and hiring for executive positions, he explains, "And if you're a platform business that is open to the public, and you've got any kind of money going anywhere, then you damn well better have a really serious plan."

"If the world was under my control, I would say: Yes, as a startup founder with no paying clients until next year, I want you thinking about building in security from day one. But because that doesn't tie out to dollars day one — and startups are always pressed for dollars, always trying to move fast and break things — that's a very hard sell," he admits.

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

When Startup Founders Should Start Thinking About Cybersecurity

Beware before calling Apple for assistance as scammers are creating malicious ads and fake pages to lure you in.

We’ve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository platform owned by Microsoft.

The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple. From there, fraudulent call center agents will social engineer their victims in order to extract money from them.

In this blog post, we expose the techniques behind this scam and provide mitigation steps to stay away from them. We’d like to thank GitHub for their quick response in taking down the malicious accounts we reported to them.

**Hey Siri, google “Apple phone support”**

While Apple products are designed with simplicity in mind, we’ve all come across an issue at some point that we need assistance with. Google, who reportedly paid Apple $20 billion to be the default search engine, will display results in Safari, along with ads, hence the lucrative partnership.

Those “Sponsored” results can appear at the top or further down the search results page. In the image seen below, a malicious ad appears at the very top, right before Apple’s official phone number. In other cases we encountered, multiple malicious ads were displayed before any legitimate results.

Clicking on one of those will redirect to a fake AppleCare+ customer service page, inviting users to call a 1-800 phone number supposedly belonging to Apple. In reality, in just 2 simple clicks victims are connected with scammers located in call centers overseas.

The fake Apple customer service pages are hosted on Microsoft’s GitHub source code repository as standalone HTML templates using Apple’s branding. Scammers are creating several accounts on GitHub with one or multiple repositories with the same fraudulent _index.html_ template:

During an active campaign, they can easily swap phone numbers in case one got reported and blocked. In fact, we saw scammers do just that thanks to GitHub’s commit history:

There is also an interesting piece of code within the page (autoDial) that automatically pops up the phone dialog menu. This ensures that victims have one less thing to click on to get connected with a scammer impersonating Apple:

**Risks and mitigations**

This particular scheme is exceptionally easy to fall for due to the combination of malicious Google ads and lookalike pages. Scammers are preying on unsuspecting users to trust that they are real Apple service agents and that it’s okay to give them personal information.

The biggest risk to consumers is being defrauded for hundreds, and often thousands of dollars. Scammers typically instruct victims to withdraw money from their bank account and send it to them, in various ways.

In some cases we investigated this year, fraudsters will ask for the victim’s name, address, social security number and banking details. With that information, they can easily blackmail them directly or share their profile with other scammers who will pretend to help from the original incident.

We advise users to be extremely cautious when looking for phone or online support related to any of the most popular brands. Microsoft is usually highly targeted by scammers due to its dominance in the computer market share. Keep in mind that whenever you click on a sponsored result or ad, you are taking a chance of being redirected to a malicious site.

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Scammers advertise fake AppleCare+ service via GitHub repos 

Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato’s global customers, between April and June 2024.
Key Insights from the Q2 2024 Cato CTRL SASE Threat Report
The report is packed with unique insights that are based on

Threat Intelligence / Cybercrime

Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato's global customers, between April and June 2024.

**Key Insights from the Q2 2024 Cato CTRL SASE Threat Report**

The report is packed with unique insights that are based on thorough data analysis of network flows. The top three insights for enterprises are as follows.

**1) IntelBroker: A Persistent Threat Actor in the Cyber Underground**

During an in-depth investigation into hacking communities and the dark web, Cato CTRL identified a notorious threat actor known as IntelBroker. IntelBroker is a prominent figure and moderator within the BreachForums hacking community and has been actively involved in the sale of data and source code from major organizations. These include AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile and the US Army Aviation and Missile Command.

**2) 66% of Brand Spoofing Focuses on Amazon**

Cybersquatting is the spoofing and exploitation of a brand's domain name to profit from its registered trademark. The report finds that Amazon was the most frequently spoofed brand, with 66% of such domains targeting the retail giant. Google followed, albeit at a distant second, with 7%.

**3) Log4j _Still_ Being Exploited**

Despite being discovered in 2021, the Log4j vulnerability remains a favored tool among threat actors. From Q1 to Q2 2024, Cato CTRL recorded a 61% increase in attempted Log4j exploits in inbound traffic and a 79% rise in WANbound traffic. Similarly, the Oracle WebLogic vulnerability, first identified in 2020, saw a 114% increase in exploitation attempts within WANbound traffic over the same period.

**Security Recommendations**

Based on the findings of the report, Cato CTRL advises organizations to adopt the following best practices:

1.  Regularly monitor dark web forums and marketplaces for any mention of your company's data or credentials being sold.
2.  Employ tools and techniques to detect and mitigate phishing and other attacks that leverage cybersquatting.
3.  Establish a proactive patching schedule focused on critical vulnerabilities, particularly those actively targeted by threat actors, such as Log4j.
4.  Create a step-by-step plan for responding to a data breach.
5.  Adopt an "assume breach" mentality with methods like ZTNA, XDR, pen testing and more.
6.  Develop an AI governance strategy.

Read additional recommendations with more details in the report.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Top 3 Threat Report Insights for Q2 2024

The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.

The GAZEploit attack consists of two parts, says Zhan, one of the lead researchers. First, the researchers created a way to identify when someone wearing the Vision Pro is typing by analyzing the 3D avatar they are sharing. For this, they trained a recurrent neural network, a type of deep learning model, with recordings of 30 people’s avatars while they completed a variety of typing tasks.

When someone is typing using the Vision Pro, their gaze fixates on the key they are likely to press, the researchers say, before quickly moving to the next key. “When we are typing our gaze will show some regular patterns,” Zhan says.

Wang says these patterns are more common during typing than if someone is browsing a website or watching a video while wearing the headset. “During tasks like gaze typing, the frequency of your eye blinking decreases because you are more focused,” Wang says. In short: Looking at a QWERTY keyboard and moving between the letters is a pretty distinct behavior.

The second part of the research, Zhan explains, uses geometric calculations to work out where someone has positioned the keyboard and the size they’ve made it. “The only requirement is that as long as we get enough gaze information that can accurately recover the keyboard, then all following keystrokes can be detected.”

Combining these two elements, they were able to predict the keys someone was likely to be typing. In a series of lab tests, they didn’t have any knowledge of the victim’s typing habits, speed, or know where the keyboard was placed. However, the researchers could predict the correct letters typed, in a maximum of five guesses, with 92.1 percent accuracy in messages, 77 percent of the time for passwords, 73 percent of the time for PINs, and 86.1 percent of occasions for emails, URLs, and webpages. (On the first guess, the letters would be right between 35 and 59 percent of the time, depending on what kind of information they were trying to work out.) Duplicate letters and typos add extra challenges.

“It’s very powerful to know where someone is looking,” says Alexandra Papoutsaki, an associate professor of computer science at Pomona College who has studied eye tracking for years and reviewed the GAZEploit research for WIRED.

Papoutsaki says the work stands out as it only relies on the video feed of someone’s Persona, making it a more “realistic” space for an attack to happen when compared to a hacker getting hands-on with someone’s headset and trying to access eye tracking data. “The fact that now someone, just by streaming their Persona, could expose potentially what they’re doing is where the vulnerability becomes a lot more critical,” Papoutsaki says.

While the attack was created in lab settings and hasn’t been used against anyone using Personas in the real world, the researchers say there are ways hackers could have abused the data leakage. They say, theoretically at least, a criminal could share a file with a victim during a Zoom call, resulting in them logging into, say, a Google or Microsoft account. The attacker could then record the Persona while their target logs in and use the attack method to recover their password and access their account.

**Quick Fixes**

The GAZEpolit researchers reported their findings to Apple in April and subsequently sent the company their proof-of-concept code so the attack could be replicated. Apple fixed the flaw in a Vision Pro software update at the end of July, which stops the sharing of a Persona if someone is using the virtual keyboard.

An Apple spokesperson confirmed the company fixed the vulnerability, saying it was addressed in VisionOS 1.3. The company’s software update notes do not mention the fix. The researchers say Apple assigned CVE-2024-40865 for the vulnerability and recommend people download the latest software updates.

Apple Vision Pro’s Eye Tracking Exposed What People Type

A vendor honeypot caught two attacks intended to leverage the tens of thousands of exposed Selenium Grid Web app testing servers.

Source: Olekcii Mach via Alamy Stock Photo

Threat actors are infecting Internet-exposed Selenium Grid servers, with the goal of using victims' Internet bandwidth for cryptomining, proxyjacking, and potentially much worse.

Selenium is an open source suite of tools for browser automation that, according to data from Wiz, can be found in 30% of cloud environments. Selenium Grid is its open source tool for automatically testing Web applications across multiple platforms and browsers in parallel, used by millions of developers and thousands of organizations worldwide. Its Selenium/hub docker image has more than 100 million pulls on Docker Hub.

Though it's an internal tool by nature, tens of thousands of Selenium Grid servers are exposed on the Internet today. In turn, at least some hackers have deployed automated malware intended to hijack these servers for various malicious purposes.

To gauge the kinds of threats that face these untended servers, Cado Security recently launched a honeypot. As Al Carchrie, R&D lead solutions engineer for Cado Security, remembers, "We deployed the honeypot on a Tuesday, and then we started to see activity within 24 hours."

**Selenium Proxyjacking**

During the research period, two primary threats kept automatically trying to attack the honeypot day after day.

The first deployed a series of scripts, including one labeled "y," which dropped the open source networking toolkit GSocket. GSocket is designed to allow two users behind firewalls to establish a secure TCP connection. In this and other cases, though, threat actors used it as a means of command-and-control (C2).

Two scripts followed, "pl" and "tm," which performed various reconnaissance functions — analyzing system architecture, checking for root privileges, and other functions — and dropped the campaign's primary payloads: Pawns.app (IPRoyal Pawn) and EarnFM. Each of these are proxyware — programs that allow users to essentially rent out their unused internet bandwidth.

Though services like these are sold legitimately, hackers can easily weaponize them for their own purposes. Called "proxyjacking," it involves hijacking an unwitting Internet user's IP to use as one's own personal proxy server for further malicious activities or selling it to another cybercriminal.

"It allows people to hide behind legitimate IP addresses, and the reason for doing that is to try and bypass IP filtering that organizations would put in place," Carchrie explains. "So if you're using Tor to try and anonymize yourselves, organizations might blacklist Tor IP addresses from accessing their infrastructure. This gives them an opportunity. This is the first time I've personally come across proxyjacking being used as the end goal of a campaign."

**More Significant Threats to Selenium**

The second attack snagged by the honeypot was similar in its initial means of infection, but dropped a Golang-based executable and linkable format (ELF) binary. The ELF, in turn, attempted to use "PwnKit," a public exploit for CVE-2021-4043, an old, medium severity Linux privilege escalation bug (CVSS score 5.5).

Next, the malware connected to an attacker's C2 infrastructure and dropped "perfcc," a cryptominer. In this way, it paralleled a different, yearlong campaign revealed by Wiz back in July, which used Selenium Grid as a vector to deploy the XMRig miner.

As Ami Luttwak, CTO and co-founder of Wiz, explains, the same kind of attack can be used to do a lot worse.

"Remember, Selenium runs usually in test environments," he says. "Test environments have proprietary code, and many times from test environments you can actually get access back to either engineering environments or production. So this could be used by a more advanced attacker to start actually attacking the exposed organization."

**30,000 Publicly Exposed Servers**

Being an internal tool by nature, Selenium Grid does not have any authentication to barricade attackers from breaking in. Its maintainers have warned in documentation that it "must be protected from external access using appropriate firewall permissions."

In July, though, Wiz found around 15,000 updated but Internet-exposed Selenium Grid servers. Worse: More than 17,000 were both exposed to the Internet, and running outdated versions. (That number has since dropped below 16,000.) The vast majority of these were based in the US and Canada.

It was only a matter of time, then, before threat actors capitalized on the opportunity. The first documented sign of it was reported in a Reddit post.

"Selenium is built to be an internal service for testing," Luttwak emphasizes. "In most scenarios, it's not supposed to be publicly accessible. If it is, then there is a risk there you have to mitigate."

Carchrie advises, "If you need your Selenium Grid accessible via the Internet, we recommend that you deploy an appropriately configured authentication proxy server in front of the Selenium Grid application using multifactor authentication as well as username and passwords."

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa, and forced to spend the night in jail — just for doing their pen-testing jobs. Listen now!

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Hackers Proxyjack &amp; Cryptomine Selenium Grid Servers

Private Cloud Compute is an entirely new kind of infrastructure that, Apple’s Craig Federighi tells WIRED, allows your personal data to be “hermetically sealed inside of a privacy bubble.”

The generative AI boom has, in many ways, been a privacy bust thus far, as services slurp up web data to train their machine learning models and users’ personal information faces a new era of potential threats and exposures. With the release of Apple’s iOS 18 and macOS Sequoia this month, the company is joining the fray, debuting Apple Intelligence, which the company says will ultimately be a foundational service in its ecosystem. But Apple has a reputation to uphold for prioritizing privacy and security, so the company took a big swing. It has developed extensive custom infrastructure and transparency features, known as Private Cloud Compute (PCC), for the cloud services Apple Intelligence uses when the system can't fulfill a query locally on a user's device.

The beauty of on-device data processing, or “local” processing, is that it limits the paths an attacker can take to steal a user's data. The data never leaves the computer or phone, so that's what the attacker has to target. It doesn't mean an attack will never be successful, but the battleground is defined and constrained. Giving data to a company to process in the cloud isn't inherently a security issue—an unfathomable amount of data moves through global cloud infrastructure safely every day. But it expands that battlefield immensely and also creates more opportunities for mistakes that inadvertently expose data. The latter has particularly been an issue with generative AI given the unintended ways that a system tasked with generating content may access and share information.

With Private Cloud Compute, Apple has developed an array of innovative cloud security technologies. But the service is also significant for pushing the limits of what is an acceptable business proposition for a cloud service, seemingly prioritizing secure architecture over what would be most technically efficient or economical.

“We set out from the beginning with a goal of how can we extend the kinds of privacy guarantees that we’ve established with processing on-device with iPhone to the cloud—that was the mission statement," Craig Federighi, senior vice president of software engineering at Apple, tells WIRED. “It took breakthroughs on every level to pull this together, but what we’ve done is achieve our goal. I think this sets a new standard for processing in the cloud in the industry.”

To remove many of the potential attack points and pitfalls that cloud computing can introduce, Apple says its developers focused on the idea that “security and privacy guarantees are strongest when they are entirely technically enforceable” rather than implemented through policies.

In other words, you can have a plate of cupcakes on the counter and make a policy for yourself that you're not going to eat any of them. Or you could have a policy that you never make or buy cupcakes. But the Private Cloud Compute approach would be to move to a town with no bakeries, rip out your kitchen, and close your credit cards to prevent yourself from buying Easy Bake Ovens. That way there's no question about your cupcake access or the possibility of accidental cupcake hoarding.

**Starting Fresh**

Apple created purpose-built servers running Apple processors for PCC and developed a custom PCC server operating system that's a stripped down, hybrid version of iOS and macOS. The scheme incorporates hardware and software security features the company has developed for Macs and iPhones over the past two decades.

Unlike these consumer devices, though, PCC servers are as bare-bones as possible. For example, they don't include “persistent storage,” meaning that they don't have a hard drive that can keep processed data long-term. They do incorporate Apple's dedicated hardware encryption key manager known as the Secure Enclave and randomize each file system's encryption key at every boot up as well. This means that once a PCC server is rebooted, no data is retained and, as an additional precaution, the entire system volume is cryptographically unrecoverable. At that point, all the server can do is start fresh with a new encryption key.

PCC servers also use Apple's Secure Boot to validate the integrity of the operating system and use a code verification feature the company debuted with iOS 17, known as Trusted Execution Monitor. Instead of using Trusted Execution Monitor in the usual way for oversight, though, PCC runs it in a much stricter mode where once the server restarts and completes the boot sequence, the system locks down and can't load any new code whatsoever. Essentially, all the software the server needs to run gets pummeled with checks and validation and then goes into an envelope that's sealed before user requests and data can begin to process through.

More broadly, Apple says it completely replaced its normal server management tools for PCC. For example, most cloud platforms have policies and controls to prevent unauthorized access, but they also build “break in case of emergency”-type options so highly trusted system administrator accounts can take quick action in case of a bug or failure. In keeping with Apple's focus on technically enforceable guarantees versus policy guarantees, PCC doesn't allow privileged access and drastically limits remote management options.

In recent years, Apple took a major security step by offering its users end-to-end encryption for iCloud backups, in which the company simply holds data in its cloud infrastructure for its customers and doesn't have the technical capability to decrypt and read that data. With current technology, such a scheme is impossible to implement for generative AI because the system needs to process the inputs to give an output. For example, if you want Apple Intelligence to give you a summary of all the text messages and emails you've received in the past three hours, the system needs access to those messages. End-to-end encryption would make that access virtually impossible.

Apple says it is still committed to doing as much Apple Intelligence processing as possible on-device, and a brand new iPhone 16 with its A18 chip, for example, will be able to do more AI processing locally than an iPhone 15 with an A16 chip. Still, the reality seems to be that Apple will need to do a substantial amount of Apple Intelligence processing in the cloud—hence the investment in developing PCC. (In iOS 18.1, users can go to Settings > Privacy & Security > Apple Intelligence Report to view a log of which requests are processed on device versus in the cloud.)

“What was really unique about the problem of doing large language model inference in the cloud was that the data had to at some level be readable by the server so it could perform the inference. And yet, we needed to make sure that that processing was hermetically sealed inside of a privacy bubble with your phone," Federighi says. “So we had to do something new there. The technique of end-to-end encryption—where the server knows nothing—wasn’t possible here, so we had to come up with another solution to achieve a similar level of security.”

Still, Apple says that it offers “end-to-end encryption from the user’s device to the validated PCC nodes, ensuring the request cannot be accessed in transit by anything outside those highly protected PCC nodes.” The system is architected so Apple Intelligence data is cryptographically unavailable to standard data center services like load balancers and logging devices. Inside a PCC cluster, data is decrypted and processed, but Apple emphasizes that once a response is encrypted and sent on its journey to the user, no data is retained or logged and none of it is ever accessible to Apple or its individual employees.

**Open Book, Closed System**

Apple says the overarching vision for PCC is that an attacker should have to compromise the entire system—a difficult thing to do at all much less without being detected—in order to target a specific user's personal data. Even if an attacker could physically compromise an individual live PCC node, the system is devised with an anonymous relay feature so the queries and data on any one node can't be connected to individual users.

It all sounds pretty groovy, but the notoriously secretive company seems to be aware that professing to do all of these things and claiming to offer technical guarantees is ultimately only compelling with proof and transparency. So PCC includes an external auditing mechanism that serves a crucial dual purpose.

Apple is making every production PCC server build publicly available for inspection so people unaffiliated with Apple can verify that PCC is doing (and not doing) what the company claims, and that everything is implemented correctly. All of the PCC server images are recorded in a cryptographic attestation log, essentially an indelible record of signed claims, and each entry includes a URL for where to download that individual build. PCC is designed so Apple can't put a server into production without logging it. And in addition to offering transparency, the system works as a crucial enforcement mechanism to prevent bad actors from setting up rogue PCC nodes and diverting traffic. If a server build hasn't been logged, iPhones will not send Apple Intelligence queries or data to it.

PCC is part of Apple's bug bounty program, and vulnerabilities or misconfigurations researchers find could be eligible for cash rewards. Apple says, though, that since the iOS 18.1 beta became available in late July, no on has found any flaws in PCC so far. The company recognizes that it has only made the tools to evaluate PCC available to a select group of researchers so far.

Multiple security researchers and cryptographers tell WIRED that Private Cloud Compute looks promising, but they haven't spent significant time digging into it yet.

“Building Apple silicon servers in the data center when we didn’t have any before, building a custom OS to run in the data center was huge,” Federighi says. He adds that “creating the trust model where your device will refuse to issue a request to a server unless the signature of all the software the server is running has been published to a transparency log was certainly one of the most unique elements of the solution—and totally critical to the trust model.”

To questions about Apple's partnership with OpenAI and integration of ChatGPT, the company emphasizes that partnerships are not covered by PCC and operate separately. ChatGPT and other integrations are turned off by default, and users must manually enable them. Then, if Apple Intelligence determines that a request would be better fulfilled by ChatGPT or another partner platform, it notifies the user each time and asks whether to proceed. Additionally, people can use these integrations while logged into their account for a partner service like ChatGPT or can use them through Apple without logging in separately. Apple said in June that another integration with Google's Gemini is also in the works.

Apple said this week that beyond launching in United States English, Apple Intelligence is coming to Australia, Canada, New Zealand, South Africa, and the United Kingdom in December. The company also said that additional language support—including for Chinese, French, Japanese, and Spanish—will drop next year. Whether that means that Apple Intelligence will be permitted under the European Union's AI Act and whether Apple will be able to offer PCC in its current form in China is another question.

“Our goal is to bring ideally everything we can to provide the best capabilities to our customers everywhere we can,” Federighi says. “But we do have to comply with regulations, and there is uncertainty in certain environments we’re trying to sort out so we can bring these features to our customers as soon as possible. So, we’re trying.”

He adds that as the company expands its ability to do more Apple Intelligence computation on-device, it may be able to use this as a workaround in some markets.

Those who do get access to Apple Intelligence will have the ability to do far more than they could with past versions of iOS, from writing tools to photo analysis. Federighi says that his family celebrated their dog’s recent birthday with an Apple Intelligence–generated GenMoji (viewed and confirmed to be very cute by WIRED). But while Apple's AI is meant to be as helpful and invisible as possible, the stakes are incredibly high for the security of the infrastructure underpinning it. So how are things going so far? Federighi sums it up without hesitation: “The rollout of Private Cloud Compute has been delightfully uneventful.”

Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.

Source: Miscellaneoustock via Alamy Stock Photo

A newly devised covert channel attack method could undermine diligently devised air gaps at highly sensitive organizations.

In industrial control systems security, the term "air gap" is contested. It typically describes a total physical separation between networks — a literal gap through which no Wi-Fi signals, wires, etc., can pass. The most critical military, government, and industrial sites use air gaps to prevent Internet-based cyber threats from penetrating the kinds of networks that protect state secrets and human lives.

But any medium capable of transmitting information can, in theory, be weaponized to transmit the bad kind. Mordechai Guri of Israel's Ben-Gurion University has long researched ways of crossing air gaps with sound waves: via computer fans, hard disk drives, CD/DVD drives, and more. His latest attack scenario, "Pixhell," enables data theft using sounds produced by specially generated, rapidly shifting bitmap patterns on an LCD screen.

**How Pixhell Works**

It's midnight, and everyone working at the top secret intelligence facility has long gone home for the night, when all of a sudden a computer screen flashes with what appears to be random noise, as if it's missing a signal. It isn't missing a signal — the apparent noise is the signal.  

Pixhell only works if an attacker can infect or control at least one device on each side of an air gap.

Air gaps typically connect critical networks with less critical networks, so the latter half of that job might be achieved by an Internet-based attack, while the former will require more stringent measures. Still, a machine behind an air gap can be infected in any number of ways: via supply chain compromise, a removable drive in the hands of a malicious or unwitting insider, or assorted other options.

Then, with no other obvious means of communicating — not Wi-Fi, Bluetooth, a speaker, or anything else — a computer can be made to transmit information over an air gap via the sounds generated by its screen.

Simplified, LCD screens have capacitors — which store and release electrical charge — and inductors — which help manage the voltage to those capacitors. While they're working, these components generate the faintest of high-pitched frequencies, inaudible to the human ear.

However, "Speakers and microphones generally have a frequency range that is broader than human hearing," explains Andrew Ginter, vice president of industrial security at Waterfall Security Solutions. "The high end of the frequency range is where you can encode the greatest amount of information — the largest number of bits per second — and it's ultrasound. Dogs might freak out in the room, but humans can't hear it."

In experiments, the Pixhell malware manipulated pixels on a screen in such a way as to cause its inductors and capacitors to vibrate at specific frequencies. In so doing, they generated sound waves translating stolen, encoded data to the machine on the other side of an air gap, with varying fidelity at distances of up to two and a half meters. As Ginter puts it, "An attacker can send information from either computer to the other's microphone, and you can be sitting in the room and not realize information is being communicated."

**The Wide World of Covert Channel Attacks**

Besides acoustics, there are any number of other, equally creative means to carry out covert channel attacks in theory.

"It's been reported that with sufficient effort, you can use Ethernet wiring as software-defined radio transmitters and receivers," Ginter notes. Some 20 years ago, 56-kilobit-per-second modems had an LED on the front so users could see if their data was moving. Ginter says you could turn the LED on when there was a one bit being transmitted, or off when it was a zero bit. "And it turned out that the LED was extremely responsive — so responsive that if you had a fast enough camera or detector, you could actually detect every bit that was being sent through the modem by watching the LED," he adds. 

Countless other fun examples can be found in the annals of computer research archives. "Some computers have the ability to do detailed measurements on the voltage that's coming into the battery. And what that means is that if you have two computers plugged into the same circuit, even if they're using different outlets, one computer can consume more power briefly and less power a fraction of a second later, and the other one can detect these very tiny changes in voltage, so they can signal to each other that way. Even though they're electrically connected to different networks, they're both connected to the same power," he explains.

**What the Best Air Gaps Look Like**

For the overwhelming majority of organizations, a physical air gap is sufficient to protect against even high-level adversaries, who aren't likely to pull off Pixhell-style attacks.

Those few most sensitive sites on the planet that have to worry about covert channel attacks — spy agencies, military headquarters, power plants — have already dedicated significant time and resources to building not just air gaps, but air gaps that make these scenarios impractical.

"At some extremely sensitive OT sites, they will have all of the OT equipment in one server room, and they'll have the IT equipment in another server room down the hall. And the only connection between the server rooms is a single fiber-optic connection that is a unidirectional gateway from OT to IT," Ginter explains.

Past that, he adds, the greater the distance between communicating computers, the more difficult it is to exploit covert channels. "If it's an electrical \[channel you're worried about\], you've got electrical noise between rooms. If it's audible, there are closed doors in the way. If it's temperature, you can heat up the room in a region very slightly \[at intervals\], so there's so much thermal noise that it becomes impractical to send any information out." The operative idea is signal-to-noise ratio (SNR): How much noise does one have to generate to make a covert channel attack impractical?

Whether such science-fiction-level defenses are warranted will depend on the organization at risk. "Some of the countermeasures were given for scientific discussion, but they are less practical to deploy in real life," Guri says. As an example, he points out that acoustic jammers would stop Pixhall right in its tracks: "Such a noise jammer may work in countering the attack, but it will make the environment too noisy for people to work."

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa and forced to spend the night in jail -- just for doing their pen-testing jobs. Listen now!

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens

A PRC threat cluster known as "Crimson Palace" is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack chain.

Source: Pictorial Press Ltd via Alamy Stock Photo

A trio of threat clusters working in service of the People's Republic of China (PRC) have compromised at least a dozen new targets, including one Southeast Asian government organization.

Operation Crimson Palace has been around since March 2023, but been particularly active in 2024, as the threat actors fight against cybersecurity analysts to stay alive. In fact, despite being outed and actively hunted, Crimson Palace's three arms have managed to continue breaching public and private organizations in Asia, and stealing potentially sensitive strategic data and materials from what Sophos described in a new report as "a prominent agency within the government of a Southeast Asian nation."

**The Ocean's 11 of the Cyber-Threat World**

Every heist movie has a team, where each team member has a unique specialty. You've got your getaway driver, your hacker or safecracker, the weapons expert, the muscle, the silver-tongued vixen.

Operation Crimson Palace uses this team-based approach for cyber heists. Instead of operating as a monolithic advanced persistent threat (APT), three independent teams — tracked by Sophos as Alpha, Bravo, and Charlie — each have a unique, though partly overlapping role in the wider attack chain. This setup allows each cluster to hyperfocus on specific tasks, and allows different clusters to work on different compromises simultaneously.

Cluster Alpha typically handles initial access: performing network reconnaissance and mapping, moving laterally and establishing persistence in a targeted system, deploying backdoors, interrupting security software, and so on.

Broadly speaking, Cluster Bravo is the infrastructure specialist. It further entrenches and spreads in target networks, prepares the field for malware deployment, and establishes command-and-control (C2) communications channels, often by using one Crimson Palace victim as a relay point through which to attack another. From January to June, Sophos identified a number of organizations — including one government agency — whose infrastructure Bravo borrowed for purposes of malware staging.

"It's obscuring the command-and-control in places where you might already be expecting to see traffic," explains Chester Wisniewski, global field chief technology officer (CTO) at Sophos. "If you see HTTPS traffic directly with one of your primary telecommunications providers — or perhaps with another government agency or business entity in the country that's commonly engaging with people in your environment — it's going to be a lot harder to determine if that's \[coming from a malicious\] C2, or if it's just normal business operations."

Though Bravo hasn't always featured heavily in Crimson Palace attacks, it has come to life in more recent cases. Sophos newly identified Bravo activity in at least 11 Asian organizations and agencies, including government contractors.

"It's very possible Cluster Alpha \[and Bravo\] doesn't even know what they're after, other than that this is the target environment that they must keep the door open to, to allow someone else in who's aware of what the goal is," Wisniewski notes.

That someone else is Cluster Charlie.

**Cluster Charlie: An Unstoppable Threat**

Cluster Charlie is the cleanup hitter, responsible for whatever is necessary to maintain system access and exfiltrate sensitive data. Befitting its role, it appears to be the most active and sophisticated of the three clusters.

Its story took shape following its first run-in with researchers in August 2023. After Sophos blocked its custom C2 tool, PocoProxy, the Charlie cluster went quiet for a few weeks. Then, beginning that September and continuing ever since, it has constantly bounced back with a new tactic, technique, or procedure (TTP) for every one its adversaries have blocked.

In response to having its custom malware blocked, Charlie turned to the open source community, making use of at least 11 tools for C2 (e.g. Cobalt Strike), shellcode loading (e.g. Donut), evasion of EDR software (e.g. RealBindingEDR), and more. "When they had custom C2 access to the environment and we successfully blocked it, they pivoted to some open source tools," Wisniewski recalls. "And then when that didn't work, they came back with new custom tooling."

Charlie's creativity came through the most in its means of malware delivery. In the period between last November and this past May, Charlie deployed C2 implants using no less than 28 unique combinations of sideloading chains, execution methods, and shellcode loaders. On multiple occasions during the month of February, the group even conducted a kind of A/B testing, deploying its malicious files using slightly varying means to test which method would work best.

As Wisniewski warns, "If you have something they want — even if you're successful in figuring out their current approach to how they're attacking the network — they're not going to stop. They will continue to innovate and iterate."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets

POMS version 1.0 suffers from an ignored default credential vulnerability.

**POMS 1.0 Insecure Settings**

Posted Sep 9, 2024

Authored by indoushka

POMS version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | e96b4926531826f22ee72eeb7f339d7761192178a35f69af5d5141abbc8b63c1

Download | Favorite | View

**POMS 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : POMS v1.0 Insecure Settings Vulnerability                                                                                   || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html                                    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,689)
*   Arbitrary (17,038)
*   BBS (2,859)
*   Bypass (1,904)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,205)
*   Encryption (2,394)
*   Exploit (54,147)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (918)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,208)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,402)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,830)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,044)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,704)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,055)
*   Web (10,131)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,118)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,071)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,733)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,808)
*   UNIX (9,452)
*   UnixWare (188)
*   Windows (6,763)
*   Other

POMS 1.0 Insecure Settings

Pharmacy Management System version version 1.0 suffers from an ignored default credential vulnerability.

**Pharmacy Management System version 1.0 Insecure Settings**

Posted Sep 9, 2024

Authored by indoushka

Pharmacy Management System version version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 6c367c1c4b085e72851f370194180a14f132217419dbc26645d989d1f50bd05c

Download | Favorite | View

**Pharmacy Management System version 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Pharmacy Management System version 1.0 Insecure Settings Vulnerability                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/demoocom/admin/?page=user/manage_user&id=8Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,689)
*   Arbitrary (17,038)
*   BBS (2,859)
*   Bypass (1,904)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,205)
*   Encryption (2,394)
*   Exploit (54,147)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (918)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,208)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,402)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,830)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,044)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,704)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,055)
*   Web (10,131)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,118)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,071)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,733)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,808)
*   UNIX (9,452)
*   UnixWare (188)
*   Windows (6,763)
*   Other

Tag

#apple