Torrance, United States / California, 22nd January 2025, CyberNewsWire

**Torrance, United States / California, January 22nd, 2025, CyberNewsWire**

AI SPERA, a leading Cyber Threat Intelligence (CTI) provider, has collaborated with OnTheHub, a global provider of software in education, to deliver its integrated cybersecurity solution, Criminal IP, to students and educational institutions. This strategic initiative aims to enhance cybersecurity awareness and protection in the education sector by offering internationally compliant solutions at affordable prices.

Criminal IP will now extend its reach to educational institutions worldwide, reinforcing its growing presence in the global security market. Since its launch, Criminal IP has gained users in over 150 countries and formed strategic alliances with more than 40 global cybersecurity companies, including Cisco, Snowflake, Tenable, and VirusTotal.

(Criminal IP Lite Plan on OnTheHub)

OnTheHub is a worldwide operating platform that provides software and learning materials at discounted rates to educational organizations and their members. Through this collaboration, Criminal IP and OnTheHub seek to strengthen the cybersecurity frameworks of educational organizations on the platform, aligning with the ongoing digital transformation (DT) in education, particularly regarding Learning Management Systems (LMS). Students and researchers can access Criminal IP by redeeming coupons purchased through OnTheHub on the Criminal IP website, enabling them to utilize a globally recognized CTI platform at an affordable cost.

Criminal IP offers real-time risk analysis and vulnerability insights for global IP addresses and domains. Utilizing AI and machine learning technologies, the solution scans for security threats across various ports and devices, quickly identifying malicious IPs and domains while categorizing threat levels into five distinct tiers. Additionally, organizations can leverage Criminal IP ASM to oversee and manage IT assets, and Criminal IP FDS to detect unauthorized network access attempts during login or payment processes, all provided through a user-friendly SaaS model.

In terms of compatibility, Criminal IP offers an intuitive user interface (UI) and an integrated API, facilitating seamless integration with a variety of software and security solutions. This enables users to comprehensively evaluate security risks, including threat scores for IT assets, exposure of IoT devices, and phishing domain identification. Consequently, students and researchers associated with OnTheHub’s partner institutions will gain access to high-quality threat intelligence data and a robust platform for academic activities such as threat hunting, development, and research.

> AI SPERA CEO Byung-tak Kang commented, “Through this partnership, we are excited to provide more students and educational institutions with a globally recognized security solution at a reasonable price. We hope that Criminal IP will help students and researchers prevent security threats in educational environments and ensure a safe digital space for learning.”

**About AI SPERA**

AI SPERA, renowned for its advanced solutions, has expanded internationally, with ‘Criminal IP’ as its flagship offering. Operating in more than 150 countries, ‘Criminal IP’ is backed by enterprise-grade security solutions like ‘Criminal IP ASM’ and ‘Criminal IP FDS’. Strategic partnerships with global leaders such as Cisco, VirusTotal, and Quad9 have significantly enhanced ‘Criminal IP’s capabilities. AI SPERA’s ‘Criminal IP’ has recently entered the marketplace of major US data warehousing platforms, including Amazon Web Services (AWS), Microsoft Azure, and Snowflake, expanding its global reach for threat data.

**Contact**

**Michael Sena**  
**\[email protected\]**

Criminal IP and OnTheHub Partner to Deliver Advanced Cybersecurity Solutions for Education

Donald Trump pardoned the creator of the world’s first dark-web drug market, who is now a libertarian cause célèbre in some parts of the crypto community.

A little over 11 years and three months ago, Ross Ulbricht was arrested in the science fiction section of a public library in San Francisco, caught with his laptop still logged in to the Silk Road, the world’s first dark-web drug market that he created and ran under the pseudonym the Dread Pirate Roberts.

Now, after being sentenced to life in prison and spending more than a decade behind bars, Ulbricht will walk free, thanks to Donald Trump—and to the president’s ever-closer ties to the American cryptocurrency world.

“I just called the mother of Ross William Ulbright to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my pleasure to have just signed a full and unconditional pardon of her son, Ross,” president Trump wrote on Truth Social on Tuesday evening, misspelling Ulbricht's last name. “The scum that worked to convict him were some of the same lunatics who were involved in the modern day weaponization of government against me. He was given two life sentences, plus 40 years. Ridiculous!”

For close to two and a half years after Ulbricht created the Silk Road in 2011, the dark-web site facilitated the sale of vast amounts of narcotics, as well as counterfeit documents, money laundering services and, at times, guns, for hundreds of millions of dollars in bitcoin payments. After the FBI located the Silk Road’s server in Iceland in 2013 and arrested then 29-year-old Ulbricht in San Francisco, he was convicted on seven charges relating to the distribution of narcotics, money laundering, and computer hacking, as well as a “continuing criminal enterprise” statute—sometimes known as the “kingpin statute”—usually reserved for mob bosses and cartel leaders. In 2015, he was sentenced to life in prison, a punishment beyond even the 20-plus years that prosecutors in the case requested.

Since then, a Free Ross movement has steadily pressed for Ulbricht’s release, first in a failed appeal, then in petitions for clemency. Many of Ulbricht’s supporters have long argued that the Silk Road was a principled libertarian experiment in free trade, one in which Ulbricht allowed only “victimless crime”—despite prosecutors arguing during his trial that at least six people died of opioid overdoses from drugs linked to the Silk Road. They point out that Ulbricht never actually sold or possessed drugs himself, and rather ran a website that facilitated their sale. And they argue that by moving the sale of narcotics online, he reduced violence in the drug trade and committed no violence himself.

That argument has been complicated, however, by allegations that Ulbricht tried to have six people killed who presented a threat to him or the Silk Road. Ultimately all six alleged murders-for-hire were fake—one was staged by undercover DEA agents and five more were a scam. Ulbricht was charged with only one of those alleged paid killings in a separate prosecution in Maryland, which was then dropped after he received a life sentence in his New York trial. But evidence presented at Ulbricht’s trial showed him allegedly arranging those killings and even pinpointed transactions on Bitcoin’s blockchain that showed a payment for them from Ulbricht’s laptop to the would-be killer.

Those allegations of murders-for-hire, in fact, dissuaded the first Trump administration from granting clemency to Ulbricht. The White House in 2020 considered freeing Ulbricht but ultimately rejected the idea because of the alleged role of violence in the case, according to one former government official involved in the process who spoke to WIRED on condition of anonymity.

Since then, however, the Trump administration has shifted its stance on Ulbricht’s case—in part, perhaps, due to its embrace of the libertarian cryptocurrency community, for whom Ulbricht has become a martyr and cause célèbre. At the Libertarian National Convention in Washington, DC, last May, then presidential candidate Trump promised to commute Ulbricht’s sentence “on day one” if reelected. (Ultimately, day one passed with no clemency for Ulbricht, even as Trump pardoned more than a thousand participants in the January 6, 2021, insurrection at the US Capitol, though Trump ally Elon Musk promised in a post to X on Monday evening that “Ross will be freed too.”)

Just what role Ulbricht will play in the free world is far from clear. Even in his statement to the judge at his sentencing hearing in 2015, Ulbricht never fully acknowledged the harm inflicted by the Silk Road’s drug sales. And according to Jared Der-Yeghiayan, a former Homeland Security Investigations agent who infiltrated the Silk Road during the investigation, Ulbricht still shows little remorse for his actions in his public posts to X.

“The idea of him being released doesn’t bother me in the least,” says Der-Yeghiayan, who now works as the head of strategic intelligence at cryptocurrency tracing firm Chainalysis. “I do get bothered if there’s now a perception that he did nothing wrong; that doesn’t acknowledge the facts of the case.”

Among some advocates of criminal justice reform, however, Ulbricht has become an exemplar of oversentencing, particularly given that he was technically charged with nonviolent crimes. “Ross has served more than enough time. He has been a model prisoner. He’s a first-time, nonviolent offender. He poses zero safety risk to the community,” Alice Johnson, CEO of the justice reform foundation Taking Action for Good, told WIRED in November. Johnson spent two decades in prison herself for attempted possession with intent to distribute before Trump commuted her life sentence in 2018 and pardoned her in 2020. “I believe that Ross’ case is going to pave the way for many others who have been unjustly given these draconian sentences to come home.”

On Tuesday night, Ulbricht's supporters celebrated his freedom and voiced their gratitude to Trump for his clemency. “Words cannot express how grateful we are,” reads a tweet from @Free\_Ross, an X account devoted to the more than decade-long effort on Ulbricht's behalf. “President Trump is a man of his word and he just saved Ross's life. ROSS IS A FREE MAN!!!!!"

_Additional reporting by Joel Khalili_

Trump Frees Silk Road Creator Ross Ulbricht After 11 Years in Prison

The advanced persistent threat (APT) group is likely India-based and targeting individuals with connections to the country's intelligence community.

Source: SROOLOVE via Shutterstock

Advanced persistent threat group "DONOT Team" is leveraging two nearly identical Android applications to conduct intelligence-gathering operations targeting individuals and groups in India who appear to be of national security interest to the country.

The "Tanzeem" and "Tanzeem Update" apps purport to be chat apps but do not work as advertised. Instead, once installed on a system they prompt the user to turn on the device's accessibility feature and grant access to several easily misused permissions. The apps then shut down and proceed to stealthily harvest information from the compromised device, according to researchers at Cyfirma, who recently spotted the new DONOT campaign.

**Intelligence Gathering and Beyond**

"The ongoing efforts by the notorious DONOT APT extend beyond gathering intelligence on internal threats; they have also targeted various organizations in South Asia," Cyfirma noted in a blog post on Jan. 17. The goal appears to be to collect intelligence of strategic importance to India, the security vendor said.

Cyfirma's analysis of Tanzeem and Tanzeem Update showed the apps using OneSignal, a popular customer engagement platform, to send push notifications to users who install either app on their devices. OneSignal basically allows developers and businesses to send in-app messages, emails, and SMS messages to users across mobile devices, Web browsers, desktop apps, and other platforms.

When a user installs Tanzeem or Tanzeem Update on their device, they receive a push notification via OneSignal that prompts them to start a fake chat. Users tricked into clicking on the "Start Chat" prompt receive a subsequent prompt asking them to enable Android accessibility services to use the app. The victim is then directed to the accessibility settings page from which the app accesses several dangerous permissions. These include permissions that allow the two malicious Android apps to read and fetch call logs from the compromised device; to read and fetch contact information; and to search for and fetch data from the file manager.

Researchers at Cyfirma also found the apps to access several other permissions such as those that allow the threat actor to delete and read both incoming and outgoing text messages. They also can access the Android device's internal storage to extract its exact location and monitor its movement on a real-time basis.

Significantly, Cyfirma found the malicious apps using push notifications to try and get victims to install additional malicious payloads on compromised devices to ensure persistence. "This tactic enhances the malware's ability to remain active on the targeted device, indicating the threat group's evolving intentions to continue participating in intelligence gathering for national interests," Cyfirma noted.

**A Persistent South Asian Threat**

DONOT Team, which some vendors track as APT-C-35, SectorE02, and Viceroy Tiger, is a threat group with a likely nexus to India that has been operational since at least 2016. Several vendors have associated the group with attacks and data theft campaigns targeting entities in South Asia. In November 2024, Cyble linked DONOT Team to a campaign targeting manufacturing companies in Pakistan associated with the country's defense and maritime industries.

Others, such as ESET have reported on DONOT Team using sophisticated Windows and Android malware in espionage campaigns targeting organizations in Sri Lanka, Bangladesh, Pakistan, and Nepal. In 2023, Cyfirma reported finding three malicious Android apps on Google's Play store that the threat actor used against targeted individuals in Kashmir and Pakistan.

DONOT Team is one of several APT groups believed to be operating out of India that is engaged in a range of malicious activities, including online extortion scams, hacktivism, and increasingly, cyber espionage and surveillance. Security experts believe that at least some of the activity is tied to geopolitical tensions in the region and to a broader growth in all kinds of cybercrime in South Asia in recent years.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

DONOT Group Deploys Malicious Android Apps in India

The company reports that it is not experiencing any operational issues within its business, so far.

Source: JHVEPhoto via Alamy Stock Photo

NEWS BRIEF

Hewlett Packard Enterprise (HPE) is conducting an investigation after a threat actor said it had stolen data from the company's network.

IntelBroker, a cyberattack group that has been active since at least 2022, claimed responsibility for the breach on the BreachForums underground forum, alleging that it had access to the company's API, WePay, private and public GitHub repositories, Zerto and iLO source code, old user information, and more.

Previously, IntelBroker claimed to have breached organizations such as AMD, Europol, Cisco, Nokia, and others, and its members have served in leadership positions at BreachForums.

And this isn't the first time HPE has faced breaches at the hands of malicious actors. In 2018, APT10 hackers reportedly compromised some HPE systems, hacking into customer devices; and in 2021, its Aruba Central network monitoring platform was breached, allowing threat actors to access data regarding monitored devices.

As HPE investigates the most recent data breach claims, it remains unclear if there is any truth to them, and, if so, how the breach occurred.

"HPE became aware on Jan. 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE," an HPE spokesperson tells Dark Reading. "HPE immediately activated our cyber-response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims."

HPE also reported that there is no evidence that customer information was involved, and currently no operational impact to the business.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

HPE Investigates After Alleged Data Breach

Two separate campaigns are targeting flaws in various IoT devices globally, with the goal of compromising them and propagating malware worldwide.

Source: Aleksey Funtap via Alamy Stock Photo

Separate spinoffs of the infamous Mirai botnet are responsible for a fresh wave of distributed denial-of-service (DDoS) attacks globally. One is exploiting specific vulnerabilities in Internet of Things (IoT) devices to establish "expansive" botnet networks, while the other has been targeting organizations in North America, Europe, and Asia with DDoS attacks since the end of 2024, researchers have found.

An ongoing operation within Mirai dubbed "Murdoc\_Botnet" (which began in July and has more than 1,300 active IPs) is targeting Avtech cameras and Huawei HG532 routers, researchers from Qualys revealed in a report posted today.

The researchers uncovered more than 100 distinct sets of servers associated with the Murdoc botnet, "each tasked with deciphering its activities and establishing communication with one of the compromised IPs implicated in this ongoing campaign," Qualys lead security researcher Shilpesh Trivedi wrote in the post.

Meanwhile, a botnet that comprises malware variants derived from both Mirai and Bashlite is exploiting security flaws and weak credentials in IoT devices in DDoS attacks spanning the globe, according to separate research from Trend Micro. "The malware infiltrates the device by exploiting RCE vulnerabilities or weak passwords, then executes a download script on the infected host," the researchers said.

Related:Email Bombing, 'Vishing' Tactics Abound in Microsoft 365 Attacks

The two campaigns demonstrate the ongoing impact of Mirai, a botnet that has spawned myriad variants since its source code was leaked in 2016 and which remains a significant security threat 10+ years after first appearing on the cyberattack scene.

**Murdoc Botnet Exploits Specific Flaws**

The Murdoc botnet delivering Mirai malware uses existing exploits, including CVE-2024-7029 and CVE-2017-17215, to download next-stage payloads. The former is an Avtech camera flaw that allows for commands to be injected over the network and executed without authentication, while the latter is a remote code execution (RCE) flaw found in Huawei routers.

Most of the IP addresses associated with the Murdoc botnet campaign are found in Malaysia, followed by Thailand, Mexico, and Indonesia.

Qualys researchers discovered more than 500 samples containing ELF files and shell script files associated with the Murdoc botnet. Each shell script "is loaded onto devices such as IP cameras, Network devices, and IoT devices, and, in turn, the C2 server loads the new variant of Mirai botnet, i.e., Murdoc\_Botnet, into the devices," Trivedi wrote in the post.

**An Expansive DDoS Campaign Targets US**

Related:DONOT Group Deploys Malicious Android Apps in India

Meanwhile, researchers at Trend Micro initially detected "large-scale" DDoS botnet attacks against Japanese organizations, including major corporations and banks, starting at the end of 2024, but then tracked the activity to a larger global campaign. Organizations in the US were most affected by the attacks, followed by companies in Bahrain, Poland, and Spain, among various other countries.

The primary devices targeted in the attacks have been wireless routers and IP cameras from well-known brands, including TP-Link and Zyxel routers, and Hikvision IP cameras. As with the Murdoc botnet activity, cyberattackers here targeted flaws in the devices to compromise them, but they also used weak passwords to gain access.

In terms of attack vector, the researchers found two different types of DDoS attacks related to the activity, they said. One type overloads the network by sending a large number of packets, while the other exhausts server resources by establishing a large number of sessions.

"In addition, we observed two or more commands used in combination, making it possible that both network overload attacks and server resource exhaustion attacks occur simultaneously," according to the post.

**How to Defend Against DDoS Cyberattacks**

Related:Russian APT Phishes Kazakh Gov't for Strategic Intel

With Mirai variants continuing to spawn new botnets for mounting new and widespread DDoS attacks, it's important that organizations can identify and protect their networks from floods of unwanted traffic, the researchers said.

Qualys researchers recommended that organizations regularly monitor the suspicious processes, events, and network traffic spawned by the execution of any untrusted binary/scripts, as well as exercise caution in executing shell scripts from unknown and untrusted sources.

Meanwhile, Trend Micro analysts recommended different mitigation efforts for the two types of DDoS attacks that they observed. For attacks that flood the network with packets, the researchers recommended organizations use a firewall or router to block specific IP addresses or protocols and restrict traffic; collaborate with communication service providers to filter DDoS traffic at the backbone or edge of the network; and strengthen router hardware to increase the number of packets that can be processed.

For attacks that exhaust resources by establishing a large number of sessions, Trend Micro recommended that organizations limit the number of requests that can be sent by a specific IP address within a certain period of time; use third-party services to separate attack traffic and process clean traffic; and perform real-time monitoring and block IP addresses with a high number of connections, among other mitigations and preventions.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Mirai Botnet Spinoffs Unleash Global Wave of DDoS Attacks

This article explores the recent campaign of Murdoc_Botnet, a malware variant of Mirai targeting vulnerable AVTECH and Huawei…

This article explores the recent campaign of Murdoc\_Botnet, a malware variant of Mirai targeting vulnerable AVTECH and Huawei devices. The Qualys Threat Research team discovered this ongoing campaign in July 2024.

The Qualys Threat Research Unit has discovered a live campaign for the Mirai botnet, which began in July 2024 and deploys a new botnet called Murdoc\_Botnet. It is a large-scale operation within the Mirai campaign, exploiting vulnerabilities targeting AVTECH Cameras and Huawei HG532 routers. 

The attackers utilized ELF and shell script execution to deploy the Murdoc\_Botnet botnet sample. This technique leverages existing vulnerabilities (CVE-2024-7029, CVE-2017-17215) to download the next-stage payloads. The research began with the discovery and analysis of Murdoc\_Botnet binaries used for DDOS activities. Using Qualys EDR, threat intelligence data, and open-source intelligence (OSINT), the researchers were able to attribute Murdoc\_Botnet as a Mirai variant.

The researchers discovered around 1300+ active IPs and 100+ distinct servers, each tasked with deciphering its activities and establishing communication with compromised IPs/servers. These servers facilitated the distribution of Mirai malware. These servers played a role in distributing the Mirai malware.

Further analysis revealed the presence of over 100 command-and-control servers tasked with establishing communication with infected devices. These servers also facilitated the distribution of Mirai malware.

As per Qualys Threat Research’s technical blog post, shared exclusively with Hackread.com ahead of its publishing, Murdoc\_Botnet targets \*nix systems, particularly vulnerable AVTECH and Huawei devices. The malware primarily uses bash scripts that leverage GTFOBins to fetch payloads, grant them execution permission using chmod, and then execute and remove them.

Moreover, it fetches the next-stage payloads using existing exploits. The infection process involves exploiting vulnerabilities to download shell scripts. These scripts are then executed on the compromised devices, which in turn download the new variant of Mirai botnet (Murdoc\_Botnet).

Malaysia, Thailand, Mexico, and Indonesia have been identified as the most affected countries in this campaign. To protect against Murdoc\_Botnet attacks, organizations should monitor suspicious processes, avoid executing shell scripts from untrusted sources, and keep systems and firmware updated with the latest patches. These measures can significantly reduce the risk of infection from Murdoc\_Botnet and Mirai variants.

1.  **Mirai botnet exploiting Azure OMIGOD vulnerabilities**
2.  **Mirai-like Botnet Targets Zyxel NAS Devices in Europe**
3.  **Mirai-Inspired Gorilla Botnet Hits Devices in 100 Countries**
4.  **Androxgh0st Botnet Hits IoT Devices with 27 Vulnerabilities**
5.  **Tiny Mantis Launch More Powerful DDoS Attacks Than Mirai**

New Mirai Variant Murdoc_Botnet Launches DDoS Attacks via IoT Exploits

Set for release in March, Cisco AI Defense will provide algorithmic red teaming of large language models with technology that came over as part of the Robust Intelligence acquisition last year.

Source: Andriy Popov via Alamy Stock Photo

Cisco is expanding its cloud security platform with new technology that will let developers detect and mitigate vulnerabilities in artificial intelligence (AI) applications and their underlying models.

The new Cisco AI Defense offering, introduced Jan. 15, is also designed to prevent data leakage by employees who use services like ChatGPT, Anthropic, and Copilot. The networking giant already offers AI Defense to early-access customers and plans to release it for general availability in March.

AI Defense is integrated with Cisco Secure Access, the revamped secure service edge (SSE) cloud security portfolio that Cisco launched last year. The software-as-a-service offering includes zero-trust network access, VPN-as-a-service, a secure Web gateway, cloud access security broker, firewall-as-a-service, and digital experience monitoring.

Administrators can view the AI Defense dashboard in the Cisco Cloud Control interface, which hosts all of Cisco's cloud security offerings.

**Gaps in AI Capabilities**

AI Defense is intended to help organizations that are concerned about the security risks associated with AI but are under pressure to implement the technology into their business processes, said Jeetu Patel, Cisco's chief product officer and executive VP, at the launch event.

"You need to have the right level of speed and velocity to keep innovating in this world, but you also need to make sure that you have safety," Patel said. "These are not trade-offs that you want to have. You want to make sure that you have both."

According to Cisco's 2024 AI Readiness Survey, 71% of respondents don't believe they are fully equipped to prevent unauthorized tampering of AI within their organizations. Further, 67% said they have a limited understanding of the threats specific to machine learning. Patel said AI Defense addresses these issues.

"Cisco AI Defense is a product which is a common substrate of safety and security that can be applied across any model, that can be applied across any agent, any application, in any cloud," he said.

**Model Validation at Scale**

Cisco AI Defense is primarily targeted at enterprise AppSecOps organizations. It allows developers to validate AI models before applications and agents are deployed into production.

Patel noted that the challenge with AI models is that they are constantly changing with new data added to them, which changes the behavior of the applications and agents.

"If models are changing continuously, your validation process also has to be continuous," he said.

Seeking a way to offer the equivalent of red teaming, Cisco last year acquired Robust Intelligence, a startup founded in 2019 by Harvard researchers Yaron Singer and Kojin Oshiba, and the core component of AI Defense. The Robust Intelligence Platform uses algorithmic red teaming to scan for vulnerabilities, along with a mechanism Robust Intelligence created called Tree of Attacks with Pruning, an AI-based method of using automation to systematically jailbreak large language models (LLMs).

According to Patel, Cisco AI Defense uses detection models from generative AI (GenAI) platform provider Scale AI and threat intelligence telemetry from Cisco's Talos and its recently acquired Splunk to continuously validate the models and automatically recommend guardrails. Further, he noted that Cisco designed AI Defense to distribute those guardrails through the network fabric.

"This essentially allows us to deliver a purpose-built model and data for going out, allowing us to validate if a model is going to work as per expectations or if it's going to surprise us," said Patel, adding that it typically takes most organizations seven to 10 weeks to validate a model. "We can do it within 30 seconds because this is completely automated," he said.

**An Industry-First?**

Analysts believe Cisco is the first major player to launch technology that can address automated model verification at that scale.

"I don't know anyone else who's done anything close to this," says Frank Dickson, group VP for IDC's security and trust research practice. "I've heard people doing what we might call an LLM firewall, but it's not as intricate and complex as this. The ability to do this kind of automated pen testing in 30 seconds looks pretty slick."

Scott Crawford, research director for the 451 Research Information Security channel with S&P Global Market Intelligence, agrees, noting that a variety of large vendors are approaching security for GenAI in different ways.

"But in Cisco's case, it made the first acquisition of a startup with this focus with its pickup of Robust Intelligence, which is at the heart of this initiative," Crawford says. "There are a range of other startups in this space, any of which could be an acquisition target in this emerging field, but this was the first such acquisition by a major enterprise IT vendor."

Addressing AI security will be a major concern this year, given the rise in attacks against vulnerable models, Crawford says.

"We have already seen examples of LLM exploits, and experts have considered the ways in which it can be manipulated and attacked," he says.

Such incidents, often described as LLMjacking, are waged by exploiting vulnerabilities with prompt injections, supply chain attacks, and data and model poisoning. One notable LLMjacking attack was discovered last year by the Sysdig Threat Research Team, which observed stolen cloud credentials targeting 10 cloud-hosted LLMs. In that incident, the attackers accessed credentials from a system running a vulnerable version of Laravel (CVE-2021-3129).

**About the Author**

Contributing Writer

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Cisco Previews AI Defenses to Cloud Security Platform

Forget OSINT, AI-supported tool GeoSpy can determine a person's location based on their surroundings in a picture.

It’s just become even more important to be conscious about the pictures we post online.

GeoSpy is an Artificial Intelligence (AI) supported tool that can derive a person’s location by analyzing features in a photo like vegetation, buildings, and other landmarks. And it can do so in seconds based on one picture.

Graylark Technologies who makes GeoSpy says it’s been developed for government and law enforcement. But the investigative journalists from 404 Media report that the tool has also been used for months by members of the public, with many making videos marveling at the technology, and some asking for help with stalking specific women.

404 Media says the company trained GeoSpy on millions of images from around the world and can recognize distinct geographical markers such as architectural styles, soil characteristics, and their spatial relationships.

Using the tool to determine anyone’s location requires virtually no training, so anybody can do it. Normally, it would take open source intelligence (OSINT) professionals quite some time of training and experience to reach the level of speed and accuracy that GeoSpy delivers to an untrained individual.

This means that even the most non tech-savvy individual could find a person of interest based on pictures posted on social media, despite the fact that social media strips the metadata—which could include GPS coordinates or other useful information—from these pictures.

Based on its testing and conversations with users, 404 Media concluded:

> “GeoSpy could radically change what information can be learned from photos posted online, and by whom.”

Even if the tool is unable to narrow down the location to an exact street address or block, based on vegetation it can bring down the search area to a few square miles.

The company’s founder says he has pushed back against requests from people asking to track particular women. Now GeoSpy has closed off public access to the tool, after 404 Media asked him for a comment.

Aside from the contribution towards a surveillance society, the risks of such a tool are obvious. It poses several significant dangers, particularly concerning privacy, security, and potential abuse if a stalker can access it. Another worry concerns the security of the storage for the data that is used and found by this tool. When involved in a breach, a host of information could become available to cybercriminals.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

 AI tool GeoSpy analyzes images and identifies locations in seconds 

A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity.
Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to

Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties

The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks.
The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the

Tag

#intel