The tangle of user-built tools is formidable to manage, but it can lead to a greater understanding of real-world business needs.

Source: Martin Harvey via Alamy Stock Photo

COMMENTARY

Shadow IT is what your business runs on while waiting for IT to provide an enterprise solution. It's your sales team buying licenses to an obscure software-as-a-service (SaaS) because it helps them get the job done. Or it's your finance team using an unapproved tool because the approved one is too clunky. Sometimes shadow IT exists specifically to bypass an overly annoying security mechanism — figuring out a way to forward business emails to your personal Gmail account because it's easier to view on mobile, for example.

You might hope shadow IT is a problem only for large enterprises, too big to centrally manage. My experience running a small startup suggests otherwise. We agonized over our choice of a productivity tools suite — considering pros and cons and balancing user experience with governability. And people are happy to use our tool of choice; they just also use other tools in parallel. We run on Google Workspace, but many of our employees use Office because they're used to it. We use Google Drive for file sharing, but we quickly learned some people prefer iCloud.

People's personal preferences play a significant role here. They want to get their jobs done, not worry about learning a new tool. Platforms make this tendency even worse. Many try to get you to use and rely on them for a long time before asking for added licensing. Consider local file saves on Windows or Mac. By default, every local file save actually gets saved in a directory backed up into Microsoft's or Apple's cloud.

A large enterprise might have more mature security controls to prevent use of unauthorized software, but it also has much more variety in the software people would like to use. The sheer size of an enterprise and the independence of different business units exacerbate the software spread even further. The standard industry security practice for controlling software usage combines bringing in security on every license purchase and restricting software and SaaS usage on the endpoint. While those tactics are useful, they are limited in scope. Paying out of pocket, which some users will do to get the software they want, bypasses enterprise procurement.

**Approved Apps Lead to Building Unapproved Apps**

Expanding the use of existing platforms into new and unapproved feature sets is even more pervasive. Did you purchase Office 365 for productivity or Salesforce for your sales reps? Congrats. You've now empowered your business users to build their own apps with the no-code/low-code platform bundled in. Unapproved uses of enterprise platforms also bypass SaaS usage controls. Enterprises can't block access to Microsoft or Salesforce, but through them users can send corporate data to unapproved systems.

With each new discovery of an unapproved system, the security team can either try to block it or bring it under their umbrella. Either way, it's an endless game of whack-a-mole. Some tools can help with this discovery, but they often lack context about how these systems are used and which are actually important to business functions.

What if we could ask every business user what systems they use in their day-to-day, regardless of corporate policies? And ask which of those are truly vital for the business? That could give us the ultimate list: a full mapping of shadow IT, coupled with its business importance. Unfortunately, that doesn't work — simply asking people likely won't result in a full list, and what end users find vital may be different from what management does.

**User-Built Tools Expose Shadow IT Network**

Enter citizen development, in which business users leverage low-code/no-code tools to streamline their processes, analyze their data, and build custom business applications for their use cases. To be relevant, these apps must connect to the data and processes that the business uses in practice. A citizen developer is not going to call IT to integrate their app with the approved corporate service; instead, they'll connect directly to what we call shadow IT.

Here's an example. Consider a sales team using an unapproved tool for lead tracking. To sync it with the approved CRM, they use no-code automation. By finding automations that connect to the CRM and following the data flow, we can easily find the unapproved tool and what type of data it holds.

Embracing citizen development can leave security teams at a much better spot — having visibility into what software the business actually runs on — if used right.

That "if" is very important. Citizen development introduces its fair share of security risks, which must be mitigated to avoid adverse effects. But by embracing citizen development, we're letting business users codify what used to be a copy-paste data integration. Following these processes will lead us directly to the most important elements of shadow IT.

**About the Author**

CTO & Co-Founder, Zenity

Michael Bargury is an industry expert in cybersecurity focused on cloud security, SaaS security, and AppSec. Michael is the CTO and co-founder of Zenity.io, a startup that enables security governance for low-code/no-code enterprise applications without disrupting business. Prior to Zenity, Michael was a senior architect at Microsoft Cloud Security CTO Office, where he founded and headed security product efforts for IoT, APIs, IaC, Dynamics, and confidential computing. Michael holds 15 patents in the field of cybersecurity and a BSc in Mathematics and Computer Science from Tel Aviv University. Michael is leading the OWASP community effort on low-code/no-code security.

To Map Shadow IT, Follow Citizen Developers

DocuSign phishing scams surged by 98%, with hundreds of daily attacks impersonating US government agencies like HHS and…

DocuSign phishing scams surged by 98%, with hundreds of daily attacks impersonating US government agencies like HHS and MDOT, exploiting trust for data theft.

Cybersecurity researchers at SlashNext’s threat research team have reported a 98% increase in DocuSign phishing URLs from November 8 to November 14, compared to the combined totals of September and October 2024.

In the past week alone, SlashNext’s threat analysts have detected hundreds of these phishing attempts daily, with many impersonating government entities.

****Modus Operandi****

The attacks begin when a business receives what appears to be a legitimate DocuSign request from a government agency. These phishing URLs are crafted to mimic official communications, using genuine DocuSign accounts and APIs to appear authentic.

For instance, a contractor might receive a DocuSign notification that looks like it’s from the Department of Health and Human Services or the Maryland Department of Transportation. Once a targeted individual opens the malicious document, they are asked to provide sensitive information or authorize fraudulent transactions.

Because the requests appear official, recipients are more likely to comply without thorough verification, compromising their company’s security. Earlier this month, SlashNext also **issued a warning** about a similar phishing attack exploiting the legitimate DocuSign API to bypass spam filters and target users with fake invoices.

According to SlashNext’s **report**, shared with Hackread.com ahead of its publication on Monday, U.S. citizens, government institutions, and municipal offices are the primary targets of these attacks. The full list of institutions impersonated so far includes the following:

*   The North Carolina Electronic Vendor Portal (eVP) 
*   The Maryland Department of Transportation (MDOT)
*   City authorities from Milwaukee, Charlotte, and Houston
*   United States Department of Health and Human Services (HHS)

The screenshot shared by SlashNext shows phishing emails targeting users

By mimicking official government communications, cybercriminals can trick even well-informed organizations into taking harmful actions. Experts recommend that businesses implement multi-layered security strategies. **Jason Soroko**, Senior Fellow at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM) stated,

_“_This is an example of where we cannot blame the victim for being susceptible to social engineering. The victim is following the process they have been trained and expected to follow._“_ _“_The flaw is that the victim has been given no way to verify the source of the request. It’s essentially a break in trust. This flaw will require a rethink on how to provide signature requests and it will likely mean some kind of strong authentication method,_“_ he warned.

1.  **Microsoft Warns of Tax Returns Phishing Scams**
2.  **Blank Images Used to Evade Anti-Malware Checks**
3.  **Scammers using Google Docs exploit in phishing links**
4.  **Microsoft Office Most Exploited Software in Malware Attacks**
5.  **LinkedIn Phishing Scam Steals Gmail Credentials Via Google Docs**

US Government Agencies Impersonated in Aggressive DocuSign Phishing Scams

When trying to download QuickBooks via a Google search, users may visit the wrong site and get an installer containing malware.

Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams.

We’ve seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number. In both instances, that number is fraudulent.

The fake QuickBooks popup was previously described in detail by eSentire and reveals how scammers are able to hijack the software functionality by generating bogus alert messages.

We ran into an active malvertising campaign recently, indicating that this scheme is still very much alive and well. In this blog post, we review how QuickBooks users that downloaded the program from a malicious ad will be plagued with a popup generated at certain intervals, instilling fear that their data may be corrupt so that they call for assistance.

**Fake QuickBooks download**

When searching for ‘_quickbooks download_‘ on Google, we see a sponsored result appear at the top. This ad promotes a website where users can supposedly download the latest version of QuickBooks.

Here is the website, showing the official logo and even a “Solution Provider” seal of approval:

One thing that may alert users is that the download is hosted on Dropbox:

https://www.dropbox.com/scl/fi/ybket868cp7nx5dhj11cu/**QuickBooks\_Installer.msi**?rlkey=gp1t0siqr2j089vhgysn4nm33&st=4ajnlxze&dl=1

**The form (zeform)**

This installer serves two purposes: one is to download the real QuickBooks program from Intuit’s website, and the other is to surreptitiously install a sort of backdoor “_zeform.exe_“. This simple binary was designed to integrate with QuickBooks in such a way that it can generate a fake error message, as seen below:

This type of error may be alarming to people who have spent hours loading data into QuickBooks and aren’t aware that this popup, although appearing to come from QuickBooks itself, is in fact totally made up.

The application that creates it is a program written in Microsoft .NET, which contains two important methods that control when and how the popup appears:

*   _MonitorAndShowForm(),_ which calls _CalculateNextDisplayDate_ and is incremented on week days
*   _CheckTimeWindow()_ to make sure it is a weekday and within a certain time window

The text content (fake instructions) can also be seen here, encoded in Base64 presumably to avoid detection from antivirus software:

**Conclusion**

This clever scheme has been going for some time now and every now and again we see some people reporting it online, seemingly always via Google ads.

Scammers will usually ask their victims to download a program to remotely access their computer so that they can take a look at the issue and fix it. This is always dangerous and you should be extremely cautious if you’ve already let someone access your computer.

In addition to demanding to be paid to fix inexistent problems, scammers may also put malware that will give them continued access or even the ability to steal users’ passwords.

**Acknowledgments**

_We would like to thank Joe Desimone from Elastic Security for taking a look at the malicious executable and Squiblydoo for checking on the Microsoft certificate used to sign the fraudulent popup executable._

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

**Indicators of Compromise**

bizzgrowthinc\[.\]com

QuickBooks\_Installer.msi  
9e0b46194dc1c034422700b02c6aca01290d144735e48c4a83eea34773be5f52

zeform.exe  
0c3f5f7bed8efbb6b1de3e804d22397a8bdf442b83962444970855fc9606c9f5

 QuickBooks popup scam still being delivered via Google ads 

Companies that recognize current market opportunities — from the need to safely implement revolutionary technology like AI to the vast proliferation of cyber threats — have remarkable growth prospects.

Source" Brian Jackson via Alamy Stock Photo

Companies have never faced a wider and more dynamic array of cyber threats than they do right now. From rapidly rising costs associated with data breaches and other cyberattacks to the exploitation of artificial intelligence (AI) to make attacks more effective than ever, the cyber-threat landscape is constantly evolving. This has led to a drastic increase in cybersecurity spending, as well as a wave of innovation in the sector.

As cyberattacks become more targeted and sophisticated, there is a vast and growing market for solutions that help companies address their most vulnerable attack vectors. For example, cybercriminals often steal account names, passwords, and other credentials to launch attacks, which is why identity and access management have become key priorities for companies across many industries. Cybercriminals are also using AI resources such as LLMs to target employees with advanced social engineering attacks that allow them to infiltrate secure networks and steal information.

Cybercriminals and other bad actors such as hostile foreign governments are more motivated than ever to develop powerful cyber capabilities that enable them to hijack data, disrupt operations, and bypass existing cybersecurity protocols. This trend will only gain momentum, and revolutionary technology like AI will function as a force multiplier that makes cyberattacks more destructive and difficult to detect. This is why the cybersecurity industry will continue to see unprecedented demand and investment in the coming years.

**A New Era of Cyberattacks**

Companies are investing heavily in cybersecurity — according to a PwC survey, 77% of companies plan to increase their cyber budgets, while Gartner has projected that information security spending will spike by 15% in 2025. However, these investments haven't yet turned the tide against the onslaught of cyberattacks that are inflicting increasingly severe financial, reputational, and operational costs on companies. A 2024 IBM report found that the average cost of a data breach hit $4.88 million globally this year, a record high and a 10% increase from 2023.

The 2024 Allianz Risk Barometer found that cyber incidents are the top global business risk for the "first time and by a clear margin" — a finding that applies to companies of all sizes. AI is a key driver of this trend, as it has lowered the barriers to entry for cybercriminals around the world. For example, large language models (LLMs) allow cybercriminals to launch advanced phishing attacks regardless of their language skills or technical ability. Hostile foreign governments are using AI to launch cyberattacks as well — Microsoft reported that Russia, North Korea, and China are all using AI for surveillance, scripting, and social engineering.

As cyber threats become more dangerous and dynamic, the market for robust solutions will continue to expand. Companies in the sector will have to leverage emerging technology like AI and develop cybersecurity solutions that address specific vulnerabilities more effectively than their competitors.

**Opportunities in the Cybersecurity Market**

The cybersecurity industry has seen significant fragmentation in recent years as the demand for specialized solutions increases. Particular categories of cyberattacks, such as phishing, call for targeted solutions capable of countering the latest cybercriminal tactics. IBM reported that phishing is one of the most common and financially destructive initial attack vectors, which means cybercriminals are using it to gain access and launch broader cyberattacks. A major goal of phishing attacks is credential theft, which is why stolen or compromised credentials are involved in initial attacks more often than any other individual factor.

Companies like Strata help customers resist phishing attacks and other forms of credential theft with holistic identity and access management solutions. The reliance on legacy systems is one of the most urgent cybersecurity challenges many companies face — a challenge that has become all the more daunting due to the growing risk posed by third-party vendors and other partners. Supply chain cyberattacks are becoming increasingly common — Verizon found that there was a 68% increase in "supply chain interconnection" involved in breaches between 2023 and 2024.

Integrated cybersecurity solutions are critical, as cybercriminals and other bad actors need only  a single access point to infiltrate an organization. Solutions that help customers modernize their cybersecurity infrastructure for the evolving cyber-threat landscape are becoming more vital. Chief information security officers (CISOs) and other cybersecurity leaders need access to simplified solutions that break down silos between IT and security teams, meet increasingly stringent compliance demands, and help them evaluate and address vulnerabilities.

**Maximizing the Impact of Emerging Technology**

While AI is propelling a new wave of cyberattacks, it can also be harnessed to keep companies safer. Companies can use AI to simulate cyberattacks, detect malicious activity, prioritize cyber threats and potential vulnerabilities, and protect data across many different environments. However, AI still faces significant trust issues, due to problems like hallucinations (when LLMs present false information as accurate) and the existence of "black box" machine learning algorithms that don't provide any transparency into their decision-making processes.

According to a recent survey of 6,000 knowledge workers, 54% of AI users don't trust the data used to train AI systems — and more than two-thirds of these workers say they're hesitant to adopt AI. Meanwhile, laws and regulations around AI are becoming stricter all the time. For example, the EU AI Act requires companies to mitigate systemic risks, report cyber incidents, and focus on cybersecurity in their AI implementations.

While the AI trust gap is hindering adoption of the technology and regulations are becoming tougher, this opens a market for companies that provide end-to-end AI governance. At a time when AI adoption is skyrocketing, companies need the infrastructure necessary to ensure compliance and monitor AI systems for potential cyber threats. IBM found that 82% of executives believe "secure and trustworthy AI is essential to the success of their business," but less than a quarter of generative AI projects are being secured.

From the need to safely implement technology like AI to the vast proliferation of cyber threats (many of which are being powered by that very same technology), the cybersecurity industry has reached an inflection point. The companies that recognize these market opportunities have remarkable growth prospects in the coming years.

**About the Author**

General Partner, Titanium Ventures

Marcus Bartram is General Partner at Titanium Ventures (former Telstra Ventures), a San Francisco-based VC firm that differentiates by generating revenue for its portfolio with strategic channel partners and customer relationships as well as by using data science to drive its investment process. Marcus is on the founding team and has led investments in cybersecurity companies like CrowdStrike, Auth0, Anomali, Cequence, CloudKnox, Cofense, CyberGRX, Elastica, vArmour, and Zimperium.

Why the Demand for Cybersecurity Innovation Is Surging

Plus: An “AI granny” is wasting scammers’ time, a lawsuit goes after spyware-maker NSO Group’s executives, and North Korea–linked hackers take a crack at macOS malware.

In perhaps the most adorable hacker story of the year, a trio of technologists in India found an innovative way to circumvent Apple’s location restrictions on AirPod Pro 2s so they could enable the earbuds’ hearing aid feature for their grandmas. The hack involved a homemade Faraday cage, a microwave, and a lot of trial and error.

On the other end of the tech-advancements spectrum, the US military is currently testing an AI-enabled machine gun that is capable of auto-targeting swarms of drones. The Bullfrog, built by Allen Control Systems, is one of several advanced weapons technologies in the works to combat the growing threat of cheap, small drones on the battlefield.

The US Department of Justice announced this week that an 18-year-old from California has admitted to making or orchestrating more than 375 swatting attacks across the United States.

Then, of course, there’s the Donald Trump of it all. This week, we published a practical guide to protecting yourself from government surveillance. WIRED has covered the dangers of government surveillance for decades, of course. But when the president-elect is explicitly threatening to jail his political enemies—whoever that may be—now’s probably a good time to brush up on your digital best practices.

In addition to potential dragnet surveillance of US citizens, US Immigration and Customs Enforcement started ramping up its surveillance arsenal the day after Trump won reelection. Meanwhile, experts are expecting the incoming administration to roll back cybersecurity rules instituted under president Joe Biden while taking a harder line against adversarial state-sponsored hackers. And if all this political upheaval has you in the mood to protest, beware: An investigation copublished by WIRED and The Marshall Project found that mask bans instituted in several states add a complicated new layer to exercising freedom of speech.

And that’s not all. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

In August 2016, approximately 120,000 bitcoin—at the time worth around $71 million—were stolen in a hack on the Bitfinex cryptocurrency exchange. Then in 2022, as the value of cryptocurrency had rocketed skywards, law enforcement officials in New York arrested husband and wife Ilya Lichtenstein and Heather Morgan in relation to the hack and laundering the much-inflated $4.5 billion of stolen cryptocurrency. (At the time, $3.6 billion of the funds were recouped by law enforcement investigators.)

This week, after pleading guilty in 2023, Lichtenstein was sentenced to five years of jail time for conducting the hack and laundering the profits. With subsequent cryptocurrency spikes and additional seizures related to the hack, the US government has now been able to recover more than $10 billion in assets. A series of operational security failures by Lichtenstein made much of the illicit cryptocurrency easy for officials to seize, but investigators also applied sophisticated crypto-tracing methods to unpick how the funds had been stolen and subsequently moved around.

Aside from the brazen scale of the heist, Lichtenstein and Morgan gained online prominence and ridicule after their arrests due to a series of Forbes articles written by Morgan and rap videos posted to YouTube under the name of “Razzlekhan.” Morgan, who also pleaded guilty, is due to be sentenced on November 18.

**An ‘AI Granny’ Is Wasting Phone Scammers’ Time**

Scammers are increasingly adopting AI as part of their criminal toolkits—using the technology to create deepfakes, translate scripts, and make their operations more efficient. But artificial intelligence is also being turned against the scammers. British telecoms firm Virgin Media and its mobile operator O2 have created a new “AI granny” that can answer phone calls from scammers and keep them talking. The system uses different AI models, according to The Register, that listen to what a scammer says and respond immediately. In one case, the company says it kept a scammer on the line for 40 minutes and has fed others fake personal information. Unfortunately, the system (at least at the moment) can’t directly answer calls made to your phone; instead, O2 created a specific phone number for the system, which the company says it has managed to get placed in lists of numbers that scammers call.

**Alleged NSO Group Spyware Victim Adds NSO Founders and Executive to Lawsuit**

In a new legal strategy for those attempting to hold commercial spyware vendors responsible, lawyer Andreu Van den Eynde, who was allegedly hacked with NSO Group spyware, is directly accusing two of the company’s founders, Omri Lavie and Shalev Hulio, and one of its executives, Yuval Somekh, of hacking crimes in a lawsuit. The Barcelona-based human rights nonprofit Iridia announced this week that it filed the complaint in a Catalan court. Van den Eynde was reportedly a victim of a hacking campaign that used NSO’s notorious Pegasus spyware against at least 65 Catalans. Van den Eynde and Iridia originally sued NSO Group in a Barcelona court in 2022 along with affiliates Osy Technologies and Q Cyber Technologies. “The people responsible for NSO Group have to explain their concrete activities,” a legal representative for Iridia and Van den Eynde wrote in the complaint, which was written in Catalan and translated by TechCrunch.

**North Korea-Backed Hackers Are Exploring New macOS Malware**

Research published this week by the mobile device management firm Jamf found that hackers who have been linked to North Korea have been working to implant malware inside macOS applications built with a particular open-source software development kit. The campaigns focused on cryptocurrency-related targets and involved infrastructure similar to systems that have been used by North Korea’s notorious Lazarus Group. It’s unclear if the activity resulted in actual victim compromise or if it was still in a testing phase.

Financially motivated and state-backed hackers have less occasion to use malware targeting Apple’s Mac computers than hacking tools that infect Microsoft Windows or Linux desktops and servers. So when Mac malware crops up, it’s typically a niche point, but it can also be a revealing indicator of trends and priorities among hackers.

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist

Email at many organizations has stopped working; the tech giant has advised users who are facing the issue to uninstall the updates so that it can address flaw.

Source: Eric D ricochet69 via Alamy Stock Photo

Microsoft pulled its November 2024 Exchange security updates that it released earlier this month for Patch Tuesday due to them breaking email delivery.

This decision came after there were reports from admins saying that email had stopped flowing altogether.

The issue affects Microsoft Exchange customers who use transport rules, or mail flow rules, as well as data loss protection rules. The mail flow rules filter and redirect emails in transit, while the data loss protection rules ensure that sensitive information isn't being shared via email to an outside organization.

According to Microsoft, some customers found that the mail flow rules stopped periodically after they installed the update. It is now advising admins who are noticing this issue to uninstall the November security updates entirely until they're re-released.

"We are continuing the investigation and are working on a permanent fix to address this issue," Microsoft stated in an update regarding the issue. "We will release it when ready. We have also paused the rollout of November 2024 SU to Windows / Microsoft Update. Customers who might not use Transport or DLP rules and did not run into the issue with rules, can continue using the November SU update."

**About the Author**

Microsoft Pulls Exchange Patches Amid Mail Flow Issues

According to Mozilla, users have a lot more power to manipulate ChatGPT than they might realize. OpenAI hopes those manipulations remain within a clearly delineated sandbox.

Source: mundissima via Alamy Stock Photo

ChatGPT exposes significant data pertaining to its instructions, history, and the files it runs on, placing public GPTs at risk of sensitive data exposure, and raising questions about OpenAI's security on the whole.

The world's leading AI chatbot is more malleable and multifunctional than most people realize. With some specific prompt engineering, users can execute commands almost like one would in a shell, upload and manage files as they would in an operating system, and access the inner workings of the large language model (LLM) it runs on: the data, instructions, and configurations that influence its outputs.

OpenAI argues that this is all by design, but Marco Figueroa, a generative AI (GenAI) bug-bounty programs manager at Mozilla who has uncovered prompt-injection concerns before in ChatGPT, disagrees.

"They're not documented features," he says. "I think this is a pure design flaw. It's a matter of time until something happens, and some zero-day is found," by virtue of the data leakage.

**Prompt Injection: What ChatGPT Will Tell You**

Figueroa didn't set out to expose the guts of ChatGPT. "I wanted to refactor some Python code, and I stumbled upon this," he recalls. When he asked the model to refactor his code, it returned an unexpected response: directory not found. "That's odd, right? It's like a \[glitch in\] the Matrix."

Related:Microsoft Pulls Exchange Patches Amid Mail Flow Issues

Was ChatGPT processing his request using more than just its general understanding of programming? Was there some kind of file system hidden underneath it? After some brainstorming, he thought of a follow-up prompt that might help elucidate the matter: "list files /", an English translation of the Linux command "ls /".

In response, ChatGPT provided a list of its files and directories: common Linux ones like "bin", "dev", "tmp", "sys", etc. Evidently, Figueroa says, ChatGPT runs on the Linux distribution "Debian Bookworm," within a containerized environment.

By probing the bot's internal file system — and in particular, the directory "/home/sandbox/.openai\_internal/" — he discovered that besides just observing, he could also upload files, verify their location, move them around, and execute them.

**OpenAI Access: Feature or Flaw?**

In a certain light, all of this added visibility and functionality is a positive — offering even more ways for users to customize and level up how they use ChatGPT, and enhancing OpenAI's reputation for transparency and trustworthiness.

Indeed, the risk that a user could really do anything malicious here — say, upload and execute a malicious Python script — is softened by the fact that ChatGPT runs in a sandboxed environment. Anything a user can do will, in theory, be limited only to their specific environment, strictly cordoned off from any of OpenAI's broader infrastructure and most sensitive data.

Related:Trump 2.0 May Mean Fewer Cybersecurity Regs, Shift in Threats

Figueroa warns, though, that the extent of information ChatGPT leaks via prompt injection might one day help hackers find zero-day vulnerabilities, and break out of their sandboxes. "The reason why I stumbled onto everything I did was because of an error. This is what hackers do \[to find bugs\]," he says. And if trial and error doesn't work for them, he adds, "the LLM could assist you in figuring out how to get through it."

In an email to Dark Reading, a representative of OpenAI reaffirmed that it does not consider any of this a vulnerability, or otherwise unexpected behavior, and claimed that there were "technical inaccuracies" in Figueroa's research. Dark Reading has followed up for more specific information.

**The More Immediate Risk: Reverse-Engineering**

There is one risk here, however, that isn't so abstract.

Besides standard Linux files, ChatGPT also allows its users to access and extract much more actionable information. With the right prompts, they can unearth its internal instructions — the rules and guidelines that shape the model's behavior. And even deeper down, they can access its knowledge data: the foundational structure and guidelines that define how the model "thinks," and interacts with users.

Related:Cloud Ransomware Flexes Fresh Scripts Against Web Apps

On one hand, users might be grateful to have such a clear view into how ChatGPT operates, including how it handles safety and ethical concerns. On the other hand, this insight could potentially help bad actors reverse engineer those guardrails, and better engineer malicious prompts.

Worse still is what this means for the millions of custom GPTs available in the ChatGPT store today. Users have designed custom ChatGPT models with focuses in programming, security, research, and more, and the instructions and data that gives them their particular flavor is accessible to anyone who feeds them the right prompts.

"People have put secure data and information from their organizations into these GPTs, thinking it's not available to everyone. I think that is an issue, because it's not explicitly clear that your data potentially could be accessed," Figueroa says.

In an email to Dark Reading, an OpenAI representative pointed to GPT Builder documentation, which warns developers about the risk: "Don't include information you do not want the user to know" it reads, and flags its user interface, which warns, "if you upload files under Knowledge, conversations with your GPT may include file contents. Files can be downloaded when Code Interpreter is enabled."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

ChatGPT Exposes Its Instructions, Knowledge &amp; OS Files

SaaS Security firm AppOmni has identified misconfigurations in Microsoft Power Pages that can lead to severe data breaches.…

SaaS Security firm AppOmni has identified misconfigurations in Microsoft Power Pages that can lead to severe data breaches. Learn about the common issues that expose sensitive information and how to protect your data in SaaS applications.

A recent discovery by AppOmni, a SaaS security company, revealed a security vulnerability in Microsoft Power Pages, a low-code platform over 250 million people use monthly. This issue has led to the exposure of millions of sensitive data records across various organizations in public and private sectors, “spanning financial services, healthcare, automotive and more,” explained AppOmni’s chief of SaaS security research, Aaron Costello in a report shared with Hackread.com.

This, according to researchers, includes the UK’s National Health Service (NHS), which leaked information for over 1.1 million NHS employees, including email addresses, phone numbers, and home addresses.

The root cause of these data leaks lies in misconfigured access controls within Power Pages for developing Dataverse-integrated applications like web portals. However, its customizable nature can expose sensitive data to the public. 

****How Does It Happen?****

Power Pages, a powerful tool for building custom websites, relies on a layered approach to access control. This includes site-level, table-level, and column-level permissions. However, when organizations misconfigure these settings, they unintentionally expose sensitive data to the public internet. 

Organizations can increase the potential attack surface by exposing more columns than necessary to the Web API. It can happen by setting the Webapi/<object>/fields value to \* allows access to all columns within a table, making sensitive information vulnerable, AppOmni explained in the blog post.

Screenshot: AppOmni

Enabling open registration and external authentication can grant unauthorized users access to sensitive data. That’s because, upon deployment, a site automatically allows self-registration and login by default, although these pages may not be visible on the platform. Users can register and authenticate through APIs, with ‘Authenticated Users’ having more permissions than ‘Anonymous Users’.

Another common mistake is granting global access to anonymous users, allowing anyone to view and potentially exploit sensitive information. Failing to implement column security, even if table-level permissions are correctly configured, can leave sensitive columns vulnerable to exposure. Lastly, not using data masking techniques can expose sensitive information like PII in plain text.

Screenshot: AppOmni

“These exposures are significant – Microsoft Power Pages is used by over 250 million users every month, as well as industry-leading organizations and government entities, spanning financial services, healthcare, automotive and more,” said Aaron.

“It’s clear that organizations need to prioritize security when managing external-facing websites, and balance ease of use with security in SaaS platforms – these are the applications holding the bulk of confidential corporate data today, and attackers are targeting them as a way into enterprise networks.”

The consequences of these misconfigurations can be severe, as shown by the NHS data leak. By exposing sensitive information, organizations risk compromising their reputation, facing legal repercussions, and potentially exposing their systems to further attacks. 

This vulnerability also shows the risks associated with mismanaging access controls in SaaS applications, especially when dealing with sensitive data. Organizations should place proper security measures to manage security in SaaS platforms, which nowadays hold the bulk of confidential corporate data. 

Additionally, regularly auditing access controls, limiting access to sensitive data, implementing strong authentication and authorization mechanisms, and staying updated on emerging security threats and vulnerabilities can significantly reduce the risk of data breaches and protect sensitive information.

1.  Nespresso Domain Hijacked to steal Microsoft Logins
2.  250 million Microsoft user support records leaked in plain text
3.  Microsoft Bookings Flaw Enables Account Hijack, Impersonate
4.  Microsoft Bing server leaked user search queries, location data
5.  Hackers Could Exploit Microsoft Teams on macOS to Steal Data

Microsoft Power Pages Misconfigurations Expose Millions of Records Globally

In the future, the cybersecurity landscape likely will depend not only on the ability of federal workforces to protect their agencies but also on their capacity to continuously develop and sharpen those skills.

Tony Holmes, Practice Lead, Practice Lead for Solutions Architects in the Public Sector, Pluralsight

November 15, 2024

4 Min Read

Source: Stuart Miles via Alamy Stock Photo

COMMENTARY

The public sector is facing a security crisis. The acceleration of deepfake videos, AI-generated threats, and nation-state cyberattacks has put the federal government under increasing pressure to protect its employees, agencies, and the general public. Last year, the FBI, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) released details on the "growing challenge" that deepfake threats present to a range of federal agencies. 

According to the three groups, "threats from synthetic media such as deepfakes have exponentially increased — presenting a growing challenge for users of modern technology and communications." In addition to national critical infrastructure owners and operators, these users include the National Security Systems, the Department of Defense, and the Defense Industrial Base.  

What's more, in 2023, the NSA reported that deepfake threats pose "a new set of challenges to national security." According to the NSA, "organizations and their employees need to learn to recognize deepfake tradecraft and techniques and have a plan in place to respond and minimize impact if they come under attack." 

Effectively managing the combination of cyber threats, misinformation, and disinformation requires coordination across federal agencies. The workforce within these agencies must possess the most up-to-date cybersecurity skills possible. Agencies can position themselves to future-proof cybersecurity strategies and maintain an advantage against threats by training teams on how to outmaneuver malicious actors. Regularly practicing simulated cyberattacks and leveraging predetermined incident response plans to mitigate breaches is crucial.  

**The Public Sector's Cyber-AI Skills Gap **

Against the backdrop of this intricate threat landscape, federal agencies need tech-proficient employees with a unique set of skills to ensure protection. As 90% of surveyed IT leaders said they don't completely understand their teams' AI skills and proficiency, there is a clear need for agencies to take action. By promoting training to improve team members' confidence and enhance their skills, leaders can engage themselves in the process and better understand the workforce's strengths and weaknesses. 

As the country transitions into the post-election period, deepfake threats remain a pressing concern, capable of shaping public perceptions through deceptive content. Federal employees and the agencies they serve must continue to bolster defenses against this and other cyber threats by prioritizing strategic skills development and training. 

These programs should consider existing proficiencies their teams possess and also foresee what skills are necessary to mitigate threats that may be detrimental to their agencies and the voting public. Agencies can arm their technologists with the tools they need to stay one step ahead of threats by prioritizing skills and implementing active, enterprisewide cybersecurity measures.  

Efforts to combat cyberattacks at the federal level coincide with the federal government's campaign to promote high-tech career paths across all of its agencies to address tech talent shortages. Last year, the Biden administration launched its National AI Talent Surge to fill open agency positions by recruiting technology professionals who can "bring their experience, expertise, and vision into government." This program brings the deficit of skilled technologists in the public sector into sharp focus.  

**Agency Workforces Need the Skills to Be Vigilant Against Attacks**

As cyber threats against government organizations continue, it's critical that agency workforces have the skills they need to recognize threats, and have the know-how to respond when an attack occurs. Earlier this year, Ashley Manning, the US assistant secretary of defense for cyber policy, told a congressional subcommittee about measures the Department of Defense is taking to counter cyber threats.  

According to Manning, the US faces cyber challenges, including China's targeting of US networks in prolonged espionage campaigns, Russia's use of cyberspace to target critical infrastructure networks, and for-profit cybercriminals who target an array of vulnerable sectors with ransomware attacks that impact American citizens.  

To guard against cyberattacks, federal agencies must take a holistic approach to ensuring that their teams have the skills to keep their networks and data secure. This includes addressing skills gaps in the workforce, leveraging best practices in cybersecurity, and creating a culture of continuous learning and upskilling. By arming their teams with the best possible defense against threats, agency leaders can empower employees to counteract cyberattacks effectively.  

**Create an Enterprisewide Knowledge Base to Ensure Cybersecurity**

It's critical for agencies to better understand their teams' current cybersecurity knowledge by benchmarking the skill sets of their workforce. Training resources that align with their skills gaps and technologists' needs include providing content created by industry experts, tracking skill acquisition, creating forums or community support, and providing hands-on labs. By implementing individualized learning programs that ensure every employee receives the necessary training, agencies can build a workforce equipped with the skills needed to keep their networks and data as secure as possible. 

**About the Author**

Practice Lead, Practice Lead for Solutions Architects in the Public Sector, Pluralsight

Pathological problem solver, and serial question asker, a lifelong student of mental models, experienced in creating innovative solutions where analogical ideas meet rigorous socratic method. For more than two decades Tony Holmes has been solving complex problems for some of the largest, and most forward-thinking technology organizations in the world, including British Broadcasting Corporation, Digital Equipment Corporation, Microsoft Research, Opsware, Hewlett Packard, Oracle, and, currently, Pluralsight, the Technology Skills platform for the Government.

Combating the Rise of Federally Aimed Malicious Intent

Ubuntu Security Notice 7089-6 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7089-6November 15, 2024linux-gke vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-gke: Linux kernel for Google Container Engine (GKE) systemsDetails:Chenyuan Yang discovered that the USB Gadget subsystem in the Linuxkernel did not properly check for the device to be enabled beforewriting. A local attacker could possibly use this to cause a denial ofservice. (CVE-2024-25741)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM32 architecture;  - MIPS architecture;  - PA-RISC architecture;  - PowerPC architecture;  - RISC-V architecture;  - S390 architecture;  - x86 architecture;  - Cryptographic API;  - Serial ATA and Parallel ATA drivers;  - Null block device driver;  - Bluetooth drivers;  - Cdrom driver;  - Clock framework and drivers;  - Hardware crypto device drivers;  - CXL (Compute Express Link) drivers;  - Cirrus firmware drivers;  - GPIO subsystem;  - GPU drivers;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - Fastrpc Driver;  - Network drivers;  - Microsoft Azure Network Adapter (MANA) driver;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - NVMEM (Non Volatile Memory) drivers;  - PCI subsystem;  - Pin controllers subsystem;  - x86 platform drivers;  - S/390 drivers;  - SCSI drivers;  - Thermal drivers;  - TTY drivers;  - UFS subsystem;  - USB DSL drivers;  - USB core drivers;  - DesignWare USB3 driver;  - USB Gadget drivers;  - USB Serial drivers;  - VFIO drivers;  - VHOST drivers;  - File systems infrastructure;  - BTRFS file system;  - GFS2 file system;  - JFFS2 file system;  - JFS file system;  - Network file systems library;  - Network file system client;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - Memory management;  - Netfilter;  - Tracing infrastructure;  - io_uring subsystem;  - BPF subsystem;  - Core kernel;  - Bluetooth subsystem;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Network traffic control;  - Sun RPC protocol;  - Wireless networking;  - AMD SoC Alsa drivers;  - SoC Audio for Freescale CPUs drivers;  - MediaTek ASoC drivers;  - SoC audio core drivers;  - SOF drivers;  - Sound sequencer drivers;(CVE-2024-41062, CVE-2024-41029, CVE-2024-42142, CVE-2024-41070,CVE-2024-41066, CVE-2024-42150, CVE-2024-42120, CVE-2023-52888,CVE-2024-42141, CVE-2024-41032, CVE-2024-42245, CVE-2024-41053,CVE-2024-42247, CVE-2024-42161, CVE-2024-42094, CVE-2024-41072,CVE-2024-42076, CVE-2024-42091, CVE-2024-42103, CVE-2024-41007,CVE-2024-42064, CVE-2024-41075, CVE-2024-42157, CVE-2024-42069,CVE-2024-41045, CVE-2024-42068, CVE-2024-42090, CVE-2024-41071,CVE-2024-42082, CVE-2024-42146, CVE-2024-41018, CVE-2024-42238,CVE-2024-41079, CVE-2024-42241, CVE-2024-42067, CVE-2024-42132,CVE-2024-42121, CVE-2024-41025, CVE-2024-42231, CVE-2024-42225,CVE-2024-41080, CVE-2024-41086, CVE-2024-41012, CVE-2024-42234,CVE-2024-41088, CVE-2024-42129, CVE-2024-42158, CVE-2024-41078,CVE-2024-41038, CVE-2024-41055, CVE-2024-42106, CVE-2024-42227,CVE-2024-42102, CVE-2024-41082, CVE-2024-42108, CVE-2024-41085,CVE-2024-41020, CVE-2024-41054, CVE-2024-42085, CVE-2024-42140,CVE-2024-42089, CVE-2024-41047, CVE-2024-42092, CVE-2024-41044,CVE-2024-42246, CVE-2024-41035, CVE-2024-42250, CVE-2024-42070,CVE-2024-41039, CVE-2024-41061, CVE-2024-42147, CVE-2024-42104,CVE-2024-41090, CVE-2024-41096, CVE-2024-41063, CVE-2024-41084,CVE-2024-41059, CVE-2024-41097, CVE-2024-41089, CVE-2024-42093,CVE-2024-42126, CVE-2024-42135, CVE-2024-42128, CVE-2024-42098,CVE-2024-42105, CVE-2024-42124, CVE-2024-42101, CVE-2024-41091,CVE-2024-42127, CVE-2024-41077, CVE-2024-42111, CVE-2024-41037,CVE-2024-42136, CVE-2024-41083, CVE-2024-42243, CVE-2024-41033,CVE-2024-41046, CVE-2024-42230, CVE-2024-42080, CVE-2024-42096,CVE-2024-42100, CVE-2024-42236, CVE-2024-41022, CVE-2024-42086,CVE-2024-42251, CVE-2024-41015, CVE-2024-41027, CVE-2024-42155,CVE-2024-42117, CVE-2024-41036, CVE-2024-42133, CVE-2024-41010,CVE-2024-42151, CVE-2024-42118, CVE-2024-39486, CVE-2024-42066,CVE-2024-42131, CVE-2024-42223, CVE-2024-41081, CVE-2024-42244,CVE-2024-41073, CVE-2024-42114, CVE-2024-42252, CVE-2024-42248,CVE-2024-42110, CVE-2024-41051, CVE-2023-52887, CVE-2024-42156,CVE-2024-41074, CVE-2024-41017, CVE-2024-42079, CVE-2024-41034,CVE-2024-41028, CVE-2024-42109, CVE-2024-42235, CVE-2024-41058,CVE-2024-42232, CVE-2024-42084, CVE-2024-41076, CVE-2024-41030,CVE-2024-41023, CVE-2024-42271, CVE-2024-41050, CVE-2024-41042,CVE-2024-41031, CVE-2024-42112, CVE-2024-41092, CVE-2024-42253,CVE-2024-42152, CVE-2024-41049, CVE-2024-42237, CVE-2024-41095,CVE-2024-42280, CVE-2024-42153, CVE-2024-42115, CVE-2024-42130,CVE-2024-41064, CVE-2024-42077, CVE-2024-41067, CVE-2024-42137,CVE-2024-41019, CVE-2024-42240, CVE-2024-41093, CVE-2024-41048,CVE-2024-42063, CVE-2024-42113, CVE-2024-42145, CVE-2024-42073,CVE-2024-43858, CVE-2024-42088, CVE-2024-41069, CVE-2024-41068,CVE-2024-42138, CVE-2024-41065, CVE-2024-42087, CVE-2024-42239,CVE-2024-42149, CVE-2024-41021, CVE-2024-42065, CVE-2024-39487,CVE-2024-41052, CVE-2024-42095, CVE-2024-42074, CVE-2024-42097,CVE-2024-41098, CVE-2024-41057, CVE-2024-41060, CVE-2024-42119,CVE-2024-42229, CVE-2024-43855, CVE-2024-41056, CVE-2024-41041,CVE-2024-42144, CVE-2024-41087, CVE-2024-41094)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1013-gke      6.8.0-1013.17  linux-image-gke                 6.8.0-1013.17After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7089-6  https://ubuntu.com/security/notices/USN-7089-5  https://ubuntu.com/security/notices/USN-7089-4  https://ubuntu.com/security/notices/USN-7089-3  https://ubuntu.com/security/notices/USN-7089-2  https://ubuntu.com/security/notices/USN-7089-1  CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39486,  CVE-2024-39487, CVE-2024-41007, CVE-2024-41010, CVE-2024-41012,  CVE-2024-41015, CVE-2024-41017, CVE-2024-41018, CVE-2024-41019,  CVE-2024-41020, CVE-2024-41021, CVE-2024-41022, CVE-2024-41023,  CVE-2024-41025, CVE-2024-41027, CVE-2024-41028, CVE-2024-41029,  CVE-2024-41030, CVE-2024-41031, CVE-2024-41032, CVE-2024-41033,  CVE-2024-41034, CVE-2024-41035, CVE-2024-41036, CVE-2024-41037,  CVE-2024-41038, CVE-2024-41039, CVE-2024-41041, CVE-2024-41042,  CVE-2024-41044, CVE-2024-41045, CVE-2024-41046, CVE-2024-41047,  CVE-2024-41048, CVE-2024-41049, CVE-2024-41050, CVE-2024-41051,  CVE-2024-41052, CVE-2024-41053, CVE-2024-41054, CVE-2024-41055,  CVE-2024-41056, CVE-2024-41057, CVE-2024-41058, CVE-2024-41059,  CVE-2024-41060, CVE-2024-41061, CVE-2024-41062, CVE-2024-41063,  CVE-2024-41064, CVE-2024-41065, CVE-2024-41066, CVE-2024-41067,  CVE-2024-41068, CVE-2024-41069, CVE-2024-41070, CVE-2024-41071,  CVE-2024-41072, CVE-2024-41073, CVE-2024-41074, CVE-2024-41075,  CVE-2024-41076, CVE-2024-41077, CVE-2024-41078, CVE-2024-41079,  CVE-2024-41080, CVE-2024-41081, CVE-2024-41082, CVE-2024-41083,  CVE-2024-41084, CVE-2024-41085, CVE-2024-41086, CVE-2024-41087,  CVE-2024-41088, CVE-2024-41089, CVE-2024-41090, CVE-2024-41091,  CVE-2024-41092, CVE-2024-41093, CVE-2024-41094, CVE-2024-41095,  CVE-2024-41096, CVE-2024-41097, CVE-2024-41098, CVE-2024-42063,  CVE-2024-42064, CVE-2024-42065, CVE-2024-42066, CVE-2024-42067,  CVE-2024-42068, CVE-2024-42069, CVE-2024-42070, CVE-2024-42073,  CVE-2024-42074, CVE-2024-42076, CVE-2024-42077, CVE-2024-42079,  CVE-2024-42080, CVE-2024-42082, CVE-2024-42084, CVE-2024-42085,  CVE-2024-42086, CVE-2024-42087, CVE-2024-42088, CVE-2024-42089,  CVE-2024-42090, CVE-2024-42091, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42095, CVE-2024-42096, CVE-2024-42097,  CVE-2024-42098, CVE-2024-42100, CVE-2024-42101, CVE-2024-42102,  CVE-2024-42103, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42108, CVE-2024-42109, CVE-2024-42110, CVE-2024-42111,  CVE-2024-42112, CVE-2024-42113, CVE-2024-42114, CVE-2024-42115,  CVE-2024-42117, CVE-2024-42118, CVE-2024-42119, CVE-2024-42120,  CVE-2024-42121, CVE-2024-42124, CVE-2024-42126, CVE-2024-42127,  CVE-2024-42128, CVE-2024-42129, CVE-2024-42130, CVE-2024-42131,  CVE-2024-42132, CVE-2024-42133, CVE-2024-42135, CVE-2024-42136,  CVE-2024-42137, CVE-2024-42138, CVE-2024-42140, CVE-2024-42141,  CVE-2024-42142, CVE-2024-42144, CVE-2024-42145, CVE-2024-42146,  CVE-2024-42147, CVE-2024-42149, CVE-2024-42150, CVE-2024-42151,  CVE-2024-42152, CVE-2024-42153, CVE-2024-42155, CVE-2024-42156,  CVE-2024-42157, CVE-2024-42158, CVE-2024-42161, CVE-2024-42223,  CVE-2024-42225, CVE-2024-42227, CVE-2024-42229, CVE-2024-42230,  CVE-2024-42231, CVE-2024-42232, CVE-2024-42234, CVE-2024-42235,  CVE-2024-42236, CVE-2024-42237, CVE-2024-42238, CVE-2024-42239,  CVE-2024-42240, CVE-2024-42241, CVE-2024-42243, CVE-2024-42244,  CVE-2024-42245, CVE-2024-42246, CVE-2024-42247, CVE-2024-42248,  CVE-2024-42250, CVE-2024-42251, CVE-2024-42252, CVE-2024-42253,  CVE-2024-42271, CVE-2024-42280, CVE-2024-43855, CVE-2024-43858Package Information:  https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1013.17

Tag

#microsoft