Todd Boudreau’s Post

This is likely to only get worse. U.S. and allies take down Russian ‘bot farm’ powered by AI By Joseph Menn; 9 July 2024 The United States and several allies said Tuesday that they had seized control of a sophisticated Russian propaganda mill that used artificial intelligence to drive nearly a thousand covert accounts on the social network X. Though governments have increasingly turned to artificial intelligence in the past year to spread messages more widely and credibly, the takedown is unusual because the Western intelligence agencies traced it to an officer of the Russian FSB intelligence force and to a former senior editor at state-controlled publication RT, formerly called Russia Today, as explained in court filings. In a strikingly detailed joint advisory, agencies in the United States, Netherlands and Canada identified various software programs used to manage the network, including one named Meliorator, which created fictitious users known as “souls” in various countries. The FBI won a court order allowing it to seize two web domains that the operation had used to register the email addresses behind the accounts. https://lnkd.in/dCZJxHvm

Moving forward quickly. Pentagon zero-trust office aims to start data tagging, labeling in ′24 By Molly Weisner; 8 July 2024 The Pentagon’s zero-trust office is on a mission to develop and test a plan for organizing its reams of data by the end of the year. At the TechNet Cyber conference presented by the Armed Forces Communications & Electronics Association International in Baltimore last month, Randy Resnick, director of the Zero Trust Portfolio Management Office, said tagging and labeling, the practice of assigning metadata and identifiers to pieces of data, has been a long-term challenge for the department. “They’ve been apparently working on this for 12 or more years —15 years — and I think it’s time enough to do something,” he said. https://lnkd.in/ehtJVUtG

Dial back for good, dial back for the moment, or increase reporting units? Critical infrastructure organizations want CISA to dial back cyber reporting By Christian Vasquez; 8 July 2024 Public comments for the latest iteration of the cyber incident reporting mandate for critical infrastructure reveal an industry that wants a scaled-back version of what is arguably the Biden administration’s most significant cyber regulation... The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) also may be one of the last landmark federal regulations for critical infrastructure following the Supreme Court’s Chevron decision. ... CIRCIA requires that select critical infrastructure owners and operators report substantial cyber incidents and ransomware payments to CISA within 24 hours. Initial reactions to the cyber reporting law and the subsequent rulemaking process include industry and members of Congress calling for dialed down expectations, clearer definitions, and a more limited scope. https://lnkd.in/eZHUFbPc

Disappointing. The president ordered a board to investigate a massive Russian cyberattack. It didn't. By Craig Silverman; 8 July 2024 After Russian intelligence launched one of the most devastating cyber espionage attacks in history against U.S. government agencies, the Biden administration set up a new board and tasked it to figure out what happened — and tell the public. State hackers had infiltrated SolarWinds, an American software company that serves the U.S. government and thousands of American companies. The intruders used malicious code and a flaw in a Microsoft product to steal intelligence from the National Nuclear Security Administration, National Institutes of Health and the Treasury Department in what Microsoft President Brad Smith called “the largest and most sophisticated attack the world has ever seen.” The president issued an executive order establishing the Cyber Safety Review Board in May 2021 and ordered it to start work by reviewing the SolarWinds attack. But for reasons that experts say remain unclear, that never happened. Nor did the board probe SolarWinds for its second report. https://lnkd.in/emHqm4qc

Ouch! Any guesses on how many of them are 123456, qwerty, or password123? Hacker Uploads 10 Billion Passwords To Crime Forum—Report By Davey Winder; 8 July 2024 The world’s largest collection of stolen passwords has been uploaded to an infamous crime marketplace where cybercriminals trade such credentials, according to security researchers. A hacker using the name ‘ObamaCare’ has posted a database allegedly containing almost 10 billion unique passwords thought to have been collected from numerous data breaches and hacks across many years. https://lnkd.in/emW7kMxx

Too audacious or spot on? DISA wants to automate 75% of cyber activities, but it’s nowhere near the goal By Anastasia Obis; 4 July 2024 The Defense Information Systems Agency estimates that about 75% of defensive cyber analysts’ daily activities can be automated, but the agency is “not close at all” to reaching that level of automation, Brian Hermann, DISA’s director of the cybersecurity and analytics directorate, told reporters last week. “I think that’s an aggressive goal for us. But it’s something that we’re working hard to get after,” Hermann said at the AFCEA TechNet Cyber conference in Baltimore. The agency has some automated tools that can perform automatic blocking, among other functions, specifically at the perimeter where the DoD’s terrain connects to the internet. But it’s “not where it needs to be,” said Hermann. https://lnkd.in/eH4krxHn

Outstanding! US soldiers will get electronic warfare backpacks later this year By Sam Skove; 2 July 2024 The Army will buy hundreds of portable electronic warfare attack and scanner systems, the service said Monday—a type of tool used frequently by both Ukraine and Russia. The service will spend nearly $100 million to equip, train, and field the system, dubbed the Terrestrial Layer System–Brigade Combat Team Manpack, according to an Army press statement released Monday. The Manpack is designed by Mastodon Design, a subsidiary of defense contractor CACI. The system is “on track to be the first dismounted electromagnetic attack/electromagnetic support program of record for the Army,” said a spokesperson for the Army’s program executive office for electronic warfare and cyber. https://lnkd.in/ek26_nMr

Ouch. Military investigators raid contractors near Army’s training HQ By Hope Hodge Seck; 2 July 2024 The criminal investigative arms of the Pentagon and the U.S. Army descended on Florida last week to execute search warrants, officials confirmed to Army Times. The raid took place June 25 and involved multiple facilities of the Orlando-based Cole Engineering Services, that company confirmed. Cole Engineering is located in the same office park housing the Army’s Program Executive Office for Simulation, Training and Instrumentation, or PEO STRI. Officials would not confirm whether the office was involved in the raid, or if other companies and entities were also a part of it. ... In 2021, Cole Engineering became the prime contractor for the Army’s new cyber training environment project, securing a contract worth as much as $957.7 million over eight years to complete the work. PEO STRI has already employed the system at events such as the Cyber Flag 2022 training exercise. https://lnkd.in/ez3wArAg

BOLO Patch Now: Cisco Zero-Day Under Fire From Chinese APT By Elizabeth Montalbano; 2 July 2024 Cisco has patched a command-line injection flaw in a network management platform used to manage switches in data centers, which, according to researchers from Sygnia, already has been exploited by the China-backed threat group known as Velvet Ant. The bug (CVE-2024-20399, CVSS 6.0) can allow authenticated attackers to execute arbitrary command as root on the underlying operating system of an affected device. It's found in the command line interface (CLI) of Cisco NX-OS Software, which allows data center operations managers to troubleshoot and perform maintenance operations on NX-OS-enabled devices, which use the Linux kernel at their core. "This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands," according to Cisco's advisory on the flaw. "An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command." https://lnkd.in/ewGUhVep