Cyber Security News: Exchange Vulnerability, Data Breaches, and AI Risks

Exchange Server Hybrid Vulnerability

• Microsoft has issued a warning about a high-severity vulnerability in Exchange Server hybrid deployments.
• 🎯 Attackers with on-premises access can exploit a shared service principal to escalate privileges in Exchange Online undetected.
• ⚠️ This flaw allows bypassing cloud security logs by forging trusted tokens or API calls, affecting Exchange Server 2016, 2019, and the subscription edition.

Data Breaches and Cyber Attacks

• ✈️ Dutch airline KLM reported a data breach via a third-party platform, exposing customer names and loyalty program details, increasing phishing risks.
• 📱 Bouygues Telecom, France's third-largest mobile operator, disclosed a cyber attack affecting 6.4 million customer accounts, exposing personal data.
• 🌐 New HTTP request smuggling variants were revealed, impacting CDNs, major organizations, and millions of websites, with one variant (O.cl CL) affecting T-Mobile and GitLab.

Spyware and Ransomware Threats

• 🕵️ Researchers uncovered malware clusters tied to Israeli spyware maker Kandiru, suggesting rebranding to evade US sanctions, with its Devil's Tongue spyware capable of extensive data extraction.
• 💻 The Akira ransomware gang is using a legitimate Intel CPU tuning driver to disable Microsoft Defender, employing a bring-your-own-vulnerable-driver attack.

AI and Emerging Risks

• 🤖 A serious vulnerability in OpenAI's ChatGPT connectors allows indirect prompt injection, enabling attackers to extract API keys and sensitive data from linked services like Google Drive.
• 🧠 Researchers at Black Hat discussed how increasing reliance on LLMs may lead to human influence and conditioning by these AI models, presenting a significant risk.
• 💡 The potential for adversaries to engage in data poisoning and model poisoning for LLMs, combined with human susceptibility, poses a growing threat.

Conference Insights and Industry Trends

• 🎤 Ryan Whelan from Accenture highlighted the practitioner-focused energy at Black Hat, with discussions on new TTPs, AI, and agentic targeting.
• 🔌 IoT security, including the targeting of EV stations, and the human conditioning aspect of LLMs were noted as key areas of interest.
• 🤝 The importance of community and collaboration was emphasized as a critical takeaway from the conference, enabling the sharing of threat intelligence and analysis.
• 🤖 The Henna Hotel in Japan is utilizing robots as staff, offering cost-cutting and 24/7 availability, but managing guest expectations for their capabilities.