CISA Broke Into a US Federal Agency, No One Noticed For a Full 5 Months
After gaining access to the Solaris enclave, the red team discovered they couldn’t pivot into the Windows part of the network because missing credentials blocked their path, despite enjoying months of access to sensitive web apps and databases. Undeterred, CISA managed to make its way into the Windows network after carrying out phishing attacks on unidentified members of the target agency, one of which was successful. It said real adversaries may have instead used prolonged password-praying attacks rather than phishing at this stage, given that several service accounts were identified as having weak passwords. After gaining that access, the red team injected a persistent RAT and later discovered unsecured admin credentials, which essentially meant it was game over for the agency being assessed. “None of the accessed servers had any noticeable additional protections or network access restrictions despite their sensitivity and critical functions in the network,” CISA said.
CISA described this as a “full domain compromise” that gave the attackers access to tier zero assets — the most highly privileged systems. “The team found a password file left from a previous employee on an open, administrative IT share, which contained plaintext usernames and passwords for several privileged service accounts,” the report reads. “With the harvested Lightweight Directory Access Protocol (LDAP) information, the team identified one of the accounts had system center operations manager (SCOM) administrator privileges and domain administrator privileges for the parent domain. “They identified another account that also had administrative permissions for most servers in the domain. The passwords for both accounts had not been updated in over eight years and were not enrolled in the organization’s identity management (IDM).” From here, the red team realized the victim organization had trust relationships with multiple external FCEB organizations, which CISA’s team then pivoted into using the access they already had.
The team “kerberoasted” one partner organization. Kerberoasting is an attack on the Kerberos authentication protocol typically used in Windows networks to authenticate users and devices. However, it wasn’t able to move laterally with the account due to low privileges, so it instead used those credentials to exploit a second trusted partner organization. Kerberoasting yielded a more privileged account at the second external org, the password for which was crackable. CISA said that due to network ownership, legal agreements, and/or vendor opacity, these kinds of cross-organizational attacks are rarely tested during assessments. However, SILENTSHIELD assessments are able to be carried out following new-ish powers afforded to CISA by the FY21 National Defense Authorization Act (NDAA), the same powers that also allow CISA’s Federal Attack Surface Testing (FAST) pentesting program to operate. It’s crucial that these avenues are able to be explored in such exercises because they’re routes into systems adversaries will have no reservations about exploring in a real-world scenario. For the first five months of the assessment, the target FCEB agency failed to detect or remediate any of the SILENTSHIELD activity, raising concerns over its ability to spot genuine malicious activity. CISA said the findings demonstrated the need for agencies to apply defense-in-depth principles. The cybersecurity agency recommended network segmentation and a Secure-by-Design commitment.
Read more of this story at Slashdot.
OpenAI Working On New Reasoning Technology Under Code Name ‘Strawberry’
The document describes a project that uses Strawberry models with the aim of enabling the company’s AI to not just generate answers to queries but to plan ahead enough to navigate the internet autonomously and reliably to perform what OpenAI terms “deep research,” according to the source. This is something that has eluded AI models to date, according to interviews with more than a dozen AI researchers. Asked about Strawberry and the details reported in this story, an OpenAI company spokesperson said in a statement: “We want our AI models to see and understand the world more like we do. Continuous research into new AI capabilities is a common practice in the industry, with a shared belief that these systems will improve in reasoning over time.”
On Tuesday at an internal all-hands meeting, OpenAI showed a demo of a research project that it claimed had new human-like reasoning skills, according to Bloomberg, opens new tab. An OpenAI spokesperson confirmed the meeting but declined to give details of the contents. Reuters could not determine if the project demonstrated was Strawberry. OpenAI hopes the innovation will improve its AI models’ reasoning capabilities dramatically, the person familiar with it said, adding that Strawberry involves a specialized way of processing an AI model after it has been pre-trained on very large datasets. Researchers Reuters interviewed say that reasoning is key to AI achieving human or super-human-level intelligence.
Read more of this story at Slashdot.
German Navy To Replace Aging 8-Inch Floppy Drives With an Emulated Solution
The F123s are specialized in submarine hunting, and they are also being upgraded in terms of the weapon systems and weapon control systems. Swedish company Saab is the general contractor for the F123 modernizations. It won’t be trivial to replace three decades old computer hardware seamlessly, while retaining the full functionality of the existing floppies. However, we note that other companies have wrestled similar problems in recent years. Moreover, there are plenty of emulator enthusiasts using technologies for floppy emulation solutions like Gotek drives which can emulate a variety of floppy drive standards and formats. There are other workable solutions already out there, but it all depends on who the German Navy chooses to deliver the project.
Read more of this story at Slashdot.
Palestinians Say Microsoft Unfairly Closing Their Accounts
Some of the people the BBC spoke to said they suspected they were wrongly thought to have ties to Hamas, which Israel is fighting, and is designated a terrorist organization by many countries. Microsoft did not respond directly when asked if suspected ties to Hamas were the reason for the accounts being shut. But a spokesperson said it did not block calls or ban users based on calling region or destination. “Blocking in Skype can occur in response to suspected fraudulent activity,” they said, without elaborating.
Read more of this story at Slashdot.
Arm Announces an Open-Source Graphics Upscaler For Mobile Phones
You can see just how Arm ASR stacks up to AMD’s FSR 2 and Qualcomm’s GSR tech in [this chart] created by Arm. Arm claims ASR produced 53 percent higher frame rates than rendering at native resolution on a device with an Arm Immortalis-G720 GPU and 2800 x 1260 display, beating AMD FSR 2. It also tested ASR on a device using MediaTek’s Dimensity 9300 chip and found that rendering at 540p and upscaling with ASR used much less power than running a game at native 1080p resolution.
Read more of this story at Slashdot.
Amazon Says It Now Runs On 100% Clean Power. Employees Say It’s More Like 22%
As new data centers are built, they can mean that fossil-fuel-dependent grids end up building new fossil fuel power plants. “Dominion Energy, which is the utility in Virginia, is expanding because of demand, and Amazon is obviously one of their largest customers,” says Eliza Pan, a representative from Amazon Employees for Climate Justice and a former Amazon employee. “Dominion’s expansion is not renewable expansion. It’s more fossil fuels.” Amazon also doesn’t buy credits that are specifically tied to the grids powering their data centers. The company might purchase RECs from Canada or Arizona, for example, to offset electricity used in Virginia. The credits also aren’t tied to the time that the energy was used; data centers run all day and night, but most renewable energy is only available some of the time. The employee group argues that the company should follow the approach that Google takes. Google aims to use carbon-free energy, 24/7, on every grid where it operates.
Read more of this story at Slashdot.