AI Security AI安全 7d ago Updated 6d ago 更新于 6天前 42

In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting 其他新闻:加拿大黑客入狱,开源零日漏洞,两人因ATM jackpotting被判刑

LLM-driven fuzzing is proving effective for discovering zero-day vulnerabilities in major open-source projects like FFmpeg and VLC, marking a shift in automated security research. Generative AI is being increasingly integrated into state-sponsored influence operations, with pro-Russian actors leveraging these tools to expand their reach beyond Ukraine to global targets. Advanced persistent threats continue to evolve, evidenced by the use of poisoned tenant attacks against security firms and Rust 利用LLM模糊测试在FFmpeg、VLC等开源项目中挖掘出数十个零日漏洞,展示了AI在安全研究中的新应用范式。 亲俄影响力行动正从单一乌克兰战场转向全球范围,并日益依赖生成式AI进行隐蔽操纵。 针对macOS的PamStealer恶意软件利用AppleScript伪装,通过PAM模块验证凭证,体现了针对特定生态系统的精准攻击趋势。 数据泄露事件频发,包括KDDI影响1400万用户及OpenAI组织邀请功能被用于“中毒租户”攻击,凸显供应链与身份管理风险。 司法判决加速了对网络犯罪的打击,如Anonymous关联黑客因攻击德州共和党网站获刑,委内瑞拉黑客因ATM劫持被判重刑。

60
Hot 热度
65
Quality 质量
55
Impact 影响力

Analysis 深度分析

TL;DR

  • LLM-driven fuzzing is proving effective for discovering zero-day vulnerabilities in major open-source projects like FFmpeg and VLC, marking a shift in automated security research.
  • Generative AI is being increasingly integrated into state-sponsored influence operations, with pro-Russian actors leveraging these tools to expand their reach beyond Ukraine to global targets.
  • Advanced persistent threats continue to evolve, evidenced by the use of poisoned tenant attacks against security firms and Rust-based malware specifically designed to validate stolen credentials on macOS.

Why It Matters

This collection highlights the dual-use nature of emerging technologies, where AI accelerates both offensive capabilities (influence ops, fuzzing) and defensive needs (patching critical infrastructure). For AI practitioners, the mention of LLM fuzzing provides a concrete example of how generative models can be applied to software security, while the rise of AI in disinformation campaigns underscores the urgent need for robust detection mechanisms in content moderation and intelligence systems.

Technical Details

  • LLM Fuzzing: A researcher identified dozens of zero-days in projects such as FFmpeg, Gitea, and VLC by utilizing Large Language Models to generate proof-of-concept code, demonstrating a novel application of generative AI in vulnerability discovery.
  • Poisoned Tenant Attacks: Attackers exploited OpenAI’s organization invitation feature to infiltrate Push Security, allowing them to monitor employee activities and conduct social engineering within the victim's tenant environment.
  • macOS Credential Stealing: The PamStealer malware uses Rust to harvest credentials and validates them via Pluggable Authentication Modules (PAM), distributed through deceptive AppleScript files impersonating legitimate tools like Maccy.
  • ATM Malware Variant: The Ploutus malware variant was deployed to facilitate ATM jackpotting, highlighting the continued sophistication of financial cybercrime tools.

Industry Insight

  • Organizations must audit third-party integrations and invitation protocols, as supply chain vectors like poisoned tenants can bypass traditional perimeter defenses.
  • Security teams should consider integrating LLM-based fuzzing tools into their continuous integration pipelines to proactively identify vulnerabilities in open-source dependencies.
  • The shift of state-sponsored influence operations toward global targets using generative AI requires updated threat intelligence frameworks that account for AI-generated content at scale.

TL;DR

  • 利用LLM模糊测试在FFmpeg、VLC等开源项目中挖掘出数十个零日漏洞,展示了AI在安全研究中的新应用范式。
  • 亲俄影响力行动正从单一乌克兰战场转向全球范围,并日益依赖生成式AI进行隐蔽操纵。
  • 针对macOS的PamStealer恶意软件利用AppleScript伪装,通过PAM模块验证凭证,体现了针对特定生态系统的精准攻击趋势。
  • 数据泄露事件频发,包括KDDI影响1400万用户及OpenAI组织邀请功能被用于“中毒租户”攻击,凸显供应链与身份管理风险。
  • 司法判决加速了对网络犯罪的打击,如Anonymous关联黑客因攻击德州共和党网站获刑,委内瑞拉黑客因ATM劫持被判重刑。

为什么值得看

本文揭示了人工智能在网络安全领域的双重角色:既是攻击者利用生成式AI扩大影响力操作的武器,也是防御者和研究人员利用LLM自动化发现高危漏洞的工具。对于AI从业者和安全专家而言,理解这些新兴威胁向量和技术对抗手段至关重要。

技术解析

  • LLM驱动的漏洞挖掘:研究人员Bikini使用大语言模型(LLM)进行模糊测试,成功在FFmpeg、Gogs、Ghidra等多个知名开源项目中发现数十个零日漏洞,其中9个已分配CVE编号,证明了AI辅助代码审计的有效性。
  • macOS凭证窃取机制:PamStealer恶意软件以编译后的AppleScript形式分发,伪装成剪贴板管理器Maccy。其核心技术在于利用Pluggable Authentication Modules (PAM) 来验证窃取的凭据,确保证据有效性后再行使用,提高了攻击成功率。
  • 云协作平台滥用:攻击者利用OpenAI的组织邀请功能实施“中毒租户”攻击,诱骗目标员工加入受控组织,从而监控内部活动或发起进一步的社交工程攻击,暴露了SaaS平台权限管理的潜在缺陷。
  • ATM恶意软件变种:Ploutus恶意软件的变体被部署在美国各地的ATM机上,通过非法授权取款实施金融犯罪,显示了传统硬件基础设施面临的新型软件威胁。

行业启示

  • AI安全治理需双向并重:随着生成式AI被广泛用于网络攻击(如亲俄宣传),同时也被用于漏洞发现,企业必须建立针对AI生成内容的检测机制,并加强对内部AI工具使用的安全审计。
  • 开源供应链安全不容忽视:LLM发现大量开源项目漏洞表明,依赖第三方库的风险正在增加。开发者应引入自动化AI辅助的安全扫描流程,并密切关注核心开源组件的更新。
  • 身份与访问管理(IAM)面临新挑战:从“中毒租户”到ATM劫持,攻击者正不断寻找身份验证链条中的薄弱环节。企业需强化多因素认证(MFA)和异常行为检测,特别是在云协作平台和物联网设备接入方面。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Open Source 开源 Security 安全