1 00:00:00,529 --> 00:00:01,909 Cybersecurity today. 2 00:00:01,909 --> 00:00:05,899 Would like to thank Meter for their support in bringing you This podcast 3 00:00:06,229 --> 00:00:10,819 Meter delivers a complete networking stack wired, wireless and cellular 4 00:00:11,059 --> 00:00:15,469 in one integrated solution that's built for performance and scale. 5 00:00:15,739 --> 00:00:20,329 You can find them at meter.com/cst. 6 00:00:21,739 --> 00:00:25,219 Killin ransomware exploits, Ms. Paint and Notepad. 7 00:00:25,319 --> 00:00:28,769 And three new open source offerings are trying to improve security. 8 00:00:28,949 --> 00:00:35,219 Heisenberg software, bill of materials, open AI's Aardvark agent, and open PCC, 9 00:00:35,219 --> 00:00:38,219 which encrypts enterprise AI data flows. 10 00:00:39,209 --> 00:00:40,949 This is cybersecurity today. 11 00:00:41,159 --> 00:00:42,629 I'm your host, Jim Love. 12 00:00:43,977 --> 00:00:48,571 A major ransomware player has pulled off a sneaky trick using everyday 13 00:00:48,736 --> 00:00:54,660 windows tools to help locate high value files before deploying encryption. 14 00:00:55,050 --> 00:00:58,140 The group behind the attack is called Killen, also known 15 00:00:58,140 --> 00:01:01,980 as Agenda or Gold Feather, and they've been quietly innovating. 16 00:01:02,715 --> 00:01:07,785 In recent investigations, researchers at Cisco's Tali found that kill and operators 17 00:01:07,785 --> 00:01:11,085 used standard windows utilities like Ms. 18 00:01:11,085 --> 00:01:16,425 Paint and Notepad to open and examine files during reconnaissance. 19 00:01:16,725 --> 00:01:21,915 They then exfiltrated selected data using Cyber Duck before launching encrypt. 20 00:01:23,040 --> 00:01:24,180 Why this matters? 21 00:01:24,270 --> 00:01:29,700 Well, these are legitimate tools most security teams allow without question that 22 00:01:29,700 --> 00:01:32,460 makes detection that much more difficult. 23 00:01:33,110 --> 00:01:37,140 Qlin's campaigns have hit dozens of targets across Canada, the us, the 24 00:01:37,140 --> 00:01:43,140 uk, and Europe, and for companies from SMBs to enterprise IT teams. 25 00:01:47,805 --> 00:01:52,695 and for companies, from SMBs to Enterprise IT teams, the takeaway is simple. 26 00:01:53,115 --> 00:01:56,025 You can't just watch for exotic malware. 27 00:01:56,265 --> 00:01:58,545 Watch for legitimate tools behaving. 28 00:01:58,575 --> 00:02:03,735 Oddly, If Ms. Paint starts opening confidential files, that's a red flag. 29 00:02:05,304 --> 00:02:11,004 A new open source tool called Heisenberg is helping developers and security teams 30 00:02:11,184 --> 00:02:17,184 turn static software bills of materials into active supply chain defenses. 31 00:02:17,514 --> 00:02:21,274 And frankly, given some of the supply chain attacks we've seen, 32 00:02:21,544 --> 00:02:22,954 the need was never greater. 33 00:02:23,059 --> 00:02:28,429 Built by app, Omni Heisenberg analyzes open source dependencies using data 34 00:02:28,429 --> 00:02:35,119 from depths.dev, SBOs, and external advisories to measure package health, 35 00:02:35,389 --> 00:02:40,879 detect suspicious changes and flag risks before code reaches production. 36 00:02:41,209 --> 00:02:42,889 It works in two modes. 37 00:02:43,004 --> 00:02:48,644 Check mode for single packages like NPM or pi, PI and bulk 38 00:02:48,644 --> 00:02:51,644 mode to scan entire portfolios. 39 00:02:51,854 --> 00:02:56,144 It can even alert developers directly inside pull requests. 40 00:02:56,564 --> 00:03:01,784 As app Omni's, head of security, max Feldman says we wanted a practical 41 00:03:01,784 --> 00:03:06,824 way to catch and block risky changes before they reached the main branch. 42 00:03:07,524 --> 00:03:11,364 Instead of waiting for a CVE or a breach, Heisenberg highlights 43 00:03:11,364 --> 00:03:14,484 dependencies with poor health scores. 44 00:03:14,814 --> 00:03:22,224 Packages that are new unmaintained or just plain suspicious if your DevOps pipeline 45 00:03:22,224 --> 00:03:27,174 relies on open source components and who doesn't, you might consider adding 46 00:03:27,174 --> 00:03:29,124 a dependency health check like this. 47 00:03:30,309 --> 00:03:33,684 Don't treat your software bill of materials as paperwork. 48 00:03:34,014 --> 00:03:36,084 Make it part of your real time defense. 49 00:03:38,454 --> 00:03:43,104 Open AI has unveiled a new AI agent designed to find and fix 50 00:03:43,194 --> 00:03:47,424 software vulnerabilities before attackers can exploit them. 51 00:03:47,904 --> 00:03:51,234 The system is called Aardvark, and it's described as an 52 00:03:51,234 --> 00:03:53,364 autonomous security researcher. 53 00:03:53,619 --> 00:03:58,989 Powered by open AI's GPT five model, it integrates directly into the 54 00:03:58,989 --> 00:04:03,399 development pipelines, scanning repositories, monitoring commits, 55 00:04:03,549 --> 00:04:10,539 identifying vulnerabilities, and proposing fixes automatically in testing Aard 56 00:04:10,539 --> 00:04:16,499 correctly identified more than 90% of known and synthetic vulnerabilities. 57 00:04:17,184 --> 00:04:21,924 It maps a project, validates exploitability in a sandbox and uses 58 00:04:21,924 --> 00:04:27,864 the Codex engine to suggest patches, all with minimal human intervention. 59 00:04:28,554 --> 00:04:34,374 Open AI says aardvark has already uncovered 10 confirmed CVE registered 60 00:04:34,374 --> 00:04:38,674 vulnerabilities in open source projects, while it's in open beta. 61 00:04:39,624 --> 00:04:43,404 For DevSecOps teams, this is a major advance. 62 00:04:43,674 --> 00:04:44,154 Yes. 63 00:04:44,194 --> 00:04:47,674 questions will remain about trusting automated patching, but this 64 00:04:47,674 --> 00:04:52,264 seems to be progress in the right direction, automating tedious tasks 65 00:04:52,474 --> 00:04:54,844 so humans can focus on strategy. 66 00:04:56,289 --> 00:05:00,549 And finally, a new open source initiative is aiming to secure 67 00:05:00,549 --> 00:05:03,339 the data that fuels enterprise ai. 68 00:05:03,699 --> 00:05:10,149 It's called Open PCC, open Privacy and Confidentiality Channel. 69 00:05:10,629 --> 00:05:16,239 Open PCC is designed to integrate directly into existing enterprise systems, 70 00:05:16,359 --> 00:05:23,289 and it wraps every AI prompt, output, and login in end to end encryption. 71 00:05:24,234 --> 00:05:29,274 It's built on the widely used model context protocol, embedding encryption 72 00:05:29,274 --> 00:05:34,254 into data streams so companies can add privacy protection without 73 00:05:34,254 --> 00:05:35,484 redesigning their architecture. 74 00:05:36,909 --> 00:05:41,619 It is apparently a drop in upgrade with open source SDKs under the 75 00:05:41,619 --> 00:05:47,289 Apache 2.0 license, and libraries for secure GPU Attestation. 76 00:05:47,499 --> 00:05:52,359 Encrypted client to AI streaming and modern protocols like 77 00:05:52,359 --> 00:05:55,814 binary, HTTP and oblivious HTT. 78 00:05:57,354 --> 00:06:02,514 Crucially open PCC enforces stateless processing. 79 00:06:02,844 --> 00:06:07,734 There's no data stored beyond the immediate request, and because it's 80 00:06:07,734 --> 00:06:13,134 open source, enterprises can audit it to meet their own compliance standards. 81 00:06:13,949 --> 00:06:18,449 the newly released technical white paper on GitHub details how open PCC uses 82 00:06:18,449 --> 00:06:25,324 ephemeral encryption keys and aligns with NIST 800 dash 2 0 7 and GDPR Article 25. 83 00:06:26,414 --> 00:06:31,384 Now if it performs as promised, open PCC could let enterprises protect 84 00:06:31,384 --> 00:06:36,574 sensitive data end to end without slowing down their AI innovation. 85 00:06:38,074 --> 00:06:42,304 I've been extremely critical on the show about what's been happening or rather what 86 00:06:42,304 --> 00:06:46,714 hasn't been happening in security, and that's why I dug up these three stories. 87 00:06:47,014 --> 00:06:49,804 I'm not endorsing any of them, but I do believe you might 88 00:06:49,804 --> 00:06:50,854 wanna take a look at them. 89 00:06:51,124 --> 00:06:55,474 Check the show notes@technewsday.ca or.com on the weekend. 90 00:06:55,594 --> 00:06:59,194 You'll be able to find links to these white papers and the stories that 91 00:06:59,194 --> 00:07:02,038 back them up, and that's our show. 92 00:07:02,878 --> 00:07:07,648 Once again, we'd like to thank Meter for their support in bringing you this podcast 93 00:07:07,828 --> 00:07:12,418 Meter delivers full stack networking infrastructure, wired, wireless, 94 00:07:12,418 --> 00:07:14,938 and cellular to leading enterprises 95 00:07:15,298 --> 00:07:19,498 Working with their partners, Meter designs, deploys and manages everything 96 00:07:19,498 --> 00:07:24,748 required to get performant, reliable and secure connectivity in a space. 97 00:07:25,108 --> 00:07:28,948 They design hardware, firmware build to software, managed 98 00:07:28,948 --> 00:07:30,868 deployments, and run support. 99 00:07:31,498 --> 00:07:36,418 It's a single integrated solution that scales from branch offices, warehouses, 100 00:07:36,628 --> 00:07:38,578 and large campuses to data centers. 101 00:07:39,683 --> 00:07:44,093 Book a demo at meter.com/cst. 102 00:07:44,423 --> 00:07:49,703 That's METE r.com/cst. 103 00:07:51,143 --> 00:07:54,503 We've got a great show for you this weekend, an interview with a former Black 104 00:07:54,503 --> 00:07:58,613 Hat Hacker, and we have a great chat about security as seen from the other side. 105 00:07:59,843 --> 00:08:02,813 I hope you can join us, but if not, we'll be back on Monday 106 00:08:02,813 --> 00:08:04,553 with the cybersecurity news. 107 00:08:04,973 --> 00:08:06,143 I'm your host, Jim Love. 108 00:08:06,893 --> 00:08:07,608 Thanks for listening.