Dell has introduced a groundbreaking Generative AI tool poised to reshape the landscape of model customization. This remarkable development signifies a significant stride forward in artificial intelligence, with the potential to revolutionize a wide array of industries.
Dell, a trailblazer in technology solutions, has harnessed the power of Generative AI to create a tool that empowers businesses to customize models with unprecedented precision and efficiency. This tool comes at a pivotal moment when the demand for tailored AI solutions is higher than ever before.
The tool's capabilities have been met with widespread excitement and acclaim from experts in the field. Steve McDowell, a prominent technology analyst, emphasizes the significance of Dell's venture into Generative AI. He notes, "Dell's deep dive into Generative AI showcases their commitment to staying at the forefront of technological innovation."
One of the key features that sets Dell's Generative AI tool apart is its versatility. It caters to a diverse range of industries, from healthcare to finance, manufacturing to entertainment. This adaptability ensures that businesses of all sizes and sectors can harness the power of AI to meet their specific needs.
Furthermore, Dell's tool comes equipped with a user-friendly interface, making it accessible to both seasoned AI experts and those new to the field. This democratization of AI customization is a pivotal step towards creating a more inclusive and innovative technological landscape.
The enhanced hardware and software portfolio accompanying this release further cements Dell's commitment to providing comprehensive solutions. By covering an extensive range of use cases, Dell ensures that businesses can integrate AI seamlessly into their operations, regardless of their industry or specific requirements.
The vulnerability, which has now been patched, was the result of a window message event handler's failure to accurately verify the message's origin, providing attackers access to users’ sensitive data.
The PostMessage API (also known as the HTML5 Web Messaging API) is a communication mechanism that permits safe cross-origin communication between several windows or iframes inside a web application. The API enables scripts from different origins to exchange messages, overcoming the restrictions the Same-Origin Policy imposes, that normally restricts data sharing between distinct sources on the web.
The API includes methods named window.postMessage() and an event message. The postMessage() method is used to send a message from the source window to the target window or iframe, while the message event is triggered on the receiving end when a new message is received. The team discovered a script in TikTok's web application during the code analysis that seemed to be involved in user tracking.
The Imperva report states that “the first step in discovering the vulnerability was to identify all the message event handlers in TikTok's web application. This involved a comprehensive analysis of the source code in locating instances where the PostMessage API was being used[…]Once all the message event handlers were identified, we proceeded to carefully read and understand the code for each handler. This allowed us to determine the purpose of each handler and evaluate the security implications of processing untrusted messages.”
Attackers could send harmful messages to the TikTok web application through the PostMessage API by taking advantage of this vulnerability and getting around the security precautions. The malicious message would then be processed by the message event handler as if it were from a reliable source, giving the attacker access to private user data.
The vulnerability was promptly addressed after being reported to TikTok by the Imperva Red Team, and Imperva appreciated TikTok for its swift action and cooperation. This disclosure should serve as a reminder of the value of adequate message origin validation and the risks of enabling interdomain communication without the necessary security precautions.
The malware was discovered by the security firm researchers in June 2022 and was named ‘Mimic.’ According to the researchers, the malware has been “deleting shadow copies, terminating multiple applications and services, and abusing Everything32.dll functions to query target files that are to be encrypted.”
The researchers also found that some of the code in Mimic shared similarities with the infamous Conti ransomware, which was leaked in early 2022 following a number of high-profile incidents.
Mimic ransomware attack begin with targeted victims receiving executable, most likely via an email, that retrieves four files from the target system, including the main payload, ancillary files, and tools to disable Windows Defender.
The researchers’ findings reveal that the ransomware attack largely constituted legitimate files, of which one file contains the malicious payloads. Mimic is a sophisticated strain of ransomware that may use command-line options to target specific files and multiple processor threads to encrypt data more rapidly.
According to Trend Micro, this combination of several active threads and the way it abuses Everything's APIs enable it to operate with minimum resource consumption, leading to a more effective execution and attack.
One of the best measures advised to the companies is by implementing a multilayered approach, which will provide the most efficient security, including data protection, backup and recovery measures.
Utilizing a range of software that are designed to prevent, mitigate and combat the attacks on personal and business computers will add another layer of protection to the systems.
Moreover, conducting regular vulnerability assessment and patching those vulnerabilities in the systems as soon as security updates become available will additionally aid in combating potential ransomware attack.
In December 2022, a hacker claimed to have access to the personal data of 400 million Twitter users for sale on the dark web markets. And only yesterday, the attacker published the account details and email addresses of 235 million users.
The breached data revealed by the hacker includes account names, handle creation data, follower count, and email addresses of victims. Moreover, the threat actors can as well design social engineering campaigns to dupe people into providing them their personal data.
Social media giants provide threat actors with a gold mine of user data and personal information that they can utilize in order to perform social engineering scams.
Getting a hold of just a user name, email address, and contextual information of a user’s profile, available to the public, a hacker may conduct reconnaissance on their targeted user and create phishing and scam campaigns that are specifically designed to dupe them into providing personal information.
In this case, while the exposed information was limited to users’ information available publicly, the immense volume of accounts exposed in a single location (Twitter) has in fact provided a “goldmine of information” to the threat actors.
Unsecured APIs allow cybercriminals direct access to users’ Personally Identifiable Information (PII), such as username and password, which is captured when the user connects to any third-party service API. API attack thus provides threat actors with a window to collect large amounts of personal information for scams.
An instance of this happened just a month ago when a threat actor leveraged an API flaw to gather the data of 80,000 executives throughout the private sector and sell it on the dark web. The threat actor had applied successfully to the FBI's InfraGard intelligence sharing service.
The data collected during the incident included usernames, email addresses, Social Security numbers, and dates of birth of victims. This highly valuable information was utilized by the threat actors for developing social engineering dupes and spear phishing attacks.
One of the main challenges faced while combating API breaches is how modern enterprises need to detect and secure a large number of APIs. A single vulnerability can put user data at risk of exfiltration, therefore there is little room for error.
“Protecting organizations from API attacks requires consistent, diligent oversight of vendor management, and specifically ensuring that every API is fit for use […] It’s a lot for organizations to manage, but the risk is too great not to,” says Chris Bowen, CISO at ClearDATA. “In healthcare, for example, where patient data is at stake, every API should address several components like identity management, access management, authentication, authorization, data transport, exchange security, and trusted connectivity.”
It has also been advised to the security team to not rely solely on simple authentication options like username and password in order to secure their APIs.
“In today’s environment, basic usernames and passwords are no longer enough […] It’s now vital to use standards such as two-factor authentication (2FA) and/or secure authentication with OAuth,” says Will Au, senior director for DevOps, operations, and site reliability at Jitterbit.
Moreover, measures such as utilizing a Web Application Firewall (WAF), and monitoring API traffic in real time can aid in detecting malicious activities, ultimately minimizing the risk of compromise.
According to industry experts, the increase in integrated web and mobile offerings that requires data exchange between products of multiple organizations and the reliability of mobile apps on APIs, has eventually led to growth, making API security a huge challenge for CIOs today.
A 2022 survey by 451 Research found that 41% of organizations surveyed had an API security incident in the last 12 months; 63% of respondents said the incident involved a data breach or loss.
Consequently, cybersecurity startup Wib is looking to zero in on API security. Wib further announced a $16 million investment led by Koch Disruptive Technologies (KDT), the growth and venture arm of Koch Industries, Inc, with participation from Kmehin Ventures, Venture Israel, Techstars, and existing investors.
Blocking API attacks in the network:
According to a report by GigaOm research, API security products were developed before API use expanded to the extent seen today and “were based upon the idea that it is asking for failure to insist developers secure the code they write. The report added that “most developers do not knowingly create insecure code,” if they inadvertently develop code with vulnerabilities, most likely because they are unaware of what vulnerabilities an API might suffer from.
“Once API security was in use, though,” the report said, “IT quickly discovered a new reason to use a security product: Some vulnerabilities are far easier blocked in the network than in each and every application.”
The report inferred that the idea that it is more effective in blocking some attacks in the network, including data centers, cloud vendors, and SaaS providers — before access to the API occurs, has spurred demand for products that can do this.
According to Wib, its API security platform aims at providing visibility across the entire API landscape, right from code to production. This would help unify software developers, cyber defenders, and CIOs around a single holistic view of their complete API domain.
The platform could leverage real-time inspection, management, and control at every stage of the API lifecycle to automate inventory and API change management, according to the company. Wib was created to identify rogue, zombie, and shadow APIs and analyze business risk and impact, helping organizations reduce and harden their API attack surface.
According to Gil Don, CEO, and co-founder of Wib, API has moved into the spotlight in the past years. “Organizations are using them as the basis of a new generation of complex applications, underpinning their move to competitive and agile digital business models,’’ says Don.
A Whole New Category of Cyber Threat
Don explains that APIs account for 91% of all web traffic and they fit with the trend towards microservices architectures and the need to respond dynamically to rapidly changing market conditions. But APIs have given rise “to a whole new category of cybersecurity threats that explicitly targets them as a primary attack vector. Web API traffic and attacks are growing in volume and severity.”
Over half of APIs are invisible to business IT and security teams. “These unknown, unmanaged, and unsecured APIs are creating massive blind spots for CIOs that expose critical business logic vulnerabilities and increase risk,’’ Don continues.
On the other hand, GigaOm report called out Wib for its API source code scanning and analysis “with an eye toward API weaknesses.” Wib’s platform “provides automatic API documentation to create up-to-date documentation, as well as snapshots of changes to APIs and their risks every time they see a commit to code,” the report further read.
As its operations grow across the Americas, UK, and EMEA, Wib says the investments will be used in order to improve its comprehensive API security platform and accelerate international growth.