Meta identifies risky AI systems, Ferret malware joins 'Contagious Interview' campaign, credential theft rises as a target - Cybersecurity Headlines

Summary

Cyber Security Headlines – Detailed Summary

Episode Title: Cyber Security Headlines
Host: Sarah Lane, CISO Series
Release Date: February 5, 2025

1. Meta's Approach to Risky AI Systems

In a significant move within the AI landscape, Meta CEO Mark Zuckerberg has vowed to make Artificial General Intelligence (AGI) openly accessible. However, this openness comes with stringent safety measures. Meta's New Frontier AI framework delineates scenarios where highly capable AI systems might be withheld due to potential security risks.

Sarah Lane highlights that Meta categorizes AI systems based on their threat levels:

"[00:30] Meta classifies such systems as high risk or critical risk based on their potential to aid in cybersecurity breaches or biological attacks."

Critical risk systems are deemed capable of causing catastrophic and unmitigable threats. Unlike rigid empirical testing, Meta's framework is influenced by expert insights, striving to balance transparency with security—an effort likely in response to critiques of their OpenAI strategies.

2. Riot’s Expansion and New Security Platform

French cybersecurity startup Riot has successfully raised $30 million in a Series B funding round led by Left Lane Capital, bringing its post-money valuation to over $170 million. Originally specializing in phishing simulations and cybersecurity education, Riot is now advancing into employee security through its latest offering:

"[02:15] Riot's new Employee Security Posture Management platform measures security habits and provides karma scores, including nudges to improve practices like enabling multi-factor authentication."

With a user base of 1 million across 1,500 companies, Riot plans to scale globally and enhance its suite of security tools, addressing the evolving needs of enterprise cybersecurity.

3. SailPoint Targets $11.5 Billion Valuation in IPO

Austin-based cybersecurity firm SailPoint is gearing up for a notable Nasdaq IPO, aiming for a valuation of up to $11.5 billion. They plan to raise approximately $1.05 billion to bolster their Identity and Access Management (IAM) solutions amidst escalating cyber threats.

Sarah Lane notes:

"[04:00] SailPoint specializes in securing sensitive data and mitigating unauthorized access, having transitioned to a software-as-a-service model since going private in 2022."

Supported by Thoma Bravo, SailPoint's IPO underscores the growing demand for robust cybersecurity measures in safeguarding organizational data.

4. Combating Ferret Malware: Apple’s XProtect Update

Apple has proactively addressed vulnerabilities associated with the Ferret malware family, part of North Korea's Contagious Interview campaign. This sophisticated malware targets individuals, including job seekers, enticing them to install malicious software through deceptive interview links.

Key updates include:

"[05:45] The malware deploys JavaScript-based BeaverTail and a Python backdoor named Invisible Ferret, which siphons browser and crypto wallet data."

In response, Apple released a new XProtect update to block these malware variants. Additionally, SentinelOne researchers identified new strains like Flexible Ferret, emphasizing the need for continued vigilance:

"[06:30] Researchers at SentinelOne have identified previously undetected variants, indicating that malware blocks must persistently evolve."

5. Surge in Credential Theft Techniques

Recent findings from PICUS Securities' Red Report 2025 reveal a troubling trend where 25% of malware analyzed in 2024 targeted user credentials. Credential theft has thus emerged as one of the top techniques within the MITRE ATT&CK framework.

Sarah Lane elaborates:

"[07:15] Attackers are increasingly deploying complex multi-stage malware like Sneak Thief, designed for stealth, persistence, and automation, executing an average of 14 malicious actions per sample."

Despite the sophistication of these threats, the report notes no evidence of AI-driven malware, suggesting that focusing on the top 10 MITRE techniques could block up to 90% of current threats.

6. Netgear Addresses Critical Router Vulnerabilities

Netgear has responded to two critical vulnerabilities involving remote code execution and authentication bypass affecting several Wi-Fi router models. These flaws permit unauthenticated attackers to gain control without any user interaction.

Affected models include XR1000, XR1000 V2, XR500, WAX206, WAX220, and WAX214 V2. Netgear has promptly released firmware updates to mitigate these risks.

Sarah Lane advises:

"[08:00] Netgear urges customers to download and install the updated firmware from its official website immediately to secure their devices."

This swift action underscores the importance of regular firmware updates in maintaining device security.

7. AI Models and Vulnerability to Jailbreaking

A collaborative study by Cisco Robust Intelligence and the University of Pennsylvania assessed the susceptibility of various AI models to jailbreaking using the harm bench benchmark. Models tested included DeepSeek R1 Meta's Llama 3.1, OpenAI's GPT4O, Google's Gemini 1.5 Pro, and Anthropic's Claude 3.5 Sonnet.

Findings revealed:

"[08:45] DeepSeek R1 had a 100% attack success rate, making it the most vulnerable, while OpenAI's Zero1 model had the lowest at 26%."

Cisco attributed the vulnerabilities in DeepSeek to cost-efficient training methods that compromised security, exposing its full system prompt—a flaw that was patched post-disclosure.

8. Legal Battle Over Data Sharing with U.S. Treasury

Union groups representing 7.2 million individuals have initiated a lawsuit against the U.S. Treasury Department. The plaintiffs allege violations of the Privacy Act due to the sharing of sensitive personal data, including Social Security numbers and tax information, with the Department of Government Efficiency (DOGE).

Sarah Lane outlines:

"[09:30] The lawsuit contends that DOGE's access to this data, intended to reduce federal costs, lacks legal justification and poses significant privacy risks through unauthorized system access."

This legal action follows reports of DOGE's infiltration into government networks, raising alarms over data security, potential misuse, and legal compliance concerning personal information.

Conclusion

This episode of Cyber Security Headlines presented a comprehensive overview of the latest developments in the cybersecurity realm, from Meta's cautious approach to AI to emerging threats like credential theft and sophisticated malware campaigns. The discussions underscore the dynamic nature of cybersecurity, highlighting the continuous need for advanced defenses, regulatory compliance, and proactive measures to safeguard sensitive data and systems.

For a deeper dive into these stories, listeners are encouraged to visit CISOseries.com.

Note: This summary excludes advertisements, introductory remarks, and concluding statements to focus solely on the content-rich segments of the podcast.

Transcript

Sarah Lane (0:00)

From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Wednesday, February 5, 2025. I'm Sarah Lane. In today's cybersecurity news, Meta CEO Mark Zuckerberg has pledged to make Artificial General Intelligence, or AGI, openly available, but Meta's New Frontier AI framework outlines scenarios where it may withhold highly capable AI systems due to safety concerns. Meta classifies such systems as high risk or critical risk based on their potential to aid in cybersecurity breaches or biological attacks, with critical risk systems posing catastrophic unmitigable threats. The framework, guided by expert input rather than strict empirical tests, reflects Meta's attempt to balance openness with security, especially amid criticism of its OpenAI strategy. French startup Riot has raised $30 million in a series B round led by Left Lane Capital, reaching a Post Money valuation of over $170 million after hitting 10 million in annual revenue. Riot initially focused on phishing simulations and cybersecurity education, but now is moving into employee security through its new Employee Security Posture Management platform, which measures security habits and provides karma scores including nudges to improve practices like enabling multi factor authentication. Riot has 1 million users across 1,500 companies with plans to expand globally and develop more advanced security tools. Austin, Texas based cybersecurity firm Sailpoint is targeting a valuation of up to $11.5 billion in in its upcoming Nasdaq IPO, with plans to raise $1.05 billion to support its identity and access management solutions as cyber threats continue to rise. Sailpoint specializes in securing sensitive data and mitigating unauthorized access and transitioned to a software as a service first model since going private back in 2022. SailPoint is backed by Thoma Bravo and the IPO comes as demand for cybersecurity solutions grows. Apple released a new XProtect update to block variants of the macOS Ferret malware family linked to North Korea's Contagious Interview campaign. The campaign tricks targets sometimes people seeking jobs into installing malware via fake interview links, leading to the deployment of JavaScript based malware BeaverTail in a Python backdoor called Invisible Ferret, which conceal browser and crypto wallet data. Researchers at SentinelOne have identified previously undetected variants like Flexible Ferret, which indicates that the blocks need to continue. Thank you to Today's episode sponsor ThreatLocker. ThreatLocker is a global leader in zero trust Endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threatlocker.com Researchers from PICUS securities the Red Report 2025 found that 25% of malware analyzed in 2024 targeted user credentials, pushing credential theft into the top 10 techniques in the MITRE, ATT and CK framework. Attackers tend to focus on complex multi stage malware like Sneak Thief, designed for stealth, persistence and automation with samples capable of executing an average of 14 malicious actions. Despite increasing sophistication, no evidence of AI driven malware was found and the researchers suggest focusing on the top 10 MITRE techniques can block 90% of threats. Netgear has addressed two critical vulnerabilities around remote code execution and authentication bypass affecting multiple WI FI router models. Both flaws can be exploited without user interaction, allowing unauthenticated attackers to get control. Affected models include XR1000, XR1000 V2, XR500, WAX206, WAX220 and WAX214 V2, with fixes provided in the latest firmware updates. Netgear urges customers to download and install the updated firmware from its official website immediately to secure devices. Researchers from Cisco Robust Intelligence and the University of Pennsylvania tested AI models and including DeepSeek R1 Meta's Llama 3.1, OpenAI's GPT4O, Google's Gemini 1.5 Pro, and Anthropic's Claude 3.5 Sonnet for susceptibility to jailbreaking using the harm bench benchmark. DeepSeek R1 had a 100% attack success rate, making it the most vulnerable, while OpenAI's Zero1 model had the lowest at 26%. Cisco attributed Deep Seq's weaknesses to its cost efficient training methods, which compromised security, leaving it vulnerable to known jailbreak techniques and exposing its full system prompt, which was later patched after disclosure. Union groups representing 7.2 million people have filed a lawsuit against the U.S. treasury Department for allegedly violating the Privacy act by sharing sensitive personal data, including Social Security numbers and tax informations, with the Department of Government Efficiency, also known as doge. The lawsuit claims Doge's access to this data, meant to cut federal costs, doesn't have legal justification and endangers privacy with unauthorized access to systems with information on federal employees, taxpayers and retirees. This follows reports of Doge's access into government networks, raising concerns about data security, potential misuse and legal violations. Remember to subscribe to the ciso series on YouTube. We post all our podcasts there, as well as demos, interviews and other clips. Just search for CISO series on YouTube or look for the link over at cisoseries.com Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines. I'm Sarah Lane reporting for the CISO series. Thanks for listening. Talk to you next time.