Jim Love (0:01)

Deep seq AI databases are left wide open, raising major security concerns. APIs emerge as a primary cyber attack vector. Operation Talent puts a global crackdown on cybercrime forums, and a new browser attack technique puts millions at risk. This is Cybersecurity today. I'm your host, Jim Love. Deep Seq, the Chinese company that took the AI world by storm, has shown that technical genius and security awareness don't necessarily go hand in hand. The company left its open source Clickhouse database publicly accessible, and the lack of security controls meant anyone with Internet access could have viewed or modified its data. In some cases, they might have even altered the application itself. The security firm Wiz discovered the database had no authentication requirements, putting chat logs, API keys and system configurations configurations at risk. Deepseek took action to secure the database after being alerted, but has not disclosed the duration of exposure or whether any unauthorized parties accessed the data. And while there's no confirmation of malicious access, the exposure of API keys alone could have allowed attackers to misuse Deepseek's AI services. The incident underscores the risks AI companies face when failing to implement strong security measures, particularly as AI platforms handle increasingly sensitive information. Wiz researcher Gal Nagle warned that rapid AI adoption without stringent security protocols creates major vulnerabilities. Now, no doubt the developers of Deep SEQ would remind everyone that this was a side project to them, an experiment. And to some extent, they would be right in saying that no one should be putting sensitive corporate or personal information into the application at this point. Hopefully that's the case. But it's a warning that the development of AI applications presents a significant shadow IT risk for companies and individuals. And while it's fine to experiment with new technology, we shouldn't be rushing to add any sensitive data until the security of an application is verified. And that's why any system we use, even if it comes from the cloud, maybe especially if it does, needs to be vetted for security, and nothing should be taken for granted. The lesson is that developers can be brilliant in innovating in development and still miss obvious security issues. For developers, even this talented group, it's also a crucial lesson. Testing and proof of concept prototypes are not production systems. But that doesn't mean security should be overlooked. Many breaches have started by infiltrating test systems first and then finding their way into production environments. Everything that is in any way connected to a network needs to be protected properly. And maybe there's another reason why security professionals tell us that security is not bolted on after the system is finished. It's designed in as the system is being built. This is a timely reminder. A newly released 2025 API threat stat report confirms what security professionals have been warning about APIs are now the dominant attack surface in cybersecurity. The report, issued by Wallarm, a company that specializes in API security, found that over 50% of the vulnerabilities tracked in the Cybersecurity and Infrastructure Security Agency, or CISA's known exploited vulnerabilities catalog last year were API related, up from just 20% in 2023. The explosion of AI driven applications is one major factor behind this trend, creating new security that attackers are quick to exploit. A particularly concerning finding is that 57% of AI powered APIs are externally accessible and 89% rely on weak authentication mechanisms such as static keys. Only 11% have strong security controls in place. That makes them easy targets for exploitation, especially as AI models increasingly integrate with enterprise systems, expanding the attack surface beyond traditional IT infrastructure. The impact is already visible. Wall arm identified a 1,025% increase in AI related vulnerabilities, with nearly all or 98.9% directly tied to APIs. High profile breaches reinforce these concerns, including Dell's API exposure, which leaked 49 million records due to weak authentication, and Twilio's Authy's breach, where API enumeration led to the exposure of 33 million linked phone numbers. The report shows that security teams cannot afford to treat API security as an afterthought. APIs must be reviewed as a primary attack vector before deployment and continuously monitored after they go live. The growing reliance on AI means that API security is now inseparable from enterprise security, requiring constant scrutiny and adaptive defenses. In a significant international effort, law enforcement agencies have executed Operation Talent, targeting major cybercrime forums that have facilitated extensive illegal activities. The operation led to the seizure of domains associated with prominent hacking platforms, including nulled2, crack2, crackedio, stark RDP IO, selix IO, and myselect IO. These forums have been notorious for the distribution of stolen login credentials, hacking tools, and other illicit services. For instance, the Cracked Marketplace, active since March 2018, amassed over 4 million users and listed more than 28 million posts advertising cybercrime tools and stolen information. This platform alone generated approximately 4 million in revenue and impacted at least 17 million victims in the United States alone. The coordinated seizures involved multiple international agencies, including the U.S. department of justice and the Dutch National Police, highlighting the global collaboration necessary to combat cyber threats. By dismantling these platforms, authorities aimed to disrupt the infrastructure, supporting a significant portion of the cyber criminal underworld. One of Kracht's moderators said in a telegram post this afternoon that the forum had been seized during an operation and that the forum was awaiting court documents from their data center. A sad day indeed for our community, the moderator added. I think we have to be grateful for the persistent efforts of international law enforcement to hold cybercriminals accountable and dismantle the networks that facilitate their activities. Security researchers have uncovered a new cyber attack method called the browser sync jacking that allows hackers to take full control of a user's browser and potentially their entire device. This technique exploits common browser extensions, which many users trust and install without a second thought. The attack begins when a user installs a malicious browser extension. The extension silently authenticates the user's browser into a profile managed by the attacker, giving them the ability to push harmful policies, disable security features, and access sensitive data. The attacker can then escalate their control, potentially gaining full access to the device, including the ability to turn on the camera, record audio, and install additional malware. Now, what makes this attack particularly concerning is that it requires minimal user interaction and operates almost invisibly, making it difficult for individuals and traditional security tools to detect it. This discovery highlights a significant blind spot in current cybersecurity measures, emphasizing the need for enhanced browser security and user awareness regarding the extensions they install. With browser extensions integrated into our daily online activities, this discovery is a critical reminder that these add ons are actual applications and have some inherent risks. Whether you choose to lock down browser add ons or find another strategy that works for your organization, this is a huge risk area and it's worth looking into further. I posted a link to the story that alerted me to this in the show Notes. It's quite a read, but maybe worthwhile for some of your more technical security folks, and I'd also love to hear their reaction. They can reach me at editorialechnewsday ca and that's our show for today. Remember that our month in review and our panel of experts is this weekend and we'll be discussing these stories and more. Join us for your Saturday morning coffee or anytime you listen to a longer podcast. I'm your host, Jim Love. Thanks for listening.