Senators Call for Update to National Vulnerabilities Database to Address AI Security Risks  

Senators Mark Warner (D-VA) and Thom Tillis (R-NC) are proposing legislation to update the National Vulnerability Database (NVD) to better address security risks from artificial intelligence (AI) systems. The bill aims to improve tracking and processing of security and safety incidents related to AI, which can differ significantly from traditional software. The proposal would require the National Institute of Standards and Technology (NIST) to update the NVD and the Cybersecurity and Infrastructure Security Agency (CISA) to enhance the Common Vulnerabilities and Exposures (CVE) Program or create a new process for identifying AI security flaws. Additionally, the legislation would establish an Artificial Intelligence Security Center at the National Security Agency to promote secure AI adoption and counter-AI techniques.

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical GitLab vulnerability (CVE-2023-7028, CVSS score: 10.0) to its Known Exploited Vulnerabilities catalog due to active exploitation in the wild. This maximum severity vulnerability could allow account takeover by sending password reset emails to an unverified email address. GitLab addressed the issue in versions 16.5.6, 16.6.4, and 16.7.2, with patches also backported to earlier versions. CISA requires federal agencies to apply the latest fixes by May 22, 2024, to secure their networks. Successful exploitation can lead to account takeover, sensitive information theft, credential theft, and supply chain attacks.

Microsoft Confirms Windows Server Updates Cause NTLM Authentication Failures

Microsoft has acknowledged that the April Windows Server security updates are causing NTLM authentication failures and high load on domain controllers. The issue affects Windows Server 2022, 2019, 2016, 2012 R2, 2012, 2008 R2, and 2008, with symptoms including increased NTLM authentication traffic. The problem is more likely to impact organizations with few primary domain controllers and high NTLM traffic. Microsoft is working on a fix but has not provided a root cause or workaround yet. Uninstalling the security updates can temporarily address the issue, but this will also remove all security fixes released this month. This is the latest in a series of issues with Windows Server updates, including domain controller crashes and VPN connection breaks.

Ransom Payments Skyrocket to $2 Million Average

Ransom payments have surged by 500% in the past year, reaching an average of $2 million per payment, according to Sophos' "The State of Ransomware 2024" report. The majority (63%) of ransom demands exceeded $1 million, with 30% demanding over $5 million. Large organizations were more likely to pay ransoms, with 61% of organizations with an annual revenue of $5 billion+ paying attackers. Exploited vulnerabilities were the most common root cause of ransomware attacks (32%), followed by compromised credentials (29%), malicious email (23%), and phishing (11%). The report highlights the growing severity of ransomware attacks and the need for organizations to prioritize robust security measures, backup strategies, and incident response planning.