Blog entry by Les Bell

Les Bell
by Les Bell - Tuesday, 25 April 2023, 11:37 AM
Anyone in the world

Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.

News Stories


New Phone? No More Google Authenticator Blues. . .

For those of us who use Google Authenticator, getting a new phone has heralded a tedious task, not to mention occasional pain. You see, Google Authenticator, a software time-based one-time password token generator which generates a new authentication code every minute, stored its seed values on the phone - hopefully in the secure element - which meant that a new phone meant re-seeding the various tokens in the Authenticator app.

For some accounts, this simply meant using the camera phone to scan a QR code off a PC screen, in order to replace the current token with a new one and store the seed values in the new phone. But for some accounts, it meant getting administrators to revoke the current one-time codes so that we can enrol the new phone - a tedious process that could take some time.

Fortunately, Google has now updated the Authenticator app to store the token data in the user's Google account, allowing accounts to be transferred between phones with relative ease. In fact, version 6.0 and later for both Android and iOS will synchronize Authenticator codes across multiple devices and will automatically restore them to any new device you use.

Of course, this has implications for lost and stolen devices, especially if the device is not locked using some secure mechanism. And if the Google account itself can be compromised . . . But then, an attacker would need the Authenticator codes to do that, wouldn't they?

Brand, Christian, Google Authenticator now supports Google Account synchronization, blog post, 24 April 2023. Available online at https://security.googleblog.com/2023/04/google-authenticator-now-supports.html.

Google Rolls Out Generative AI for Security

Sticking with other Google news, the firm has announced a number of related new capabilities which bring AI to the field of infosec. The key one seems to be Google Cloud Security AI Workbench, a do-everything 'platform' which is based on a specialized large language model for security called Sec-PaLM.

The Google Cloud Security AI Workbench structure.

(Image credit: Google)

Sec-PaLM seems to take feeds from a number of sources: the MITRE frameworks, obviously, as well as OSSVDB, VirusTotal and threat intelligence from Mandiant, which is now owned by Google. The product will also draw on selected data from Google partners; the first of these will be Accenture, who will integrate Security AI Workbench with their Managed Extended Detection and Response service.

In addition, Sec-PaLM is also being added into two other products. Firstly, VirusTotal will use it to power a new automated malware analysis feature called Code Insight, which can analyze files to improve the detection of actual threats, reducing false positives. The code is already analyzing PowerShell scripts uploaded to VirusTotal. Secondly, Mandiant is integrating Sec-PaLM into the Chronicle SIEM/SOAR suite, in the form of Mandiant Breach Analytics for Chronicle.

This is a large product announcement with lots of implications. We can expect to see further integration of AI into incident response tools, improving the signal/noise ratio for human analysts and perhaps helping to close the skills gap.

Potti, Sunil, Supercharge security with generative AI, blog post, 25 April 2023. Available online at https://cloud.google.com/blog/products/identity-security/rsa-google-cloud-security-ai-workbench-generative-ai.

Open-Source Large Language Model Launched

And while we're on the subject of AI, Stability.ai has launched the first of its open-source StableLM language models; the alpha version of the model is available in 3 billion and 7 billion parameter versions, with 15 billion to 65 billion parameter versions to follow.

Developers can freely inspect, use and adapt the base models for commercial or research purposes, under the terms of the Creative Commons BY-SA-4.0 license. The models are now available in the firm's GitHub repository.

Uncredited, Stability AI Launches the First of its StableLM Suite of Language Models, blog post, 19 April 2023. Available online at https://stability.ai/blog/stability-ai-launches-the-first-of-its-stablelm-suite-of-language-models.


These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Creative Commons License TLP:CLEAR Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.

Tags:
[ Modified: Tuesday, 25 April 2023, 11:37 AM ]