• CramHacks
  • Posts
  • [CramHacks] Newsletter #20: AI Meets Supply Chain – A Recipe for Disaster

[CramHacks] Newsletter #20: AI Meets Supply Chain – A Recipe for Disaster

CramHacks Chronicles: Key Insights On Software Supply Chain Risks

🥳 Happy Monday! 🥳

Register for my talk on software supply chain security!

Software Supply Chain Security

An unauthenticated arbitrary file upload vulnerability has been discovered for the WordPress plugin AI Engine, which has more than 50,000 installations. The plugin enables users to create a chatbot, craft content, coordinate AI-related work using templates, and more - but is now also an opportunity for malicious actors to obtain remote code execution by uploading a malicious PHP file.

👋 Yet another pathetic vulnerability on a widely used AI/ML package. Please keep in mind that AI/ML is a race right now; these seemingly foolish mistakes are bound to continue.

Tyler Sorensen & Heidy Khlaaf of Trail of Bits have disclosed LeftoverLocals, a vulnerability that enables the recovery of data from GPU local memory created by another process. The vulnerability impacts Apple, Qualcomm, AMD, and Imagination GPUs.

👋 The PoC detailed in the blog post is pretty dam neat. At a high level, they were able to listen to another user’s LLM session across process boundaries. The code for the PoC can be found here.

The comment made in the post, “The vulnerability highlights that many parts of the ML development stack have unknown security risks and have not been rigorously reviewed by security experts.” makes me wonder what else is in store for us 🤔.

Aquasec’s Ilay Goldman & Yakir Kadkoda highlight a major issue caused by the lack of standardization in what is a deprecated software package. Their research determined there are ~2.1 Billion weekly downloads for deprecated packages. 🤯 

Their analysis determined the following results based on various definitions of what makes a package deprecated.

  • 8.2% have solely declared the package as deprecated via npm

  • 12.8% have archived the repository and declared the package as deprecated via npm

  • 15% meet the previous requirements, plus is no longer available on GitHub

  • 21% meet the previous requirements, plus there is no repository linked via npm

Credit: Aqua

“One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.”

👋 This isn’t really software supply chain security specific, but I talk about CISA’s Known Exploited Vulnerabilities Catalog (KEV) somewhat frequently, so I figured I’d mention this tool 🙂.

Yamineesh Kanaparthy details a data-driven approach to predicting CVE disclosure trends for 2024.

👋 I really enjoyed this “Polar Plot” (below), which shows potential seasonal patterns. I suspect that as tooling becomes more effective, improving the automation for both the discovery and disclosure of vulnerabilities, the "seasonality" factor will go away.

Credit: Yamineesh Kanaparthy

A 28-page report on software supply chain security data from 2023. “Software supply chain attacks rose 1300% in the past three years”

Until Next Time! 👋 

Hey, you made it to the bottom – thanks for sticking around!

Questions, ideas, or want to chat? Slide into my inbox! 💌

Don’t hesitate to forward if someone could benefit from this.

See you next Monday!
-Kyle