Reporting from Vegas: Networking, AI, and good boys

The cybersecurity landscape is increasingly focused on the challenges and opportunities presented by artificial intelligence, particularly concerning data management and security infrastructure. Discussions at recent industry events highlight the significant hurdles businesses face in handling the vast amounts of data required for AI operations, especially in an agentic environment.
The sheer volume of data involved, potentially hundreds of zettabytes daily, presents a complex problem for organizations. Developing robust data pipelines and effective defense mechanisms for AI-driven processes is a key area of concern and innovation within the industry. Conferences serve as crucial venues for stakeholders to collaborate and brainstorm solutions for processing and protecting data at this unprecedented scale.

In response to evolving threats, Cisco Talos is enhancing its Threat Hunting program. This initiative aims to proactively identify advanced adversaries who can evade conventional detection methods. By integrating AI-powered telemetry analysis with human expertise, Talos seeks to uncover hidden threats across endpoint, network, and identity data.
This approach is designed to detect sophisticated intrusions before specific signatures are developed. Traditional security tools often rely on identifying known malicious patterns, but as threat actors leverage AI to operate with greater speed and stealth, this method can leave significant blind spots. Hypothesis-driven hunting addresses this by correlating subtle indicators across an environment, enabling defenders to piece together anomalies and identify complex attacks.
Cisco Talos is offering its Threat Hunting capabilities to organizations that may lack the internal resources for continuous hunting. Interested parties can contact their Cisco account team or explore a dedicated portal within Cisco Security Cloud Control. Further details on their recent investigation into KongTuke command-and-control activity are available in a detailed blog post.

In other security news, a global stock exchange has been targeted by a prolonged email campaign that granted attackers extensive access to an executive's inbox, reportedly by utilizing native Windows tools. Separately, a vulnerability in GitHub allows for the theft of full GitHub OAuth tokens through malicious VS Code extensions that exploit message-passing mechanisms.
The phishing-as-a-service platform "Kali365," previously focused on Microsoft 365, has expanded its scope to target AWS, Okta, and Russian platforms, employing device code phishing tactics. Additionally, numerous Red Hat packages distributed via its official NPM channel were found to contain malicious code, including a worm designed to steal credentials and sensitive data.
Web servers supporting HTTP/2 are potentially vulnerable to an exploit dubbed "HTTP/2 Bomb," which can cause them to go offline within seconds. This attack could affect a significant number of websites running common server configurations from NGINX, Apache HTTPD, Microsoft IIS, Envoy, or Cloudflare Pingora.





