Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for "Fobo" Trojan distri ...

 News

The golden rule — if something is popular, criminals will exploit it — strikes once again. This time, were talking about the trending ChatGPT chatbot, developed by OpenAI, which has been all over the news of late. A word about the popularity of ChatGPT When OpenAI opened access to its AI chatbot (that is, a   show more ...

chatbot based on neural networks trained on a vast corpus of text), the internet changed beyond recognition practically overnight. Users all over the planet rushed to see what the chatbot is capable of — and were not disappointed (and often positively astonished). ChatGPT can maintain a dialog in a way that feels like theres a real person at the other end. And, more groundbreakingly, its great at writing short texts on a given topic in a particular style, including poetry, and can adapt to a specified format and basically create texts no worse than a rookie copywriter, since its loaded with exabytes of knowledge on every topic under the sun. You can also ask ChatGPT for advice on unfamiliar topics — and in most cases it delivers sound tips. True, ChatGPT is equally good at lying and propagating errors, but these are finer points. ChatGPT use is becoming mainstream, and not just for fun (to chat or, say, to ask for The Hobbit in the form of a Shakespearean sonnet — why not?), but also for business. With the help of chatbots, you can quickly fill websites with content, create product descriptions, generate quests for games, and do many other things to help people of various professions in their everyday work. Unsurprisingly, the ChatGPT servers were quickly overloaded, so Open AI had to increase their capacity. The company soon attracted investment from Microsoft, and now ChatGPT has been integrated into Bing, albeit with restrictions. In response, Google rushed to roll out its own neural network, Bard, which has similar capabilities but was not considered by the company to be fully ready for market launch. Weve already written about how ChatGPT will change the world of cybersecurity, but for now at least the use of chatbots in phishing attacks or malware development remains at the theoretical stage. In practice, however, ChatGPT is already being used as bait to spread malware. What attracts scammers to ChatGPT Why are scammers suddenly using ChatGPT as bait? Simply because the service is hugely popular. Although ChatGPT is technically free, its not always easy to access it. First, to register an account on the OpenAI website, you need to enter your e-mail address and phone number. But not all country codes are accepted: ChatGPT registration is currently unavailable in Russia, China, Egypt, Iran and some other countries. So not everyone can get an account easily. Second, even if you managed to create an account on the OpenAI website, its not a given that youll be able to actually use ChatGPT: the service is almost always overloaded with users wanting to try out the AI, ask it to write a marketing blurb, or give it some other tasks. The inflow of users was so great that OpenAI introduced a subscription plan with priority access and faster text generation for US$20 a month. High demand and low availability. Thats enough for scammers. The desktop client that never was Kaspersky experts have uncovered a malicious campaign exploiting the growing popularity of ChatGPT. Fraudsters create groups on social networks that convincingly mimic, if not official OpenAI accounts, then at least communities of enthusiasts. These groups publish equally persuasive posts: say, that ChatGPT hit one million users faster than any other service. At the bottom of the post is a link for supposedly downloading a ChatGPT desktop client. Impressive stats and a handy link — just how we like it Also posted in these groups are fake credentials for the precreated accounts that are said to provide access to ChatGPT. To motivate potential users even further, the attackers say that each account already has US$50 on its balance, which can be spent on using the chatbot. It all feels like a genuine opportunity to use ChatGPT without the trouble of creating an account, and even to get premium features for free: just download the desktop client and sit back for the ride. Roll up, roll up, get your desktop chatbot while you can! You can probably guess what happens next, but well tell you anyway. Clicking the link with a very plausible URL opens a well-made site inviting you to download ChatGPT for Windows. Its not the official site, of course, but very like the original. If you click on the download button, an archive with an executable file is indeed downloaded. The scam site is a carbon copy of the original, only instead of the Try ChatGPT button there is a Download for Windows button If this archive is unpacked and the executable file run, then, depending on the version of Windows, the user sees either a message saying installation failed for some reason, or no message at all — at which point the process seems to end. Shame I didnt get to use a precreated account with premium features, the user will think, and forget about the incident — probably resorting to creating a regular account on the real ChatGPT site. If you see this message (or no message at all), the Trojan installed successfully In fact, installation did not fail: a stealer Trojan is installed on the users computer, from where it pinches account credentials stored in Chrome, Edge, Firefox, Brave, CôcCôc (popular in Vietnam), and other browsers. Weve dubbed it Trojan-PSW.Win64.Fobo. The Trojans creators are interested in Facebook, TikTok, and Google cookies and accounts — in particular business accounts. The virus steals usernames and passwords, then, on finding a business account in one of these services, it tries to get additional information, such as how much money was spent on advertising from the account and what its current balance is. According to our data, the attackers target the international market — the ChatGPT desktop client has already been spotted in Asia, Africa, Europe and America. How to use ChatGPT safely For starters, note that theres no official desktop, mobile, or other client for ChatGPT — only the web version. Amusingly, the chatbot itself makes this very point when asked to write a blog post about this scam campaign. What ChatGPT itself thinks of this scam campaign Theres also no need to use precreated accounts, of course. Currently, OpenAIs only paid feature is a monthly subscription with priority access, otherwise access to ChatGPT is completely free. So you can register a real ChatGPT account for free, no strings attached. Even if your phone number is no good due to restrictions on some countries, you can ask a friend abroad to buy you a disposable SIM card or use a temporary phone number — you only need it once, to activate the account. There are plenty of services that offer temporary phone numbers for receiving verification codes by text: just google one-time phone number. The main thing is to make sure you land on the official site (https://chat.openai.com). To do that, dont follow a link, rather enter the URL in the address bar yourself. And have a good security solution installed on your computer — ChatGPT is only gaining popularity, and attackers are bound to come up with more campaigns centered on this revolutionary new chatbot. Sure, vigilance is vital, but sometimes even the most attentive and super-prepared fall for phishing or well-faked sites, so its better to play it safe. All Kaspersky security solutions detect Trojan-PSW.Win64.Fobo and keep it off your computer. As for ChatGPT desktop clients, theyre bound to appear sooner or later — if not official, then third-party ones. But always think thrice before using any kind of third-party client, and here an antivirus is a no-brainer.

 Trends, Reports, Analysis

The core-stab backdoor is closely linked with a malicious webshell titled task-controller, and both of them are both closely linked to the widespread and ongoing NDSW/NDSX malware infection.

 Threat Intel & Info Sharing

The newly added vulnerabilities in the KEV Catalog affect a code execution vulnerability in IBM Aspera Faspex, and a code execution and command injection vulnerability in Mitel MiVoice Connect.

 Malware and Vulnerabilities

A critical-severity advisory from VMware tracks the vulnerability as CVE-2023-20858 and warns that hackers can launch injection exploits to gain full access to the underlying server operating system.

 Trends, Reports, Analysis

In a new report from Cyber Security Works (CSW), Ivanti, Cyware, and Securin, researchers identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022 – marking a 19% increase year-over-year.

 Expert Blogs and Opinion

By providing insiders with solutions that make security and privacy easier for them, organizations reduce the likelihood that people will find workarounds that undermine data protection objectives.

 Breaches and Incidents

On Sunday, the cybersecurity and malware research group vx-underground published screenshots of data purportedly stolen from Activision, including the schedule of planned content to be released for the popular first-person shooter Call of Duty.

 Trends, Reports, Analysis

Ransomware extortion tactics range from publishing data bit by bit in an attempt to increase pressure on targets through more aggressive measures, making these threats all the harder for organizations and individuals alike to protect against.

 Social Media Threats

A stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number and didn't delete the WhatsApp account linked to it.

 Threat Actors

Trend Micro reported about a new threat actor that would drop a new backdoor dubbed WhiskerSpy. The cybercriminal group, tracked as Earth Kitsune, is a relatively new threat group that conducts watering hole attacks. The malware is delivered to users when they attempt to watch videos on attacker-compromised websites.

 Breaches and Incidents

Internet domain registrar GoDaddy revealed that it has been the victim of a three-year-long campaign that deployed malware on internal systems and pilfered source code. Experts detected that an unauthorized third party had gained access to the company's cPanel hosting servers and installed malware. This resulted in random customer websites being intermittently redirected to malicious sites.

 Feed

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged   show more ...

the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

 Feed

pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services,   show more ...

the primary of which is on port 8000 and can not be used by external hosts. A secondary Click N Load service runs on port 9666 and can be used remotely without authentication.

 Feed

Ubuntu Security Notice 5739-2 - USN-5739-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. MariaDB has been updated to 10.3.38 in Ubuntu 20.04 LTS and to 10.6.12 in Ubuntu 22.04 LTS and Ubuntu 22.10.

 Feed

Red Hat Security Advisory 2023-0774-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.28. Issues addressed include denial of service and out of bounds read vulnerabilities.

 Feed

Ubuntu Security Notice 5881-1 - It was discovered that Chromium did not properly manage memory. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code via a crafted HTML page. It was discovered that Chromium did not properly manage memory. A remote attacker who   show more ...

convinced a user to install a malicious extension could possibly use this issue to corrupt memory via a Chrome web app.

 Feed

Red Hat Security Advisory 2023-0833-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing   show more ...

systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.

 Feed

Red Hat Security Advisory 2023-0888-01 - A security update for 2.13.2-1 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

 Feed

A combined team of UL Solutions safety science experts will address automotive cybersecurity, functional safety, automated driving and software development processes to help customers bring safer, more secure innovations to market.

 Feed

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation. The two other vulnerabilities,

 Feed

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report. "The attackers referred to retail

 Feed

If you Google "third-party data breaches" you will find many recent reports of data breaches that were either caused by an attack at a third party or sensitive information stored at a third-party location was exposed. Third-party data breaches don't discriminate by industry because almost every company is operating with some sort of vendor relationship – whether it be a business partner,

 Feed

Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-land tools," Symantec, by Broadcom Software, said in a report shared with The Hacker News. There is no

 Feed

An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc. "While C2 frameworks are prolific, the

 Feed

At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a peak volume of 650 Gbps. Attackers exploited over 2000 servers belonging to one of the top three cloud providers worldwide and targeted a client who was using a free CDN plan. However, due to Gcore’s distribution of infrastructure and a large number of peering partners, the attacks were mitigated,

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 (CVSS score: 9.8) - IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 (CVSS score: 6.8) - Mitel MiVoice Connect Code Injection

 Feed

VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product. Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. The virtualization services provider describes the issue as an injection vulnerability. Security researcher Jari

2023-02
Aggregator history
Wednesday, February 22
WED
THU
FRI
SAT
SUN
MON
TUE
FebruaryMarchApril