IT Security Newsletter

IT Security Newsletter - 7/31/2023

Written by Cadre | Mon, Jul 31, 2023

FBI warns of broad AI threats facing tech companies and the public

Executives, researchers and engineers at big tech companies and startups alike working on artificial intelligence face a growing threat from criminal and nation-state hackers looking to pilfer intellectual property or data that underlies powerful chatbots, the FBI warned on Friday. The growing risk coincides with increasing availability of AI tools and services to the general public in the form of products such as OpenAI's ChatGPT, or Google's Bard. READ MORE...

Israel's largest oil refinery website offline after DDoS attack

Website of Israel's largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have hacked the Group's cyber systems. The Haifa Bay-based BAZAN Group, formerly Oil Refineries Ltd., generates over $13.5 billion in annual revenue and employs more than 1,800 people. The company boasts to have a total oil refining capacity of about 9.8 million tons of crude oil per year. READ MORE...

Stark#Mule Malware Campaign Targets Koreans, Uses US Army Documents

A Korean-language malware campaign known as Stark#Mule is targeting victims using US military recruiting documents as lures, then running malware staged from legitimate but compromised Korean e-commerce websites. Security firm Securonix discovered the Stark#Mule attack campaign, which it said allows threat actors to disguise themselves amid normal website traffic. The campaign seems to target Korean-speaking victims in South Korea, indicating a possible attack origin from neighboring North Korea. READ MORE...

Google: Android patch gap makes n-days as dangerous as zero-days

Google has published its annual 0-day vulnerability report, presenting in-the-wild exploitation stats from 2022 and highlighting a long-standing problem in the Android platform that elevates the value and use of disclosed flaws for extended periods. More specifically, Google's report highlights the problem of n-days in Android functioning as 0-days for threat actors. The problem stems from the complexity of the Android ecosystem, involving several steps between Google and the phone manufacturers. READ MORE...

Android malware steals user credentials using optical character recognition

Security researchers have unearthed a rare malware find: malicious Android apps that use optical character recognition to steal credentials displayed on phone screens. The malware, dubbed CherryBlos by researchers from security firm Trend Micro, has been embedded into at least four Android apps available outside of Google Play, specifically on sites promoting money-making scams. One of the apps was available for close to a month on Google Play but didn't contain the malicious CherryBlos payload. READ MORE...

Valid account credentials are behind most cyber intrusions, CISA finds

Valid account credentials are at the root of most successful threat actor intrusions of critical infrastructure networks and state and local agencies, according to the Cybersecurity and Infrastructure Security Agency. Valid credential compromise combined with spear-phishing attacks accounts for nearly 90% of infiltrations last year. Valid accounts, including former employee accounts not removed from the Active Directory and default administrator credentials. READ MORE...

Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks

Ivanti has warned customers about a second zero-day vulnerability in its Endpoint Manager Mobile (EPMM) product that has been exploited in targeted attacks. Norwegian authorities announced on July 24 that a dozen government ministries had been targeted in a cyberattack involving exploitation of CVE-2023-35078, an Ivanti EPMM zero-day that allows an unauthenticated attacker to obtain sensitive information and make changes to impacted servers. READ MORE...

Millions of people's data stolen because web devs forget to check access perms

Personal, financial, and health information belonging to millions of folks has been stolen via a particular class of website vulnerability, say cybersecurity agencies in the US and Australia. They're urging developers to review their code and squish these bugs for good. The flaws are known as insecure direct object references, or IDORs. They essentially occur when a web app or a web API backend doesn't properly check that a user is actually allowed to access some info. READ MORE...

  • ...in 1790, the first U.S. patent is issued to inventor Samuel Hopkins for a unique potash production process.
  • ...in 1932, 6'9" actor Ted Cassidy, best known as Lurch from "The Addams Family", is born in Pittsburgh, PA.
  • ...in 1964 Ranger 7, an unmanned U.S. lunar probe, takes the first close-up images of the moon before impacting with the lunar surface.
  • ...in 1990, Nolan Ryan wins the 300th game of his career, throwing 7 2/3 innings with 8 strikeouts to lead his Texas Rangers to an 11-3 victory over the Milwaukee Brewers.