ChatGPT: A Boon to Scammers
Being a cybercriminal is easier than ever with the underground economy. Now, even less technologically savvy bad guys can deploy ransomware campaigns using ransomware-as-a-service or other tools that can be bought or rented. It's part of the reason we've seen an uptick in threats. For years, cybersecurity vendors have touted AI and machine learning as a way to upend the longstanding advantages that attackers have over defenders. READ MORE...
Dole Says Employee Information Compromised in Ransomware Attack
Produce giant Dole admitted in a document submitted on Wednesday to the US Securities and Exchange Commission (SEC) that the recent ransomware attack resulted in unauthorized access to employee information. The Ireland-based company said in February that it was forced to shut down some plants due to the cyberattack, but still claimed that impact on its operations was limited. On the other hand, some stores blamed product shortages on problems caused by the incident. READ MORE...
Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023
On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. The first to fall was Adobe Reader in the enterprise applications category after Haboob SA's Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000. READ MORE...
Hackers inject credit card stealers into payment processing modules
A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the 'Authorize[.]net' payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans. Historically, when threat actors breach a commerce site like Magenta or WordPress running WooCommerce, they inject malicious JavaScript into the HTML of the store or customer checkout pages. READ MORE...
North Korean hackers using Chrome extensions to steal Gmail emails
A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails. Kimsuky (aka Thallium, Velvet Chollima) is a North Korean threat group that uses spear phishing to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians. READ MORE...
Bogus ChatGPT extension steals Facebook cookies
Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies - but not before more than 9,000 users installed the account-compromising bot. The malicious extension - Chat GPT For Google (note the erroneous space in the name of the chatbot) - is very similar in name and code to the real ChatGPT For Google extension. READ MORE...
Journalist plugs in unknown USB drive mailed to him-it exploded in his face
It's no secret that USB flash drives, as small and unremarkable as they may look, can be turned into agents of chaos. Over the years, we've seen them used to infiltrate a nuclear facility, infect critical control systems in power plants, morph into attack platforms, and more. Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos. READ MORE...
Are You Talking to a Carbon, Silicon, or Artificial Identity?
ChatGPT and Bard AI are making the news for all kinds of reasons. People are charmed and unnerved by the quirky responses and how seemingly sentient these chatbots are. But artificial intelligence (AI) has existed for years, and the issues today aren't just related to a greater capacity for writing term papers and malware. These new tools simply add to an already complex ecosystem of identities, which may be carbon-based, silicon-based, or now, increasingly complex artificial identities created by AI. READ MORE...
If your Netgear Orbi router isn't patched, you'll want to change that pronto
If you rely on Netgear's Orbi mesh wireless system to connect to the Internet, you'll want to ensure it's running the latest firmware now that exploit code has been released for critical vulnerabilities in older versions. The Netgear Orbi mesh wireless system comprises a main hub router and one or more satellite routers that extend the network's range. By setting up multiple access points in a home or office, they form a mesh system that ensures Wi-Fi coverage is available throughout. READ MORE...
CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure
The US Cybersecurity and Infrastructure Security Agency (CISA) this week issued advisories for a total of 49 vulnerabilities in eight industrial control systems (ICS) used by organizations in multiple critical infrastructure sectors - some unpatched. The need for organizations in critical infrastructure sectors to consider cybersecurity is growing. ICS and operational technology (OT) environments are no longer air-gapped, segmented as they once used to be, and are increasingly accessible over the Internet. READ MORE...
- ...in 1857, Elisha Otis installs his first elevator, four years after demonstrating its safety locking mechanism at the 1853 New York World's Fair
- ...in 1910, Japanese film director Akira Kurosawa, ("Seven Samurai", "Rashomon") is born in Tokyo.
- ...in 1949, musician/producer Ric Ocasek of The Cars ("Just What I Needed", "You Might Think") is born in Baltimore, MD.
- ...in 2001, Russia's Mir space station is retired via a controlled atmospheric entry, burning up in the skies above Fiji before falling into the South Pacific.
