👉 What’s going on in the cyber world today?
Cryptocurrency Mining Exploits Azure Automation, BlazeStealer Malware Strikes Python, Predator AI Threatens Cloud Security, Russia’s Covert Disinformation in Latin America, Chinese APT Groups Target Cambodian Government, CISA Catalogs New Vulnerability, ChatGPT Services Under Siege, Sberbank’s Battle Against Massive DDoS, Sumo Logic’s AWS Account Compromised, IT Disruption Strikes Scottish Western Isles, GitHub Empowers Developers, WhatsApp Boosts Privacy, Windows 11’s Enhanced Network Security, Court Upholds Automakers’ Right to Record Text Messages, Visa Launches Cybersecurity Learning Program.
Cybersecurity researchers have identified the world’s first fully undetectable cloud-based cryptocurrency mining method using Microsoft Azure Automation. This ingenious exploitation was unveiled by the cybersecurity company SafeBreach, which revealed three distinct approaches to deploy the miner, including one that could operate within a victim’s environment without arousing any suspicion.
A new threat has emerged as malicious Python packages infiltrate the Python Package Index, aiming to steal sensitive information from compromised developer systems. Disguised as innocent obfuscation tools, these packages actually contain the BlazeStealer malware, enabling attackers to gain complete control over victims’ computers by running a Discord bot. This campaign, which began in January 2023, introduced eight packages with deceptive names, luring developers into installing them, and once executed, BlazeStealer can harvest sensitive data.
Cybersecurity researchers from SentinelLabs have revealed a new Python-based infostealer and hacking tool known as “Predator AI,” which is tailored to target cloud services and incorporates artificial intelligence technology, specifically a ChatGPT-driven class integrated into the Python script. This integration introduces a chat-like text-processing interface, streamlining Predator AI’s features and reducing reliance on the OpenAI API.
The U.S. government has unveiled an ongoing Russia-funded disinformation campaign in Latin America with the goal of eroding support for Ukraine while discrediting the United States and NATO. This operation has been attributed to three local companies, known as “influence-for-hire” firms: the Social Design Agency, the Institute for Internet Development, and Structura, all of which possess significant technical capabilities.
A recent report by Palo Alto Networks’ Unit 42 has shed light on the activities of two prominent Chinese government hacking groups that have targeted at least 24 Cambodian government organizations using cloud backup services. While the report does not name the APT groups involved, it asserts with high confidence that these Cambodian entities were compromised by Chinese APT actors, based on their persistent connections over several months.
CISA has taken action by adding a new vulnerability to its Known Exploited Vulnerabilities Catalog, denoted as CVE-2023-29552, a Service Location Protocol (SLP) Denial-of-Service Vulnerability. Such vulnerabilities serve as common attack vectors for malicious cyber actors and pose substantial risks to the federal enterprise.
In the last 24 hours, OpenAI has been grappling with “periodic outages” resulting from relentless DDoS attacks targeting its API and ChatGPT services. The company, while not initially disclosing the root cause of the incidents, later confirmed the connection to ongoing distributed denial-of-service attacks. Users experiencing these disruptions are encountering “something seems to have gone wrong” errors, with ChatGPT reporting “There was an error generating a response” to their queries. Anonymous Sudan has claimed responsibility for these attacks, citing OpenAI’s alleged “bias towards Israel and against Palestine” as the motivation behind their actions.
Sberbank, the Russian financial institution, disclosed that it had endured a colossal distributed denial of service attack, with the onslaught reaching one million requests per second. This attack, deemed the most powerful in recent history, posed a significant challenge to the majority state-owned banking and financial services company.
Sumo Logic has disclosed a recent security breach that occurred due to unauthorized access to their AWS account using stolen credentials. Fortunately, the breach did not compromise customer data, as it remained encrypted, and Sumo Logic swiftly secured their infrastructure and rotated potentially compromised credentials. They are conducting a thorough investigation and advising customers to enhance their security by resetting various credentials, demonstrating their commitment to ensuring a secure digital experience for their clients and highlighting the critical importance of robust security measures in the digital age.
The government council for Scotland’s Western Isles, Comhairle nan Eilean Siar, is contending with a significant IT outage that has prompted the provision of temporary phone numbers for essential services. The disruption has impacted access to the IT system, and the council’s immediate focus is on restoring and securing data to ensure uninterrupted service delivery to the community.
GitHub, the Microsoft-owned code hosting platform, has introduced three AI-powered features within GitHub Advanced Security to enhance code security and streamline the identification and resolution of vulnerabilities. These features, available for GitHub Enterprise Cloud and Enterprise Server customers, aim to proactively strengthen code quality and security.
WhatsApp has introduced a new privacy feature that enables both Android and iOS users to hide their location during calls by routing the connection through WhatsApp servers. This feature conceals the users’ location from other call participants by switching from the standard peer-to-peer connection to using WhatsApp’s servers to obfuscate IP address metadata, thus safeguarding information about the users’ internet service provider or general geographic location.
In a notable shift in network security strategy, Microsoft has eliminated SMB1 Windows Defender Firewall rules in its latest Windows 11 build, starting with the Canary Channel Insider Preview Build 25992. The change involves configuring the new “File and Printer Sharing (Restrictive)” group, excluding inbound NetBIOS ports 137-139, to enhance network security and bring SMB firewall rules more in line with the Windows Server’s “File Server” role behavior. Administrators can customize the firewall settings, and future updates are set to refine the rule set further by limiting ports to essential ones for SMB sharing, emphasizing Microsoft’s commitment to bolstering Windows and Windows Server security. The ongoing efforts also include measures to enforce SMB client encryption, block NTLM data over SMB on remote outbound connections, and require SMB signing by default for all connections to protect against security threats and vulnerabilities.
A federal judge ruled against reviving a class action lawsuit alleging that four auto manufacturers, including Honda, Toyota, Volkswagen, and General Motors, violated Washington state’s privacy laws by using their vehicles’ infotainment systems to record and intercept customers’ private text messages and mobile phone call logs.
Visa has announced the launch of a comprehensive payments learning program aimed at addressing the growing demand for skilled cybersecurity professionals. This initiative is a response to the White House National Cybersecurity Strategy Implementation Plan, which encourages businesses to create pathways for aspiring cybersecurity experts. Initially, the program will concentrate on payment cybersecurity and is currently available in the United States, with plans for international expansion in the future. In addition to online courses and certifications, Visa is offering an apprenticeship track, providing both introductory cybersecurity training and on-the-job experience, along with a military track tailored to veterans, reservists, and military spouses.
Copyright © 2023 CyberMaterial. All Rights Reserved.