Weekly Cybersecurity News
Ayushman Singh
Community Manager
We share this week’s important news of current events in the world of cybersecurity that directly or indirectly impact our lives as well as operations of businesses, various institutions and organizations, and governments-nation states in this highly digitalized and interconnected world.
AI worm exposes security flaws in AI tools like ChatGPT:
There is a potential security threat to AI tools like ChatGPT and Gemini posed by a malware worm named Morris II. Although not an immediate threat, researchers have identified vulnerabilities in these AI systems that could be exploited by malware. The worm can infect GenAI systems without user interaction, manipulating prompts to perform harmful actions. Steps to protect against such threats include being cautious with emails, using antivirus software, keeping systems updated, using strong passwords, backing up data, limiting file-sharing, and enabling security features like two-factor authentication. Users are advised to stay proactive about digital security despite the potential vulnerabilities in AI tools.
How a flaw in iPhone’s security could leave you locked out:iPhone users are warned about a new scam targeting them called the “push bombing/MFA fatigue” scam. Scammers exploit a bug that triggers “Reset Password” notifications, prompting users to either “Allow” or “Don’t Allow.” If users accidentally click “Allow,” scammers gain access to their accounts, potentially locking them out permanently. The scam extends to other Apple devices, and users are advised not to click “Allow” and to contact Apple if targeted. Measures like changing associated phone numbers and creating email aliases are suggested for safeguarding against the scam.
Phishing remains top route to initial access:Phishing remains as the primary method used by threat actors to gain initial access in security incidents, accounting for 71% of incidents in 2023 according to ReliaQuest’s Annual Cyber-Threat Report. Phishing exploits human behavior and trust, making it a popular tactic among attackers. Scattered Spider, a ransomware group, is cited as an example of threat actors employing social engineering tactics to execute attacks successfully. To combat phishing, organizations are advised to focus on authentication techniques such as biometrics and reducing session token lifetimes.
Yes, Even Putin Just Warned You That Telegram Is Dangerous:Vladimir Putin’s press secretary, Dmitry Peskov, warned about the dangers of Telegram, linking it to terrorist activities. Telegram’s founder Pavel Durov responded, claiming measures were taken to intercept messages inciting violence. Despite the warning, there are no current plans to ban Telegram in Russia. However, concerns remain about the platform’s security and privacy features, especially its lack of default end-to-end encryption.
TikTok Shock As Viral Video Hack Freezes Screens — 2 Ways To Fix It:TikTok users are encountering a new viral video hack that freezes their screens, preventing them from scrolling. Despite appearances, the app is not actually frozen, and there are two simple fixes: refreshing the feed by hitting the home button or scrolling from the bottom right or middle of the screen. This phenomenon has caused frustration among users, prompting complaints online. TikTok has yet to respond to requests for comment on the issue.
Google Messages Warning For All Users As Radical Update Launches:Google Messages is rolling out a new feature called Gemini, which introduces AI chatbots to the platform. However, users should be cautious as these chats are not end-to-end encrypted, raising privacy concerns. Google warns users to avoid sharing sensitive information during these chats, as human reviewers may access the conversations for quality improvement. This highlights the need for users to understand the implications of AI-powered chatbots and to review their privacy settings accordingly.
New WhatsApp Terms — 10 Day Deadline To Accept Or Delete Account:WhatsApp is updating its terms for European users to comply with regulatory requirements, allowing third-party chats starting April 11. Despite concerns about privacy and security, the changes primarily address facilitating third-party communication without additional data sharing with Meta. Users are urged to understand the implications and exercise caution against potential scams and fraudulent activities, including phishing attempts and unauthorized apps. Maintaining awareness and skepticism can help ensure account security amid the transition.
Experian Is Trying To Force WhatsApp To Hand Over User Data In An ‘Odd’ Court Battle:Experian, a major credit monitoring company, has taken an unusual legal step by requesting WhatsApp to provide call and message records of certain users in relation to separate lawsuits. Experian believes that these records could assist in its defense against claims that its credit reports resulted in unfair mortgage application rejections. However, WhatsApp has declined to provide the requested information, stating that it does not retain the historical records Experian is seeking. Experian has subsequently sought judicial intervention to compel WhatsApp to respond to the subpoenas. Legal experts find Experian’s pursuit of this case perplexing, particularly since WhatsApp claims not to have the data requested. The outcome of this legal battle may have implications for privacy-focused companies and their users amid ongoing debates about access to user data.
Hackers Breached Hundreds Of Companies’ AI Servers, Researchers Say:In a significant cybersecurity development, hackers have exploited a vulnerability in the open-source software Ray, used for scaling AI models, to breach potentially hundreds of companies. The attack, discovered by cybersecurity researchers at Oligo Security, marks the first instance of cyberattacks targeting AI computing vulnerabilities in the wild. The attackers targeted exposed servers running Ray, installing cryptocurrency miners to divert processing power used for AI tasks. Additionally, vulnerable servers leaked access tokens, potentially compromising various AI and business applications, including OpenAI and Slack. The severity of the attacks underscores the importance of securing AI infrastructure and the need for robust cybersecurity measures in AI development and deployment.
What we know about the xz Utils backdoor that almost infected the world:The xz Utils backdoor incident reveals a sophisticated supply chain attack that almost infiltrated the Linux ecosystem. A Microsoft developer discovered the intentional backdoor planted in xz Utils, a widely used compression utility in Linux and Unix-like systems. The backdoor aimed to manipulate SSH connections, potentially allowing attackers to execute arbitrary code on affected devices. The attack involved subtle social engineering and years of planning, with the perpetrator gaining commit access to open-source projects and gradually introducing malicious changes. Fortunately, the backdoor was detected before widespread harm occurred, highlighting the importance of vigilant software monitoring and security practices in open-source development.
Vultur banking malware for Android poses as McAfee Security app:A new version of the Vultur banking trojan for Android has been discovered, featuring enhanced remote control capabilities and evasion tactics. Distributed through a hybrid attack involving smishing and phone calls, the malware poses as the McAfee Security app. Upon installation, it deploys a malware dropper named ‘Brunhilda’ and executes multiple payloads to access Accessibility Services and establish a connection with a command and control server. The malware retains old features like screen recording and keylogging while introducing new functionalities such as file management actions, Accessibility Service usage for gestures, and app blocking. Additionally, it employs encryption and disguises its activities as legitimate apps to evade detection. Users are advised to download apps from reputable sources and review permissions before installation to minimize the risk of infection.
Cisco warns of password-spraying attacks targeting VPN services:Cisco warns of password-spraying attacks on Remote Access VPN services, advising measures like enabling logging, securing profiles, and using certificate-based authentication. These attacks are linked to the Brutus botnet, targeting SSLVPN appliances and web apps with specific usernames, potentially indicating undisclosed breaches or zero-day vulnerabilities. The operators remain unknown, but some IPs are associated with past APT29 activities, suggesting ties to the Russian SVR.
Google blocked billions of ads and millions of ad accounts last year for violating its rules:Google’s annual Ads Safety Report reveals that the tech giant took significant action against ad violations in 2023, blocking or removing 12.7 million advertiser accounts and 5.5 billion ads. This represents a substantial increase from previous years. The report emphasizes Google’s commitment to maintaining a safe digital advertising ecosystem. Additionally, the impact of generative AI on the industry is highlighted, with Google implementing AI tools across its ads business, albeit leading to concerns about job security among employees. Despite challenges, Google continues to invest in policy updates, worker training, and enhanced detection techniques to combat scams and fraud in online advertising.
You may be offered a free premium Telegram subscription — but please don’t accept:The messaging app Telegram has offered some users a free premium subscription in exchange for relaying SMS one-time passwords (OTPs) to other users. While this may seem like a good deal, it poses significant security risks. By agreeing to relay OTPs, users expose their phone numbers to up to 150 random recipients each month, potentially leading to harassment or other issues. Additionally, there’s no way for Telegram to enforce rules against recipients texting back, further exacerbating the risk. Ultimately, users are responsible for any repercussions, as Telegram disclaims liability for any harm resulting from this practice. Therefore, it’s advised not to accept this offer.
The huge rise in AI and ML transactions are putting businesses at risk:Zscaler warns of the significant security risks associated with the increasing use of AI and Generative AI in enterprises. The “2024 AI Security Report” highlights a 600% surge in AI-related transactions, with manufacturing leading the way. However, the report emphasizes the need for enterprises to manage risks effectively, including intellectual property leakage and cyber threats. Zscaler recommends deploying tools for visibility, access policy creation, data security, and browser isolation to mitigate these risks effectively.
Google reveals the nastiest zero-days it tracked this year:Google’s security experts, in collaboration with Mandiant, report a surge in zero-day vulnerabilities exploited in 2023, with 87 instances compared to 62 the previous year. Third-party components and libraries were prime targets for hackers, enabling rapid and widespread attacks. Enterprise entities were heavily targeted, particularly security software and appliances. Nation-states are increasingly exploiting zero-days, with China leading the pack, having exploited 12 vulnerabilities last year.
AT&T Finally Admits Data Leak Impacting 73 Million Customers:AT&T has finally admitted to a data breach affecting 73 million customers, nearly three years after it was first reported by RestorePrivacy. The breach, organized by the hacking group ShinyHunters, resulted in the exposure of sensitive customer information, including names, email addresses, phone numbers, home addresses, and SSNs. Despite initial denials, AT&T now acknowledges the breach and is working to determine the source of the compromised data. Affected customers are advised to take precautions to secure their accounts and personal information.
Beware — that bank payment notice could actually be a damaging new malware:Hackers are targeting individuals with a new malware campaign disguised as a Polish bank payment notice. The malicious emails contain an attachment named “Bank Handlowy w Warszawie — dowód wpłaty_pdf.tar.gz,” which, when opened, installs the Agent Tesla infostealer. This loader utilizes obfuscation techniques to avoid detection and can bypass antivirus defenses, ultimately deploying Agent Tesla to steal sensitive data. Agent Tesla, a remote access trojan, has been actively exploited for over a decade, offering various malicious functionalities like keylogging and screenshot grabbing. The campaign highlights the evolving sophistication of cyber threats and the need for robust cybersecurity measures.
Barely any firms are ready for the next generation of cyber threats:A Cisco study reveals a concerning lack of readiness among organizations globally, including in the UK, to defend against cyber threats, with only 2% considered ‘mature’ in cybersecurity readiness. Over half of the organizations surveyed experienced cybersecurity incidents in the past year, costing many over $300,000 each. Complex security landscapes hinder detection and response efforts, compounded by challenges introduced by hybrid work environments. Jeetu Patel of Cisco emphasizes the need for investments in integrated platforms and AI to bolster defense capabilities. Efforts to strengthen network security and address cybersecurity skill gaps are essential for effective risk mitigation.
Beware of encrypted PDFs as latest trick to deliver malware to you:There is a new cyberthreat involving Russian-backed hackers distributing malware disguised as PDF encryption tools. Victims receive encrypted PDFs and are tricked into downloading malware when they attempt to view them. The malware, called Spica, steals sensitive information from browsers. Tips for protection include avoiding suspicious downloads, updating software regularly, and using antivirus software.
How Google plans to make stolen session cookies worthless for attackers:Google is developing a new security feature for Chrome called Device Bound Session Credentials (DBSC), aimed at thwarting attackers from utilizing stolen session cookies to access user accounts. By binding authentication sessions to the device, DBSC renders stolen cookies useless unless attackers can operate locally on the device. The feature utilizes public/private key pairs stored securely on the device, preventing online tracking and enabling users to delete keys at will. DBSC is still in development but may become an open web standard, with several stakeholders expressing interest in its implementatio
Impersonation scams cost US victims over a billion dollars last year:The Federal Trade Commission (FTC) reports that impersonation scams have cost victims in the US over $1 billion in 2023, tripling the amount recorded in 2020. Scammers are increasingly using tactics such as fake phone calls, email scams, and text scams. They often impersonate multiple organizations in a single scam, aiming to trick victims into transferring money or providing personal information. The FTC advises people to be cautious of unexpected messages, refrain from clicking on links, and avoid rushing to take action.
Nuclear waste clean-up company to be prosecuted over alleged cyber blunders:Sellafield Ltd, responsible for cleaning up nuclear waste at the Sellafield site in Cumbria, is facing prosecution over alleged cybersecurity failures. The Office for Nuclear Regulation (ONR) has informed Sellafield Ltd of charges under the Nuclear Industries Security Regulations 2003, relating to IT security offences between 2019 and 2023. Despite denials of serious security breaches, the charges suggest failures in compliance. The investigation coincides with key personnel departures and is part of broader scrutiny into risks and costs at Sellafield. The site’s clean-up is the UK’s most expensive, with potential fiscal risks to the government. Additionally, reports have emerged of attempted hacks on Nuclear Waste Services, involved in designing the Geological Disposal Facility to store toxic waste from Sellafield.
Escalating malware tactics drive global cybercrime epidemic:In Q4 2023, there was a significant global increase in malware detections, with diverse tactics employed by threat actors. Encrypted malware and zero-day detections rose notably, with script-based and browser-based threats also on the rise. Exchange server attacks remained prevalent, highlighting the need for improved email server security. Cyberattack commoditization continued, with Glupteba and GuLoader among the top malware variants. Despite a decrease in ransomware detections, it remains a significant threat, with law enforcement efforts contributing to a decline in public ransomware breaches.
Spyware and zero-day exploits increasingly go hand-in-hand, researchers find:The report by Google’s Threat Analysis Group and Mandiant highlights the increasing role of commercial spyware firms (CSVs) in exploiting zero-day vulnerabilities in mobile and browser software. In 2023, CSVs were responsible for 64% of known exploited mobile and browser zero-day vulnerabilities. The report underscores concerns about the misuse of spyware for surveillance purposes and the need for regulatory measures. Despite efforts to mitigate zero-day exploits, the number of vulnerabilities exploited in the wild has increased, with notable targeting of Google products and Android devices. Additionally, the report identifies China as the most prolific state user of zero-day exploits and reports the first known instance of Belarusian-linked espionage groups using zero-day vulnerabilities.
Poland launches inquiry into previous government’s spyware use:Poland has initiated an investigation into the previous government’s use of the controversial spyware Pegasus. The inquiry involves a parliamentary investigation and potential criminal charges against former officials. Victims targeted by Pegasus will be notified, giving them the opportunity to seek compensation and participate in legal proceedings. The investigation follows revelations of Pegasus being used against media and civil society, including in Hungary, and against opposition figures in Poland. The new government, led by the Civic Platform party, has pledged to investigate alleged abuses by the previous administration. Parliamentary hearings have begun to uncover the extent of Pegasus’ use and potential abuses of power. The investigation aims to shed light on past abuses while also addressing long-term legal reforms to prevent future misuse of surveillance technologies.
Beware This Malicious Text Message — Your Phone Is Under Attack:A dangerous SMS message is targeting Android users, which is part of a campaign by the Vultur family of banking trojans. The SMS prompts recipients to call a helpline regarding an unauthorized bank transaction, leading to the installation of malware disguised as a security app. The malware grants attackers control over infected devices, utilizing Android’s Accessibility Services for remote interaction. Users should exercise skepticism towards SMS messages and stay safe which includes avoiding clicking links, verifying messages independently, and deleting suspicious SMS messages.
Google to delete billions of web browsing data records to resolve lawsuit:Google has agreed to delete or de-identify billions of web browsing data records collected from users in Incognito mode as part of a class-action lawsuit settlement. This settlement, if approved by a federal judge, could apply to 136 million Google users and is valued at $5 billion. The lawsuit, filed in 2020, is seen as a victory for privacy advocates and users who felt misled by Incognito mode’s privacy protections. Google denies any wrongdoing but has agreed to make changes to its disclosures and allow users to block third-party cookies in Incognito mode for the next five years.
The biggest challenge with increased cybersecurity attacks, according to analysts:Cybersecurity attacks are on the rise in Asia-Pacific, with ransomware leading the pack. Threat actors are leveraging sophisticated tactics such as SEO poisoning and QR code phishing, and are increasingly interested in using generative AI to automate and scale attacks. Despite the growing threat, organizations, particularly in Singapore, struggle to adopt necessary security measures due to a lack of knowledge and expertise. The adoption of generative AI in cybersecurity is seen as promising, but organizations face challenges such as regulatory concerns and data accuracy. Proper data governance and management are crucial to ensure the trustworthiness of AI-powered security responses.
Published on Medium