Tag: Cybersecurity
Google’s Improvements to Chrome’s ‘Safe Browsing’ Mode – March 18th
Google announced major security-focused revamps to Chrome's 'Safe Browsing' mode, which enables the service to work while checking against a server-side malware-site list in real-time. The added safety feature to Google Chrome's 'Safe Browsing' mode is a massive improvement compared to the browsing mode cross-checking against lists of malware-infected sites that were manually added every two hours.
Security Flaws Found in ChatGPT Plugins – March 15th
According to Salt Labs research, third-party OpenAI ChatGPT plugin security flaws could allow attackers to install malicious plugins, and hijack third-party website accounts. Leveraging security gaps in ChatGPT plugins' large language models (LLMs), OAuth workflow, and PluginLab both feature weaponizable vulnerabilities.
The EU’s AI Rules Get Final Approval – March 14th
Five years after its proposal, European Union lawmakers approved the artificial intelligence law, a world-first on AI rules. Centered around consumer safety, the EU's AI Act takes a "risk-based approach" to AI-powered products.
FBI reports record cybercrime losses in 2023
The US Federal Bureau of Investigation reports that last year the Internet Crime Complaint Center (IC3) received a record number of complaints, with potential losses exceeding $12.5 billion. Although the figures for 2023 represent a 10 percent increase over 2022 and a 22 percent rise in losses suffered, the FBI fears that even this only represents the tip of a vast unseen iceberg of cybercrime. The report quotes the FBI’s recent infiltration of the Hive ransomware group, which discovered that only 20 percent of victims had reported the incidents to law enforcement authorities.
Google’s Gemini AI Restricted to Answer Global Election Questions – March 13th
Google announced that the Gemini AI chatbot will be restricted to answering any global election-related questions to avoid any potential missteps. Users have found political questions toward Gemini to result in the answer "I'm still learning how to answer this question. In the meantime, try Google Search."
27,000 Private Data Stolen from Stanford Ransomware Attack – March 12th
Stanford University announced that the personal information of 27,000 individuals was stolen as a result of a September 2023 ransomware attack. The University also disclosed that only one system was breached, namely the "Department of Public Safety" network. The data included biometric data, dates of birth, social security numbers, government IDs, passport numbers, and driver's license numbers.
Ransomware alert for US critical infrastructure
The US Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a stark warning. The Phobos ransomware-as-a-service (RaaS) model is now being widely used by threat actors of all kinds to attack a wide variety of critical infrastructure across America. “Since May 2019, Phobos ransomware targeted municipal and county governments, emergency services, education, public healthcare, and other critical infrastructure entities,” says the joint cybersecurity advisory document. Phobos RaaS is particularly dangerous as it is an off-the-shelf software that can be deployed by even relatively unskilled threat actors in conjunction with other open-source tools such as Smokeloader, Cobalt Strike, and Bloodhound. These tools are all widely accessible and easy to use in various operating environments, making Phobos the obvious go-to choice for a wide variety of threat actors.
CISA Systems Shut Down Due to Third-Party Breach – March 11th
Cybersecurity and Infrastructure Security Agency (CISA) confirmed that two of its systems were voluntarily shut down due to a breach stemming from Ivanti vulnerabilities last month. Despite the successful attack mitigation, CISA claims to upgrade and modernize its systems to avoid breaches of this nature in the future.
Russian Hackers Breach Microsoft’s Code Base – March 8th
Microsoft announced the cyber campaign by the Russian-state-sponsored 'Midnight Blizzard' hackers, resulting in the group stealing the tech giant's source code. The sophisticated 'Midnight Blizzard' campaign is said to be rooted in a grander scheme to gain unauthorized access to Microsoft's environment using the stolen source code.
Skype, Google Meet, and Zoom were used in the New Trojan Campaign – March 7th
Zscaler discovered a new remote access trojan (RAT) campaign that lures victims through fake online meeting links. Once the victims are lured into downloading the RAT through the meeting links impersonating Skype, Google Meet, and Zoom, the RAT payload may enable threat actors to steal sensitive information.
Public AI opens doors to cybercrime
Companies using public artificial intelligence (AI) services such as Microsoft-backed ChatGPT are at increasing risk of allowing cybercriminals to access confidential data. According to cybersecurity firm Group-IB’s Hi-Tech Crime Trends Report 2023/2024, between June and October of 2023, over 130,000 unique hosts with access to OpenAI were compromised, representing a 36 percent rise over the first five months of the year. Companies currently take one of two main approaches to integrating AI into workflows. One is to use public AI models and the second is to create bespoke proprietary AI systems based on pre-trained and available models. The second approach is by far the safest as it helps control data exchange with AI systems at every stage, guaranteeing confidentiality. But this is far more expensive and labor-intensive than using more insecure publicly available AI services.
Suspected Hackers Behind Meta Social Media Temporary Shutdown – March 6th
Cyberint reported that three threat actor groups (Skynet, Godzilla, and Anonymous Sudan) are suspected to be behind the temporary shutdown of Meta social media platforms; Facebook, Instagram, and Threads. Despite the claims from the three threat actor groups on the Meta shutdown across various Telegram groups, there is still suspicion that these claims could be a hoax.