With Bonfire night over for another year and Mariah Carey officially defrosting, let's take a look at this week's Cyber Weekly Digest, highlighting our top cyber security news picks of the week. This week we were made aware of a large data breach at an iconic hotel in Singapore, Offensive and Defensive AI with ChatGPT and how Windows News Portals might not be as they seem! Keep reading to stay up to date on the latest cyber security news.
According to the statement, the security incident was discovered on October 20 and an unauthorised party was able to access information belonging to members of the MBS loyalty program. While the scope of the attack has not been clarified publicly, the intrusion could be related to a ransomware attack. Threat actors are often stealing data from company networks and then try to extort money from the victim. However, at the time of writing, no ransomware actor has claimed the attack on MBS.
ChatGPT is the most swiftly growing consumer application to date. The extremely popular generative AI chatbot has the ability to generate human-like, coherent and contextually relevant responses. This makes it very valuable for applications like content creation, coding, education, customer support, and even personal assistance.
However, ChatGPT also comes with security risks, being used for data exfiltration, spreading misinformation, developing cyber attacks and writing phishing emails. On the flip side, it can help defenders who can use it for identifying vulnerabilities and learning about various defenses. We loved this Hacker News article, showing numerous ways attackers can exploit ChatGPT and the OpenAI Playground and, just as importantly, they show ways that defenders can leverage ChatGPT to enhance their security posture as well.
Cybersecurity researchers have unmasked a prolific threat actor known as farnetwork, who has been linked to five different ransomware-as-a-service (RaaS) programs over the past four years in various capacities. Singapore-headquartered Group-IB, which attempted to infiltrate a private RaaS program that uses the Nokoyawa ransomware strain, said it underwent a "job interview" process with the threat actor, learning several valuable insights into their background and role within those RaaS programs.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. In light of real-world attacks employing the flaw, federal agencies are required to apply the necessary mitigations, including disabling the SLP service on systems running on untrusted networks, by November 29, 2023, to secure their networks against potential threats.
A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. While malvertising campaigns are known to set up replica sites advertising widely-used software, the latest activity marks a deviation in that the website mimics WindowsReport[.]com. The goal is to trick unsuspecting users searching for CPU-Z on search engines like Google by serving malicious ads that, when clicked, redirect them to the fake portal (workspace-app[.]online). To top it all, eSentire also called attention to a new method dubbed the Wiki-Slack attack, a user-direction attack that aims to drive victims to an attacker-controlled website by defacing the end of the first para of a Wikipedia article and sharing it on Slack.