ChatGPT data leak and Gmail message theft by North Korean hackers
ChatGPT suffers data leak due to an open-source bug, North Korean hackers steal Gmail emails via Chrome extensions and the Nexus Android malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. OpenAI says an open-source bug leaked ChatGPT user data
OpenAI has disclosed that a bug in the Redis open-source library caused the exposure of personal information of some users of its ChatGPT service. The bug allowed certain users to see descriptions of other users' conversations, prompting the temporary closure of the chatbot. OpenAI noted that the glitch originated in the redis-py library, causing connections to be corrupted and return unexpected data from the database cache. While the issue has been resolved, the company stated that it may have exposed payment-related information of 1.2% of ChatGPT Plus subscribers.
2. North Korean Hackers stealing Gmail messages via Chrome extensions
North Korean hacking group Kimsuky (aka Thallium or Velvet Chollima) is using malicious Chrome extensions to steal Gmail emails from targets, including government agencies, journalists and politicians. The group, known for targeting South Korean companies, has been expanding its operations globally. A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea has warned of Kimsuky's use of a Chrome extension named 'AF', which intercepts and sends stolen email content to the attacker's relay server. The advisory cautions that while the current campaign targets South Korea, Kimsuky's methods can be used worldwide.
3. Procter & Gamble confirms GoAnywhere zero-day exploit
Consumer goods giant Procter & Gamble (P&G) has confirmed that it was one of many companies affected by the Fortra GoAnywhere vulnerability. The company revealed that the attackers obtained “some information” about its employees, but no customer data was affected. The disclosure followed the claim by ransomware group Cl0p that it had successfully targeted P&G along with other high-profile firms. Cl0p cited the Fortra vulnerability as being key to the campaign, with experts suggesting the gang’s openness about the issue may point to the tool being obsolete.
4. Customers of over 400 financial institutions targeted by Nexus Android malware
In a new threat to mobile banking and cryptocurrency applications, malware called "Nexus" is being used to target customers of 450 banks and cryptocurrency services globally. This Android trojan contains multiple features for account hijacking and siphoning funds out of accounts. Cleafy, an Italian cybersecurity firm, first discovered Nexus last year but identified it as a Sova variant. However, the malware has since evolved and emerged on hacking forums with new functionalities. The malware authors have launched a malware-as-a-service program for other threat actors to rent or subscribe to Nexus.
5. Emotet phishing campaign targets U.S. taxpayers with fake W-9 forms
A new phishing campaign using the notorious Emotet malware is targeting taxpayers in the U.S.. The hackers are impersonating the Internal Revenue Service (IRS) and companies that taxpayers work with, using fake W-9 tax forms as bait. Emotet has in the past been distributed via Microsoft Word and Excel documents with malicious macros, but after Microsoft blocked macros by default, the malware now uses Microsoft OneNote files with embedded scripts to install. Once Emotet is installed, it can steal victims' emails, send spam emails and install other malware. The malware is timed to coincide with the U.S. tax season.
Phishing simulations & training
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- ChatGPT data leak and Gmail message theft by North Korean hackers
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
