Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cybersecurity Firms. Show all posts

100K+ ChatGPT Login Credentials Leaked to the Dark Web


A Singaporean cybersecurity company discovered that over the last few year, login credentials of more than 100,000 online users using chatbot like ChatGPT has been leaked and traded in the Dark Web.

According to the security researchers, infostealers illicitly acquire collect just anything, be it information of a target machine, cookies and browser history, documents and so on. Hackers frequently make money off of this kind of bounty by reselling it on the Dark Web as well as using it themselves. For instance, logs containing the user names and passwords of victims for some popular applications are frequently transmitted to online markets.

According to a blog post by cybersecurity firm Group-IB published on June 20, over 101,000 devices with compromised logins for OpenAI's flagship bot and were later traded on the Dark Web.

The aforementioned figure is apparently is “the number of logs from stealer-infected devices that Group-IB analyzed,” according to Dmitry Shestakov, Group-IB threat intelligence head.

“Every log contained at least one combination of login credential and password for ChatGPT,” he added.

A peak was apparently seen in May last year, where nearly 27,000 ChatGPT-related information was made available on the illegal marketplaces.

Less than 5,000 infected devices out of the whole sample size could be tracked back to North America. The two countries with the highest percentage of Asian origins were India (12,632) and Pakistan (9,217). Brazil (6,531), Vietnam (4,771), and Egypt (4,558) were other nations where a large number of ChatGPT credentials were disclosed.

However, compromised ChatGPT logins may well be the tip of the iceberg, since the cases of Web stealers are on a constant surge.

The researchers monitored 2,766 Dark Web stealer logs including compromised accounts in December of last year, the first month ChatGPT was made available to the general public. The following month, it went over 11,000, and two months later, doubled. The figure increased to 26,802 by May.

To conclude, this trendline is obviously jutting in one direction.

However, according to senior technical engineer at Vulcan Cyber, Mike Parkin, "Infostealers can be an issue, at least in part, because they're not as outwardly destructive as, say, ransomware, which is hard to miss. A well obfuscated infostealer can be much harder to detect, precisely because it doesn't make itself known." Reason being, its more likely for firm to ignore than some other types of malware, where they are likely to discover their sensitive data has been stolen only after it is too late.

No Evidence: Twitter Denies Hacking Claims and The Stolen Data Being Sold Online


Twitter has denied the claim of getting hacked and the stolen data being sold online. 

According to a LinkedIn post last week by Alon Gal, co-founder of the Israeli cybersecurity monitoring company Hudson Rock, stolen data has been discovered, that contained email addresses of more than 200 million twitter users. 

The breach would probably result in "hacking, targeted phishing, and doxxing," according to Gal, who labeled it as a "significant leak" and said that the information had been uploaded on an internet hacker forum. 

He claimed that despite alerting the firm, Twitter, he had not received a response. 

"I urge security researchers to conduct a thorough examination of the leaked data and rule out Twitter's conclusion of the data being an enrichment of some sort which did not originate from their own servers," says Alon Gal. 

Although, Twitter has denied all claims of the emails, allegedly linked to the users’ accounts, being obtained through a hack. 

In regards to the issue Twitter responded by stating “in response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems.” 

According to Twitter, the stolen records in question was instead probably a collection of data “already publicly available online.” While it still warns online users to be wary of suspicious emails. 

Gal, meanwhile, disapproved of Twitter's answer in a fresh post on LinkedIn. In contrast to instances of data enrichments, he noted, “The authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, opposite to cases of data enrichments.” 

The disclosure came to light following the multiple reports that Twitter data of millions of users – 5.4 million in November 2022, 400 million in December 2022, and 200 million last week – have been exposed online for sale on cybercrime forums. 

The Breach Could Not Be Correlated to Previous or New Incidents 

Twitter, in its latest post says that the latest dataset breach of 200 million users “could not be correlated with the previously reported incident, nor with any new incident or any data originating from an exploitation of Twitter systems.” 

It added that, “None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.” 

Moreover, in December 2022, another set of reports claimed that 400 million email addresses and phone numbers were stolen from Twitter – which the company denied as well.  

MegaCortex Rasomware Attack: Victims Can Now Restore Stolen Files For Free


Cybersecurity company, Bitdefender, has launched a new tool that would help victims of MegaCortex ransomware unlock their files, offering a sigh of relief to those whose files had been locked for years following the cyberattack.  

MegaCortex Ransomware

The MegaCortex ransomware first came to light in January 2019. It included many interesting characteristics, such as utilizing signed executables as a part of the payload, and the malware's developer was additionally offered security consulting services. 

The ransomware used both automated and manual components in order to attack as many targeted victims as possible. 

Moreover, MegaCortex ransomware may be employing networks that have already been infiltrated in an initial attack using Emotet and Qakbot malware to target businesses rather than individual consumers. 

According to The Malware Wiki, MegaCortex used AES encryption to encrypt user files. The only way to regain access to protected data is through a private key, which victims would need to buy from the hackers, according to a readme file that came with infections. 

The MegaCortex ransomware attack was capable of information theft, file encryption as well disabling usage capability. According to an estimate by TechCrunch, MegaCortex may have infected as many as 1,800 companies around the globe, including a number of “high profile” targets. Although it has been indicated that the figure is likely to be far higher. 

Later, in October 2021, law enforcement detained 12 suspected of being involved in more than 1,800 ransomware assaults in 71 different nations. Police reportedly spent months searching through the data gathered during the arrests, according to TechCrunch. In the end, they discovered individual decryption keys that were utilised to produce and disseminate a program in September of last year to decode files encrypted by the LockerGoga ransomware. 

Free Decryptor Built by Bitdefender 

The free decryptor is being deployed by Bitdefender and the EU’s initiative ‘No More Ransom’ in cooperation with the Zürich Cantonal Police, the Zürich Public Prosecutor’s Office, and Europol. 

The authorities announced in September that 12 culprits have been detained in connection with the Dharma, LockerGoga, and MegaCortex ransomware families. 

The arrests at the time, according to a statement from Zürich's prosecutor, enabled investigators to collect numerous private keys used by the ransomware gang, which would allow victims to restore data that had been previously encrypted using the LockerGaga or MegaCortex virus. A decryptor for LockerGoga was made available by BitDefender last year. 

The cybersecurity company has recently confirmed that the free MegaCortex decryptor is now being made available. The tool will work to unlock files that were encrypted by MegaCortex ransomware and all its variants. It is available to download from Bitdefender and through No More Ransom’s decryption tools portal, which is, in fact, home to 136 other free tools for 165 ransomware variants such as Babuk, DarkSide, Gandcrab, and REvil.  

Ways Firms can Establish Data Governance

 


According to a new analysis, maintaining structured data was cited by two-thirds of business IT leaders as its prime focus, with unstructured data rated as less critical. Likewise, a remarkably huge portion probably needs to be safeguarding sensitive information.  

Unstructured data, which can be found in many different formats throughout an organization, poses a number of unacknowledged operational threats to companies. Losing track of data opens a corporation up to bad actors and leaves it vulnerable to financial audits and other types of inspection.

Can businesses make sure that their enterprise, alongside their networks of external and agency partners, is up to the challenge of maintaining compliance with constantly changing regulations, navigating the deprecation of third-party cookies, and keeping a promise of privacy to clients?

We are listing below the three ways in which they can establish data governance.

1. Identify the content

Analyzing data is the first step in controlling it. It covers everything from abandoned USB keys to written notes to service records and survey results.

Unstructured data, such as video, audio, social media posts, and scanned documents, make up a considerable portion of data (80% to 90%). Official data governance requires knowing where this record is, where it is kept, and who has exposure to it within the company. Completing a comprehensive digital inventory with all data is the initial step in efficient governance. 

2. Dark data: Inform the staff

Schooling in data security must be a core component of all job-related training and start from day one. Every member of the company, from the admin officer to the CEO, should get used to the organization's security regulations. Create formal processes and update them as applicable. 

3. Employ effective monitoring

Investing in data analysis software is simply the start of building a successful data governance system. Additionally, the company requires professionals who can act as data owners and administrators. 

The ownership and governance duties cannot be grafted onto executive job descriptions because a complete data inventory may require tracking and monitoring as many as 100,000 unstructured files. Instead, including data privacy, protection, and security in the design process necessitates automation and the focus of experts. 

Information governance, which has a broader focus on how information is used throughout an organization, is connected to data governance. However, these concepts are typically seen as distinct disciplines with related goals.

Software for data catalogs is present in many platforms for data governance and metadata management. An organization's diverse teams are given the ability to manage data voluntarily thanks to a layer of cross-functional review tools, resulting in effective data governance with constructed checks and balances.

SpringShell Attacks Target About One in Six Vulnerable Orgs

 

According to figures from one cybersecurity firm, about one out of every six firms affected by the Spring4Shell zero-day vulnerability has already been targeted by threat actors. 

The exploitation attempts occurred within the first four days of the severe remote code execution (RCE) issue, CVE-2022-22965, and the associated attack code was publicly disclosed. 37,000 Spring4Shell attacks were discovered over the weekend alone, according to Check Point, which generated the statistics based on their telemetry data. Software vendors appear to be the most hit industry, accounting for 28% of the total, possibly due to their high vulnerability to supply chain threats. 

Based on their visibility, Check Point ranks Europe #1 in terms of the most targeted region, with 20%. This suggests that the malicious effort to exploit existing RCE possibilities against vulnerable systems is well underway, and threat actors seem to be turning to Spring4Shell while unpatched systems are still exposed. North America accounts for 11% of Check Point's detected Spring4Shell attacks, while other entities have confirmed active exploitation in the United States. 

Spring4Shell was one of four flaws posted to the US Cybersecurity & Infrastructure Security Agency's (CISA) inventory of vulnerabilities known to be used in actual attacks yesterday. The agency has uncovered evidence of attacks on VMware products, in which the software vendor published security upgrades and alerts. 

Microsoft also released guidelines for detecting and preventing Spring4Shell attacks, as well as a statement that they are already analyzing exploitation attempts. Spring MVC and Spring WebFlux apps operating on JDK 9+ are affected by CVE-2022-22965, hence all Java Spring installations should be considered potential attack vectors. Spring Framework versions 5.3.18 and 5.2.2, as well as Spring Boot 2.5.12, were published by the vendor to address the RCE issue. 

As a result, upgrading to these versions or later is strongly advised. System administrators should also be aware of the remote code execution vulnerabilities in the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. These flaws already have proof-of-concept exploits that are publicly available.