Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label and Exploits. Show all posts

Over 2.5 Billion Google Chrome Users' Information was Breached

 


It is no longer necessary for a person to commute to a physical location to find information about anything they are interested in. 

Currently, Google can be trusted to provide the most relevant information about anything and everything. Google has a wealth of information available at the click of a button. Data threat risk is also growing along with the acceptance of cloud services leading to the rise of data breaches. 

With billions of users, Google Chrome is gaining an increasing amount of popularity as one of the most popular web browsers. 

According to the cyber security firm Imperva Red, a vulnerability in Google Chrome and Chromium browsers could expose the data of over 2.5 billion users worldwide to the risk of theft or other harm. 

The company is reporting that a vulnerability known as CVE-2022-3656 can be exploited to steal private information, such as the login credentials of cloud providers and crypto wallets. An assessment of how the browser interacts with the file system found a vulnerability in the way the browser works with the file system. According to the blog, the purpose of this experiment was primarily to examine how browsers handle symlinks to find widespread issues. 

It should be noted that a symbolic link is a kind of file that points to a different file or directory, as defined by Imperva Red. A symlink can therefore be treated by the operating system as if it were a regular file or directory. This means that the operating system can access it as though it were physically present. A symlink could be useful if you want to create shortcuts, change the path of a file, or organize your files more flexibly according to the manual. 

There is also a possibility that these links could be exploited to expose vulnerabilities if not managed appropriately.  

The company stated that the flaw, which affected Google Chrome, could have been exploited by hacking and building a false website. This site promoted a newly launched service related to crypto wallets. A website that prompts people to download "recovery" keys might then appear to deceive them into creating a new wallet.   

How Hackers Can Exploit ChatGPT, a Viral AI Chatbot


Cybernews researchers have discovered ChatGPT, a platform that provides hackers step-by-step instructions on hacking a website. An AI-based chatbot, ChatGPT was launched recently and has caught the attention of the online community. 

The team at Cybernews has warned that AI chatbots may be fun to play with, but they are also dangerous as it is able to give detailed info on how to exploit any vulnerability. 

What is ChatGPT?

AI has created a stir in the imaginations of leaders in the tech industry and pop culture for decades. Machine learning tech allows you to automatically create text, photos, videos, and other media. They are all flourishing in the tech sphere as investors put billions of dollars into this field. 

While AI has enabled endless opportunities to help humans, the experts warn about the potential dangers of making an algorithm that will outperform human capabilities and can get out of control. 

Apocalypse situations due to AI taking over the planet are not something we are talking about. However, in today's scenario, AI has already started helping threat actors in malicious activities.

ChatGPT is the latest innovation in AI, made by research company OpenAI which was led by Sam Altman, and also backed by Microsoft, LinkedIn Co-founder Reid Hoffman, Elon Musk, and Khosla Ventures. 

The AI chatbot can make conversations with people imitating various writing styles. The text made by ChatGPT is way more imaginative and complex when compared to earlier chatbots built by Silicon Valley. ChatGPT is trained using large amounts of text data from web, Wikipedia, and archived books. 

Popularity of ChatGPT

After five days after the ChatGPT launch, over one million people had signed up for testing the tech. Social media was invaded with users' queries and the AI's answers- writing poems, copywriting, plotting movies, giving important tips for weight loss or healthy relationships, creative brainstorming, studying, and even programming. 

According to OpenAI, ChatGPT models can answer follow-up questions, argue incorrect premises, reject inappropriate queries, and admit their personal mistakes. 

ChatGPT for hacking

According to cybernews, the research team tried "using ChatGPT to help them find a website's vulnerabilities. Researchers asked questions and followed the guidance of AI, trying to check if the chatbot could provide a step-by-step guide on exploiting."

"The researchers used the 'Hack the Box' cybersecurity training platform for their experiment. The platform provides a virtual training environment and is widely used by cybersecurity specialists, students, and companies to improve hacking skills."

"The team approached ChatGPT by explaining that they were doing a penetration testing challenge. Penetration testing (pen test) is a method used to replicate a hack by deploying different tools and strategies. The discovered vulnerabilities can help organizations strengthen the security of their systems."

Potential threats of ChatGPT and AI

Experts believe that AI-based vulnerability scanners used by cybercriminals can wreak havoc on internet security. However, cybernews team also sees the potential of AI in cybersecurity. 

Researchers can use insights from AI to prevent data leaks. AI can also help developers in monitoring and testing implementation more efficiently.

AI keeps on learning, it has a mind of its own. It learns newer ways of advanced tech and exploitation, and it works as a handbook to penetration testers, offering sample payloads fulfilling their needs. 

“Even though we tried ChatGPT against a relatively uncomplicated penetration testing task, it does show the potential for guiding more people on how to discover vulnerabilities that could, later on, be exploited by more individuals, and that widens the threat landscape considerably. The rules of the game have changed, so businesses and governments must adapt to it," said Mantas Sasnauskas, head of the research team. 





Recovery From Ransomware Attack Continues At CHI Health

 


On Tuesday, CommonSpirit Health, one of the country's biggest health systems, told an unspecified "IT Security Incident" that affected multiple regions, has disrupted hospital operations across the nation. As a security measure, a few systems were taken offline in the wake of the attack which also forced patients' procedures to be rescheduled. 

In the case of a ransomware attack, malware is typically infected onto the computer by someone manually loading the infected software. This is done by clicking on a malicious link in an email or on a website. Infected software can be downloaded either manually or through malicious links embedded in emails or sites. There is a goal behind the attack, which is to take control of computer systems or files to disable them.

As soon as the attackers gain access to the network they will be able to demand a ransom. This money is then exchanged for the encryption key from the organization.

A statement issued by CHI Health on Wednesday night noted that CommonSpirit "took immediate steps to protect our systems, contain the incident, begin an investigation and ensure continuity of care upon learning about the ransomware attack. In addition to providing our patients, employees, and caregivers with relevant updates regarding the ongoing situation, we continue to provide the highest level of care for patients. Despite this, we remain committed to maintaining the highest level of patient care and apologize for any inconveniences this matter may have caused."

CHI Health has said that some appointments and procedures have had to be rescheduled or delayed since the attack was reported at the beginning of October; this is due to the unexpected nature of the attack.

There have been reports in recent years that hospitals are following protocols if there are system outages. This includes taking certain records offline including national health records. Additionally, they are taking steps to mitigate disruptions and maintain continuity of care in the wake of an outage.

"To support and assist our team with further investigation and response work, we have engaged leading cybersecurity experts as well as notified law enforcement, and we are conducting a comprehensive forensic investigation to ensure full functionality and to reconnect all of our systems," the hospital told. 

Some patients have expressed frustration with the CommonSpirit Health attack, which some patients say has led to doctors using paper charts instead of computers. This can be a frustrating experience. Making appointments and getting prescriptions from the doctor are some of the challenges that need to be addressed.

According to the Omaha World-Herald, Edward Porter, a diabetic from Omaha, was unable to reorder sensors for his continuous glucose monitor because CHI Health's systems are currently offline, posing a problem with reordering the sensors for his insulin pump.

Under the employer-provided medical insurance that he uses, the devices are considered durable medical equipment the policy. As a general rule, he gets them at a CHI Health pharmacy which is specialized in handling these kinds of devices. Buying them out-of-pocket would cost at least $75 per person, which is an expense that he has not budgeted for, and will not be able to afford.

Neither Common Spirit nor any of its affiliate companies have announced publicly whether the attack has affected all 1,000 care facilities in 21 states, which include 140 hospitals. Additionally, the hospital has not commented on whether any personal or medical data of the patients was compromised as well.

Evidently, the attack has affected the healthcare sector in a significant way; according to Brett Callow, a threat analyst with cybersecurity service provider Emsisoft, it might be the biggest-ever attack ever experienced by a hospital. 

Fleeceware Apps Prey on Android Users

 

A fleeceware application isn't customary Android malware as it doesn't contain pernicious code. Rather, the danger comes from unnecessary subscription charges that it may not clearly specify to mobile clients. Fleeceware tricks a victim into downloading an application that intrigues them. At that point, the developer relies on the client overlooking the program as well as neglecting to see the actual subscription charge. These developers target more youthful clients who probably won't focus on the subscription details. The developer fleeces the victim by fooling them into paying cash for something they probably won't need. Chances are, they won't realize they have or they may have gotten somewhere else complimentary or free of charge.

In January 2020, SophosLabs uncovered that it had distinguished more than 20 fleeceware applications hiding out in the Android market place. These applications acquired an aggregate all out of more than 600 million installations. One of those applications charged clients $3,639.48‬ yearly, or $69.99 every week, for showing day by day horoscopes. A couple of months after the fact, Google updated its policies to guarantee that clients comprehended the full price of an application subscription when free trials and introductory offers end and how to deal with their application subscriptions. That didn't prevent a few people from endeavoring to get around Google's policies. In August 2020, Google eliminated some fleeceware applications for neglecting to incorporate a dismiss button and for showing subscription data in small, light font styles. 

Avast reported seven fleeceware applications to Google Play in mid-November. A large portion of these applications professed to offer Minecraft-related skins, maps, and additionally mods for the well-known game. Others offered skins for different games or advertised themes and wallpapers for Android devices. Utilizing those disguises, the entirety of the applications figured out how to pull in excess of 100,000 individuals before Avast found them. Five of them flaunted more than 1,000,000 downloads. 

Associations can help safeguard their clients against fleeceware applications, for example, by utilizing Mobile Device Management (MDM) to restrict the functionality of applications introduced on corporately owned cell phones. They can likewise utilize ongoing security awareness training and incorporate a list of permitted mobile applications and market places that employees can use on their cell phones.

Hackers abuse Sophos Firewall Zero Day Vulnerability


Sophos, a UK cybersecurity company famous for its anti-virus products has released an emergency security update this Saturday to combat a Zero-Day vulnerability exploited by hackers in its XG enterprise firewall product.


They became aware of the vulnerability on Wednesday after one of their customers reported "a suspicious field value visible in the management interface." And they released an update containing the patch for the vulnerability.

The Vulnerability- SQL INJECTION BUG

"The attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices," Sophos said.

The miscreant hackers attacked Sophos XG Firewall devices whose administration or user portal control panel were exposed on the internet. The hackers used the SQL Injection Vulnerability in XG firewall devices and downloaded a play-load on the device to steal data like passwords and usernames for the firewall device admin, portal admins, and user accounts for remote access, the firewall's license and serial number.

Sophos says that during its investigation, it did not find any proof that the hackers accessed anything beyond the firewall as well as no devices were accessed by the malware. They named the malware Asnarok.

 Patches already updated in user devices 

The company already pushed the patches in an automatic update in all XG Firewall devices that had the auto-update feature enabled. "This hotfix eliminated the SQL injection vulnerability which prevented further exploitation, stopped the XG Firewall from accessing any attacker infrastructure, and cleaned up any remnants from the attack," it said. The update also shows a message to the user if their device was compromised or not in their Firewall control panel.

Sophos recommends some steps to take for the companies who had their device hacked mainly focused on resetting passwords and reboots:


  1.   Reset portal and device administrator accounts.
  2.   Reboot the infected firewall device. 
  3.   Reset all passwords of user accounts.


"Sophos also recommends that companies disable the firewall's administration interfaces on the internet-facing ports if they don't need the feature", writes zdnet.