Your Daily Decrypt

8/04/2023 - Today’s news and insights for cybersecurity pros and leaders

📸 Cybersecurity Snapshot

Here's a snapshot of the cyber threat landscape from this week. Ransomware clearly takes the top spot with 10 new discoveries, showing its persistent popularity among cybercriminals. Botnets are trailing with 5 instances, while Trojans clock in with 4 sightings. Phishing and viruses also make an appearance, albeit less frequently. The 'Other' category captures a variety of threats, from adware to worms, showing the diversity of tactics in the wild. Remember, this graph is just a moment in time and the malware environment is always evolving. Stay informed and stay safe!

📰 Top Stories

Microsoft recently revealed a series of targeted social engineering attacks conducted by the Russian-linked group, Midnight Blizzard, via Microsoft Teams chats. The group bypassed multifactor authentication by convincing users to enter codes into the Microsoft Authenticator app, gaining unauthorized access to Microsoft 365 accounts. Microsoft is mitigating the threat and advising its 280 million active Teams users to be vigilant. The Russian embassy in Washington has yet to respond, leaving organizations worldwide on high alert.

Researchers have found a way to jailbreak Tesla's infotainment system, enabling owners to unlock paid features for free. The hackers utilized a voltage glitching attack to gain root access to Tesla's AMD-based infotainment system, MCU-Z. This access is nearly irrevocable and enables changes that survive reboots and updates. The researchers also discovered that it's possible to migrate a Tesla's 'user profile' to another vehicle, potentially bypassing geolocation restrictions on navigation and self-driving.

The developer of the malicious FraudGPT chatbot is preparing more advanced adversarial tools leveraging AI and Google's Bard technology. The upcoming chatbots, DarkBART and DarkBERT, will provide threat actors with powerful AI capabilities, enabling sophisticated business email compromise phishing campaigns, zero-day vulnerability exploits, and malware creation. DarkBERT, which uses the entire Dark Web as its knowledge base, may significantly lower entry barriers for cybercriminals. As AI-driven threats evolve, proactive and educational countermeasures are crucial.

Researchers have found potentially unlimited methods to bypass safety measures on key AI-powered chatbots, including OpenAI, Google, and Anthropic. The team demonstrated that automated adversarial attacks can be used to evade safety regulations, leading chatbots to generate harmful content, misinformation, or hate speech. The researchers' hacks were fully automated, enabling the creation of an extensive number of similar attacks. This discovery raises concerns about the safety of potent open-source language models and the control of AI systems.

🚨 Threat Alerts

A collaborative report by global cybersecurity agencies unveils top software vulnerabilities exploited in 2022, many of which are older and unpatched. Threat actors frequently exploited these, including those in Fortinet SSL VPNs, Microsoft Exchange, and Apache's Log4j library. The agencies urge vendors to adopt secure design practices and end-users to apply patches promptly. The report underscores the need for proactive cybersecurity strategies as threats evolve.

Researchers have discovered a new, highly sophisticated macOS malware tool being sold for $60,000 on a Russian cybercrime forum. The Hidden Virtual Network Computer (HVNC) tool allows hackers to covertly infiltrate Mac devices within small to medium-sized enterprises, operating a hidden desktop session without the user's knowledge. This alarming development underscores a growing trend of cybercriminals targeting Macs. Experts advise updating to the latest macOS version, using reliable antivirus software, and avoiding downloads from untrusted sources for increased security.

⚖️ Regulatory Updates

China's top internet regulator, the Cyberspace Administration of China, has proposed new measures to limit children and teenagers' screen time. The rules would require a "minor mode" on all mobile devices, apps, and app stores that restricts daily screen time to two hours maximum. Age-specific restrictions would apply, with children under eight limited to 40 minutes per day, those between eight and 16 limited to an hour, and teenagers 16 to 18 limited to two hours. The proposal, open for public discussion until September 2, also seeks to promote "core socialist values" and restrict access to "undesirable information."

👀 Curated Finds

Tenable CEO Amit Yoran criticizes Microsoft for negligent cybersecurity practices and lack of transparency about breaches and vulnerabilities. He highlights a recent example where a Tenable researcher discovered a significant flaw in Microsoft's Azure platform that allowed unauthenticated access to cross-tenant applications and sensitive data. Despite immediate notification, Microsoft took over 90 days to partially address the issue, leaving many organizations, including a bank, still vulnerable. Yoran condemns this as grossly irresponsible and calls for a more transparent and accountable approach from cloud service providers.

Google has awarded Apple's Security Engineering and Architecture (SEAR) team a $15,000 bug bounty for uncovering a high-severity security vulnerability in Chrome's WebGL implementation. The issue, dubbed CVE-2023-4072, was an "out of bounds read and write" vulnerability. Google has already begun rolling out security fixes to resolve the issue. This is an example of the increasing cooperation and collaboration between tech giants to improve cybersecurity for all users.

Ankita Dhakar, a cybersecurity expert, advises on how to create impactful bug reports. According to her, the key elements of an effective report are clarity, accuracy, and completeness, including a clear problem description, steps to reproduce, and expected versus actual results. Common mistakes to avoid include the use of technical jargon, lack of clarity or information, and an unprofessional tone.

Public companies face a substantial 73% drop in net income within the first year following a data breach, according to a report by ExtraHop. The study examined six unnamed firms, observing the financial impact of potential regulatory fines, legal settlements, cyber insurance costs, and earnings impacts. The report also observed immediate effects such as significant drops in stock prices. This study underscores the extended financial repercussions of data breaches, beyond immediate remediation costs, affecting company performance and consumer trust.

Thank you 🙏
Ali Abidi