CyberSecurity Updates

25 May

ChatGPT and data: Everything you need to know

Attacks, Data Breaches

Since OpenAI unleashed ChatGPT onto the world, opinion has been split between those who believe it will radically improve the way we live and work and those who are worried about its potential for disruption, particularly on the privacy of individuals and organizations. There have already been incidents where sensitive data has been leaked and employees have landed in hot water after entering confidential company information into the chatbot, with some countries even issuing a…

Read More
25 May

IOTW: Luxottica confirms 2021 data leak of 70 million customers’ information

Attacks, Data Breaches

Italian eyewear brand Luxottica, parent company of Ray-Ban and Oakley, has confirmed that the data of more than 70 million customers was accessed in 2021. The data was exposed after a third-party data storage provider used by Luxottica suffered a cyber attack. It has not currently been made public how the hackers gained access to its network, or which company the third party was. The data breach and theft was revealed after a malicious actor…

Read More
25 May

6 ways generative AI chatbots and LLMs can enhance cybersecurity

Data Breaches, Malware, Social Engineering

The rapid emergence of Open AI’s ChatGPT has been one of the biggest stories of the year, with the potential impact of generative AI chatbots and large language models (LLMs) on cybersecurity a key area of discussion. There’s been a lot of chatter about the security risks these new technologies could introduce — from concerns about sharing sensitive business information with advanced self-learning algorithms to malicious actors using them to significantly enhance attacks. Some countries,…

Read More
25 May

Attributes of a mature cyber-threat intelligence program

Data Breaches, Malware, Social Engineering

Earlier this year, ESG published a research report focused on how enterprise organizations use threat intelligence as part of their overall cybersecurity strategy. The research project included a survey of 380 cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees). Survey respondents were asked questions about their organization’s cyber-threat intelligence (CTI) program – how it was staffed, what types of skills were most important, its challenges and strategies, spending plans, etc. I’ve written…

Read More
24 May

SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups

Data Breaches, Malware, Social Engineering

Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyberespionage interest. That’s no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly. Cybersecurity firm Proofpoint analyzed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those…

Read More
24 May

Hackers attempt to sell personal data of 1.5 million women

Attacks, Data Breaches

The personal information of more than 1.5 million women has been put up for sale on the dark web following an alleged data breach of Indian lingerie brand Zivame. The alleged data breach was discovered after an advert offering the sale of the personal data stolen during the hack was posted on the dark web and the messaging app Telegram. The sellers, who are claiming to be the malicious actors who stole the data, are…

Read More
24 May

New hyperactive phishing campaign uses SuperMailer templates: Report

Data Breaches, Malware, Social Engineering

SuperMailer, a legitimate email newsletter program, has been found abused by threat actors to conduct a high-volume credential harvesting campaign, according to network security firm Cofense. “The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume,” Brah Haas, cyber threat intelligence analyst at Cofense, said in a blog post. “Emails containing the unique SuperMailer string barely registered in January and February, but in the first half of May they accounted for over 5%…

Read More
24 May

CISA and Partners Release Cybersecurity Advisory Guidance detailing PRC state-sponsored actors evading detection by “Living off the Land”

Attacks, Insights, Malware

Today, CISA joined the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners in releasing a joint cybersecurity advisory highlighting recently discovered activities conducted by a People’s Republic of China (PRC) state-sponsored cyber threat actor.  This advisory highlights how PRC cyber actors use techniques called “living off the land” to evade detection by using built-in networking administration tools to compromise networks and conduct malicious activity. This enables the cyber actor to…

Read More
24 May

US sanctions four North Korean entities for global cyberattacks

Data Breaches, Malware, Social Engineering

The US Department of Treasury has imposed sanctions on four entities and one individual involved in illicit revenue generation and malicious online activities to generate revenue for the Democratic People’s Republic of Korea (North Korea). The entities and individuals sanctioned are the Pyongyang University of Automation, the Technical Reconnaissance Bureau, the 110th Research Center cybersecurity unit, Chinyong Information Technology Cooperation Company, and North Korean national Kim Sang Man, the US Department of State said in…

Read More
24 May

Android app breaking bad: From legitimate screen recording to file exfiltration within a year

Information

ESET researchers discover AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio ESET researchers have discovered a trojanized Android app that had been available on the Google Play store with over 50,000 installs. The app, named iRecorder – Screen Recorder, was initially uploaded to the store without malicious functionality on September 19th, 2021. However, it appears that malicious functionality was later implemented, most likely in version 1.3.8, which…

Read More