Top News

• Bitdefender releases free MegaCortex ransomware decryptor

"Antivirus company Bitdefender has released a decryptor for the MegaCortex ransomware family, making it possible for victims of the once notorious gang to restore their data for free.
The creation of the decryptor was the combined work of Bitdefender analysts and experts from Europol, the NoMoreRansom Project, and the Zürich Public Prosecutor's Office and Cantonal Police.
Using the decryptor is pretty straightforward, as it's a standalone executable that doesn't require installation and offers to locate encrypted files on the system automatically."

Link

TLP¹ : Green

• How hackers might be exploiting ChatGPT

"Cybernews research team discovered that the AI-based chatbot ChatGPT – a recently launched platform that caught the online community’s attention – could provide hackers with step-by-step instructions on how to hack websites.
Cybernews researchers warn that AI chatbot, while fun to experiment with, might also be dangerous since it is able to give detailed advice on exploiting any vulnerability."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• France fines Apple for targeted App Store ads without consent

"France's data protection authority (CNIL) has fined Apple €8,000,000 ($8.5M) for collecting user data for targeted advertising on the App Store without requesting or securing the user's consent.
This practice is considered a violation of Article 82 of the French Data Protection Act (DPA), a national directive that aligns with the GDPR (General Data Protection Regulation), which is applicable across Europe.
Article 82 of the French DPA requires that "any action through which an electronic communication service accesses or enter information in a user's terminal equipment (such as the storage of cookies) requires the user's consent.""

Link

TLP¹ : Green

• Apple replaces human narrators with AI in its new audiobook project

"Apple is trying to keep up with voicing the characters of various books as soon as they see the light of day. The audiobook market is quite a lucrative one, as it’s predicted to grow at a compound annual growth rate (CAGR) of 26.4% until 2030, according to Grand View Research.
To account for time delays and production costs associated with physical narration, Apple is aiming to make “the creation of audiobooks more accessible to all” by utilizing innovative technology.
“Apple has long been on the forefront of innovative speech technology, and has now adapted it for long-form reading, working alongside publishers, authors, and narrators,” the company said in a statement.
Although the project’s launch was expected back in November, Apple delayed it due to the uncertainty surrounding the tech sector, amplified by mass layoffs and chaos surrounding Elon Musk’s takeover of Twitter."

Link

TLP¹ : Green

• ChatGPT banned in NYC schools over learning impact concerns

"The NYC Department of Education has banned the use of ChatGPT by students and teachers in New York City schools as there are serious concerns about its use hampering learning and leading to misinformation.
The ban was first reported by Chalkbeat, which confirmed the New York City Department of Education imposed it. The organization manages the largest school district in the U.S., so others might follow with similar decisions."

Link

TLP¹ : Green

• WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship

"Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns.
"Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely," the Meta-owned company said.
Proxies act as an intermediary between end users and the service provider by routing requests originating from a client to the server and forwarding the response back to the device."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Follow-up: Rackspace: Customer email data accessed in ransomware attack

"Rackspace revealed on Thursday that attackers behind last month's incident accessed some of its customers' Personal Storage Table (PST) files which can contain a wide range of information, including emails, calendar data, contacts, and tasks.
This update comes after Rackspace confirmed that the Play ransomware operation was behind the cyberattack that took down its hosted Microsoft Exchange environment in December.
As discovered during the now-finished investigation led by cybersecurity firm Crowdstrike, the attackers gained access to the personal storage folders of 27 Rackspace customers."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Devices to Attacks

"Many devices made by Microsoft, Lenovo, Samsung and likely others are affected by potentially serious UEFI firmware vulnerabilities in Qualcomm Snapdragon chips.
Qualcomm announced this week the availability of patches for a dozen vulnerabilities, including five connectivity- and boot-related issues discovered by researchers at firmware security company Binarly.
Alex Matrosov, founder and CEO of Binarly, told SecurityWeek that they discovered a total of nine vulnerabilities while analyzing the firmware for Lenovo Thinkpad X13s laptops powered by the Qualcomm Snapdragon system-on-a-chip (SoC)."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• This 13 course CompTIA exam prep bundle is just $69 this week

"Ready to upgrade your IT training and maybe earn an additional certification or two this new year? Then the Complete 2023 CompTIA Certification Course Super Bundle is a study resource that’s definitely worth checking out.
And especially this week since you can get it for way below its original value — just $69, which is one of the lowest prices on the web.."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Ransomware in 2022: LockBit continues to dominate, Hive targets critical infrastructure

"LockBit remained the most prolific ransomware group through 2022, meanwhile Hive is keen to choose targets other actors avoid, a new research of last year’s most active and impactful ransomware groups by TrustWave SpiderLabs shows.
SpiderLabs, Trustwave’s security team of ethical hackers, forensic investigators and researchers, says in the report that ransomware continued to be a major threat in 2022 – the average cost of an attack ranged from $570k to $812k for just the ransom alone."

Link

TLP¹ : Green

• User Documents Overwritten With Malicious Code in Recent Dridex Attacks on macOS

"The cybercriminals behind the Dridex banking trojan have adopted a new tactic in recent attacks targeting macOS devices, overwriting the victim’s document files to deliver their malicious code, Trend Micro reports.
Active since at least 2012 and considered one of the most prevalent financial threats, Dridex survived a takedown attempt in 2015 and remained operational after receiving various updates. In 2019, the DHS warned of continuous Dridex attacks targeting financial institutions.
According to Trend Micro, a recently observed Dridex attack targeting macOS stood out because of a novel tactic employed to disguise the malicious Microsoft Word document used for malware delivery."

Link

TLP¹ : Green

• Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month

"South African threat actors known as 'Automated Libra' has been improving their techniques to make a profit by using cloud platform resources for cryptocurrency mining.
According to Palo Alto Networks Unit 42, the threat actors use a new CAPTCHA solving system, follow a more aggressive use of CPU resources for mining, and mixe 'freejacking' with the "Play and Run" technique to abuse free cloud resources."

Link

TLP¹ : Green

• Tesla tackles CORS misconfigurations that left internal networks vulnerable

"Tesla is one of several organizations to remedy cross-origin resource sharing (CORS) misconfigurations after security researchers proved they could exfiltrate data from the carmaker’s internal network.
That’s according to Truffle Security, which said its researchers earned a “few thousand dollars” from CORS vulnerabilities submitted through various bug bounty programs.
With the help of an exploitation toolkit custom-built for the project, the flaws validated Truffle Security initial hypothesis that “large internal corporate networks are exceedingly likely to have impactful CORS misconfigurations”."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp