Tuesday, December 13, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
The Great GPT Leap is Disruption in Plain Sight
FROM THE MEDIA: During my opening remarks for OODAcon this year, I noted several moments where the advancement of technology has taken me by surprise including the DARPA cyber grand challenge finale at Def Con and the images I was able to create with GPT. During our happy hour, former Congressman Will Hurd, who sits on the board of OpenAI, remarked that upcoming releases would represent a new opportunity for technology surprise. Bob Gourley wrote about this inflection point last week as well. Over the weekend, the newly upgraded and released ChatGPT felt like one of those moments. We will continue to evaluate these technologies and put them into context for our OODA Network, but here are a few fun experiments I conducted over the weekend that provide some insight into why this technology is so disruptive.
Thanks for reading Bob’s Newsletter! Subscribe for free to receive new posts and support my work.
READ THE STORY: OODALOOP
Did a Robot write this? we need watermarks to spot AI
FROM THE MEDIA: A talented scribe with stunning creative abilities is having a sensational debut. ChatGPT, a text-generation system from San Francisco-based OpenAI, has been writing essays, screenplays and limericks after its recent release to the public, usually in seconds and often to a high standard. Even its jokes can be funny. Many scientists in the field of artificial intelligence have marveled at how humanlike it sounds. And remarkably, it will soon get better. OpenAI is widely expected to release its next iteration known as GPT-4 in the coming months, and early testers say it is better than anything that came before. But all these improvements come with a price. The better the AI gets, the harder it will be to distinguish between human and machine-made text. OpenAI needs to prioritize its efforts to label the work of machines or we could soon be overwhelmed with a confusing mishmash of real and fake information online.
READ THE STORY: Money Control
Novel Janicab malware variant sets sights on legal, financial entities
FROM THE MEDIA: Hack-for-hire threat group Evilnum, also known as DeathStalker, has been deploying an updated variant of the Janicab malware in its attacks against travel agencies, financial investment organizations, and legal firms in Georgia, Egypt, Saudi Arabia, the United Arab Emirates, and the U.K., in an effort to exfiltrate corporate information, reports The Hacker News. YouTube and other public services are being used by the new Janicab malware variant to serve as dead drop resolvers, a report from Kaspersky revealed. "Since the threat actor uses unlisted old YouTube links, the likelihood of finding the relevant links on YouTube is almost zero. This also effectively allows the threat actor to reuse C2 infrastructure," said researchers.
READ THE STORY: SCMAG
New MuddyWater spear-phishing campaign hits several Asian countries
FROM THE MEDIA: Israel, Iraq, Egypt, Armenia, Qatar, Oman, Jordan, Azerbaijan, Tajikistan, and the United Arab Emirates have been targeted by Iran state-sponsored threat group MuddyWater, also known as TEMP.Zagros, Boggy Serpens, Mercury, Earth Vetala, Cobalt Ulster, Seedworm, and Static Kitten, in its latest spear-phishing attacks, The Hacker News reports. MuddyWater has leveraged Dropbox links or document attachments with a URL redirecting to a ZIP archive file as lures in its campaign, which also involved the use of compromised corporate email accounts, a Deep Instinct report showed. Attackers have also transitioned to Atera Agent after using installers for Remote Utilities and ScreenConnect in their archive files.
READ THE STORY: SCMAG
Play ransomware claims attack on Belgium city of Antwerp
FROM THE MEDIA: The Play ransomware operation has claimed responsibility for a recent cyberattack on the Belgium city of Antwerp. Last week, Digipolis, the IT company responsible for managing Antwerp's IT systems, suffered a ransomware attack that disrupted the city's IT, email, and phone services. Local media reported that many of the city's Windows applications were no longer available, and City council member Alexandra d'Archambeau publicly tweeted that email was not available. The disruption continues with the city warning that almost all services are unavailable or significantly delayed, including job applications, use of libraries, and new agreements with the city.
READ THE STORY: Bleeping Computer
Apple deserves €6 million fine for privacy violations, French data protection adviser says
FROM THE MEDIA: Apple should be fined €6 million ($6.3 million), the chief adviser to the French data protection regulator has recommended, for failing to properly notify users of apps tracking them. The recommendation was made on Monday by Francois Pellegrini, the rapporteur to the CNIL (Commission nationale de l’informatique et des libertés), following a complaint against Apple issued by France Digitale, an industry lobby group. Apple prohibits advertisers from accessing what it calls the Identifier for Advertisers (IDFA) — a unique device identifier which can be used to target ads to each device — without explicit consent from users. However, it did not apply the same standards of prior consent to its own apps and services, according to France Digitale and Pellegrini.
READ THE STORY: The Record
Is the New AI Chatbot the End of the World as We Know It
FROM THE MEDIA: Mathematician, computer scientist and famed code-breaker Alan Turing said that if you had a conversation with a computer and couldn’t distinguish what it said from what a human would say, then the computer must be intelligent and in some sense self-aware. The other day I ran a Turing test on ChatGPT, a chatbot recently released by Open AI. It flunked. But it’s still a student, and it shows promise. ChatGPT, its makers tell us, is still in beta form. Like a million other new users, I’ve been teaching it (tuition-free) so its answers will improve. It’s pretty easy to run a tutorial: once you’ve created an account, you’re invited to ask a question or give a command. Then you watch the reply, popping up on the screen at the speed of a fast and very accurate typist.
READ THE STORY: The Tyee
FBI is Not Thrilled About Apple’s New Encryption Services
FROM THE MEDIA: Apple has planned to significantly expand its end-to-end data encryption services. Apple’s new encryption will close a privacy loophole that previously allowed law enforcement to access a wide-reaching swath of data, including photos and messages, stored in user iCloud accounts. The expanded Apple’s new encryption system, an optional feature called Advanced Data Protection, would keep most data secure that is stored in iCloud, an Apple service used by many of its users to store photos, back up their iPhones, or save specific device data such as Notes and Messages. Apple’s new encryption is deeply concerning and the data would be protected in the event that Apple is hacked, and it also wouldn’t be accessible to law enforcement, even with a warrant.
READ THE STORY: Analytics Insight
Twitter says recently leaked user data are from 2021 breach
FROM THE MEDIA: Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered for sale the stolen data on the popular hacking forum Breached Forums. The seller claimed that the database was containing data (i.e. emails, phone numbers) of users ranging from celebrities to companies. The seller also shared a sample of data in the form of a csv file.
READ THE STORY: Security Affairs
Huawei strengthens cybersecurity collaboration at an industry conference in Bahrain
FROM THE MEDIA: Co-hosted by the National Cyber Security Centre (NCSC) and held under the patronage of Bahrain Crown Prince HRH Prince Salman bin Hamad Al Khalifa, the Arab International Cybersecurity Conference and Exhibition in Bahrain attracted the highest level of engagement in the region with participation from government, industry, and business verticals, including BFSI, oil & gas, energy, utilities, IT & telecom, manufacturing, education and more. Afke Schaart, Chief Global Impact Officer and Senior Vice President of Global Government Affairs at Huawei, delivered a keynote addressing cybersecurity building, collaboration, and unified standards.
READ THE STORY: Albawaba
New Python malware backdoors VMware ESXi servers for remote access
FROM THE MEDIA: A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system. VMware ESXi is a virtualization platform commonly used in the enterprise to host numerous servers on one device while using CPU and memory resources more effectively. The new backdoor was discovered by Juniper Networks researchers, who found the backdoor on a VMware ESXi server. However, they could not determine how the server was compromised due to limited log retention. They believe the server may have been compromised using the CVE-2019-5544 and CVE-2020-3992 vulnerabilities in ESXi's OpenSLP service.
READ THE STORY: Bleeping Computer
Hackers continue to leak data from Albanian intelligence services
FROM THE MEDIA: The cyber attack took place in July and September 2022 and brought all online government services to a halt causing significant problems for businesses, individuals and state functions. Since then, the hackers have periodically released data from the hack, including communications, wiretaps, and data on the movements of politicians and officials. Following the revelation of the hack by Iran, Albania suspended all diplomatic ties and expelled Iranian diplomats from the country, closing the embassy in the process. Iran’s involvement in the hack was confirmed by Albanian investigators and Microsoft who worked to unveil the perpetrators and hep the state regain security. “In cooperation with specialised digital anti-terrorist partner agencies, it was first discovered that the 15 July cyber attack on Albania was state aggression. The in-depth investigation provided indisputable evidence that the Islamic Republic of Iran sponsored the aggression,” Prime Minister Edi Rama announced in September.
READ THE STORY: EURACTIV
Dallas FBI warns Texas universities about intellectual property theft by Chinese government
FROM THE MEDIA: The FBI in Dallas recently warned about 100 administrators and faculty members at universities across Texas about the threat of intellectual property theft by the Chinese government. The Special Agent in Charge of the Dallas FBI at the time, Matthew DeSarno, said what's being targeted is the research being conducted on college campuses. "There are adversaries out there who are trying to steal as much intellectual property as they can to accelerate their own advancement," he said. DeSarno retired from the FBI at the end of October after 25 years of service. On the same day his agents at the Dallas headquarters welcomed dozens of university officials, DeSarno discussed with reporters his top concerns.
READ THE STORY: CBSNEWS
China Unveils First Batch of Scientific Images Taken by Solar Probe Kuaifu-1
FROM THE MEDIA: China’s Space Science Center released the first batch of scientific images captured by the country’s first comprehensive solar probe on December 13. The Advanced Space-Based Solar Observatory (ASO-S), dubbed Kuafu-1, has been operating in orbit for two months since its launch in October. Kuafu-1 is the world’s first near-Earth satellite telescope to simultaneously monitor solar flares, coronal mass ejections and the sun’s magnetic field. It aims to study their formation, evolution, interaction and correlation, and to provide support for space weather forecasting. The images were captured by three different payloads on the probe – Full-Disk MagnetoGraph (FMG), Lyman-Alpha Solar Telescope (LST) and Hard X-Ray Imager (HXI).
READ THE STORY: PAN DAILY
Former FTX CEO Sam Bankman-Fried arrested in the Bahamas
FROM THE MEDIA: The former CEO of failed cryptocurrency firm FTX, Sam Bankman-Fried, has been arrested in the Bahamas at the request of the U.S. government, U.S. and Bahamian authorities said Monday. The arrest was made Monday after the U.S. filed criminal charges that are expected to be unsealed Tuesday, according to U.S. Attorney Damian Williams. Bankman-Fried had been under criminal investigation by U.S. and Bahamian authorities following the collapse last month of FTX. The firm filed for bankruptcy on Nov. 11, when it ran out of money after the cryptocurrency equivalent of a bank run. “We expect to move to unseal the indictment in the morning and will have more to say at that time,” Williams said.
READ THE STORY: Market Beat
Russia, North Korea Restore Rail Trade Halted Since Early 2020
FROM THE MEDIA: Russia and North Korea appear to have resumed trade over a rail link that had been suspended for almost three years due Covid-19, according to satellite imagery, in the latest sign of warming ties between the neighbors. Goods were delivered from Russia to North Korea in late November and early December, 38 North said in report published late Monday. Unloaded cargo was spotted at least twice on the North Korean side and expanded freight handling at a station there suggested preparation for greater volume, the group said. “Based on our observations, it appears the resumption of trade between Russia and North Korea is well underway,” 38 North said, calling it “another sign of North Korea’s slow opening-up to the world as the Covid-19 pandemic lessens.”
READ THE STORY: Bloomberg // Asahi
Federal employee spyware hacks could number in the hundreds, lawmakers say
FROM THE MEDIA: New You can now listen to Insurance Journal articles! A US government investigation into the number of mobile phones of diplomats and government employees infected with spyware could “easily run into the hundreds,” according to a member of the House Intelligence Committee. Jim Himes, a Democratic representative from Connecticut, told Bloomberg News that the Biden administration is “just beginning to get a sense of the magnitude of the problem.” He predicted the probe could find spyware being used against “hundreds” of federal personnel in “multiple countries.” Himes was one of the lead authors of a letter in September urging the federal government to better protect US diplomats abroad from spyware and publicly reporting instances of such abuse. He received a letter last month co-authored by the Departments of Commerce and State confirming that commercial spyware was targeting U.S. government personnel serving abroad.
READ THE STORY: The Bharat Express News
Effective, fast, and unrecoverable: Wiper malware is popping up everywhere
FROM THE MEDIA: Over the past year, a flurry of destructive wiper malware from no fewer than nine families has appeared. In the past week, researchers cataloged at least two more, both exhibiting advanced codebases designed to inflict maximum damage. On Monday, researchers from Check Point Research published details of Azov, a previously unseen piece of malware that the company described as an “effective, fast, and unfortunately unrecoverable data wiper.” Files are wiped in blocks of 666 bytes by overwriting them with random data, leaving an identically sized block intact, and so on. The malware uses the uninitialized local variable char buffer[666]
.
READ THE STORY: arsTechnica
The effects of internet shutdowns on public mobilization
FROM THE MEDIA: In 2011, the United Nations declared internet access a basic human right, arguing that depriving individuals of connectivity violates human rights and international law. The report was issued the same day two-thirds of Syria's internet access was abruptly shut down without notice. In his report, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, underscored “the unique and transformative nature of the internet not only to enable individuals to exercise their right to freedom of opinion and expression, but also a range of other human rights, and to promote the progress of society as a whole.” The growing number of demonstrations across the globe has brought to light the intrinsic relationship between the internet and civil society mobilization on issues related to justice, equality, accountability, and human rights.
READ THE STORY: Global Voices
How North Korea’s cyber terrorists break into ‘unhackable’ crypto platforms
FROM THE MEDIA: This is the second installment of a three-part series shedding light on North Korea’s cryptocurrency thefts and their links to the hermit regime’s nuclear ambitions. — Ed. Early this year, a senior engineer at Axie Infinity, a Vietnamese company that runs a popular blockchain-based play-to-earn game, was encouraged to apply for a lucrative job through LinkedIn. But after the engineer opened a document file with a job offer letter, the network of the Ronin bridge, a platform created by Axie Infinity to transfer cryptocurrencies, was suddenly compromised. Spyware planted in the file enabled hackers to infiltrate the Ronin network and steal cryptocurrencies valued at $625 million in March.
READ THE STORY: ANN
Iranian APT targets US local governments with Drokbk malware
FROM THE MEDIA: Iranian advanced persistent threat group Cobalt Mirage, also known as UNC2448 or Nemesis Kitten, has exploited the Log4j vulnerability to compromise numerous U.S. local government networks with the Drokbk malware since February, according to The Record, a news site by cybersecurity firm Recorded Future. Cobalt Mirage is believed by Secureworks researchers to be behind a separate attack reported by the Cybersecurity and Infrastructure Security Agency that involved the compromise of a federal agency's server through Log4j vulnerability exploitation. Drokbk malware, which was found to be deployed following network infiltration, was also revealed to leverage GitHub for securing its command-and-control infrastructure.
READ THE STORY: SCMAG
Ransomware campaign targets popular open-source packages with cleverly hidden payload
FROM THE MEDIA: An ongoing ransomware campaign hides its payload in an uncommon way by targeting popular open-source packages that typically receive nearly 15 million installations per week, according to new findings by Checkmarx and Phylum. In a blog post, Checkmarx researchers said the campaign uses a form of typosquatting to target the popular “requests” package on Pypi and the “discord.js” package on NPM, and includes embedded ransomware. When executed, the ransomware encrypts files on the victim’s computer and demands payment of $100 in cryptocurrency to unlock them. Unlike most open-source attacks where malicious packages are being executed upon installation, Alik Koldobsky, security researcher at Checkmarx, told SC Media that the payload is hidden in multiple strategic locations and only executes when the victims use the actual functions of the packages, which makes the campaign hard to detect by many security scanners.
READ THE STORY: SCMAG
Items of interest
Researchers smell a cryptomining Chaos RAT targeting Linux systems
FROM THE MEDIA: A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems. Trend Micro security researchers discovered the threat last month. Like earlier, similar versions of the miner that also target Linux operating systems, the code kills competing malware and resources that affect cryptocurrency mining performance. The newer malware then establishes persistence "by altering /etc/crontab
file, a UNIX task scheduler that, in this case, downloads itself every 10 minutes from Pastebin," wrote Trend Micro researchers David Fiser and Alfredo Oliveira.
READ THE STORY: The Register
What Can Chat GPT do For the Average Person (Video)
FROM THE MEDIA: A short video showing examples of what Chat GPT can do for the average person.
How To Make Money With ChatGPT As A Beginner In 2022 - kinda (Video)
FROM THE MEDIA: The first step to making money with CHatGPT is to head over to OpenAi and scroll to the bottom then click ChatGPT, this will take you to the website. Once you are on the ChatGPT website sign up to get your free account.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com