This Week’s Top 5 News June 2023 | 04

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. Generative-AI apps & ChatGPT: Potential risks and mitigation strategies

In today’s financially turbulent times, businesses and employees seek tools to automate work processes and enhance efficiency by connecting third-party apps to core business systems like Google Workspace, Slack, and GitHub. The rapid adoption of Generative-AI apps and GPT services, such as ChatGPT, raises security concerns as employees connect these often unvetted tools without their security team’s knowledge. AI-based apps present two main security risks: unintentional data sharing, which can lead to data breaches and compliance violations, and unverified generative AI apps with high-privilege access to core systems. Samsung’s recent ChatGPT leaks serve as a cautionary example of the potential dangers. Astrix Security offers solutions for minimizing AI risks, including inventory and control of non-human connections, automated security guardrails, least privileged access enforcement, detection and remediation of malicious activity, and faster risk remediation through automation and end-user instruction. By implementing Astrix’s robust non-human identity management, organizations can safely navigate the complex landscape of AI and protect their sensitive information.
For more about this story click here

 

2. Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack

A recent study reveals that millions of GitHub software repositories, including those from organizations like Google and Lyft, are potentially vulnerable to an attack called RepoJacking. This supply chain vulnerability, or dependency repository hijacking, occurs when threat actors take over retired organization or user names and publish trojanized versions of repositories to execute malicious code. RepoJacking involves registering a username and creating a repository with the same name as a deleted or renamed organization account, thus poisoning the software supply chain. Aqua researchers analyzed 1.25 million repositories and found a 2.95% success rate, suggesting that millions of repositories could be at risk. To mitigate these risks, users should periodically inspect their code for external GitHub repository links and maintain ownership of old organization names as placeholders. For more about this story click here

 

3. Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware

Chinese cyber espionage group Camaro Dragon has been found using a new self-propagating malware strain that spreads via compromised USB drives, according to research by Check Point. This discovery reveals the group’s global reach and highlights the role USB drives play in spreading malware. Evidence of USB malware infections was found in Myanmar, South Korea, Great Britain, India, and Russia. The group shares tactical similarities with Mustang Panda and LuminousMoth and is linked to the Go-based backdoor TinyNote and malicious router firmware implant HorseShell. The latest infection chain involves a Delphi launcher called HopperTick, propagated via USB drives, and its primary payload WispRider, which infects devices when attached to a machine. WispRider communicates with a remote server, compromises newly connected USB devices, executes arbitrary commands, and performs file operations. The development shows that threat actors are actively changing their tools, tactics, and procedures (TTPs) to bypass security solutions while relying on a vast collection of custom tools to exfiltrate sensitive data from victim networks. For more about this story click here

 

4.New Report Exposes Operation Triangulation’s Spyware Implant Targeting iOS Devices

New details have emerged about Operation Triangulation, an iOS spyware implant campaign discovered by Kaspersky, which was targeted earlier this year. The malware, codenamed TriangleDB, has a 30-day lifespan before automatic uninstallation unless extended by the attackers. It exploits a kernel vulnerability and is deployed in memory, requiring reinfection if the device is rebooted. The zero-click attack uses iMessage, enabling complete control over the device and user data. TriangleDB establishes encrypted connections with a command-and-control server, periodically sending device metadata. The server responds with one of 24 commands, allowing for data harvesting and loading additional modules. Unusual aspects of the source code suggest potential macOS targeting, while unused permissions hint at possible future functionalities. The campaign’s origin and objectives remain unknown. For more about this story click here

 

5. Microsoft Blames Massive DDoS Attack for Azure, Outlook and OneDrive

Microsoft recently attributed a series of service outages affecting Azure, Outlook, and OneDrive to an uncategorized cluster called Storm-1359. The attacks likely used multiple virtual private servers, rented cloud infrastructure, open proxies, and DDoS tools. Although no customer data was compromised, the attacks temporarily impacted service availability. Microsoft observed the threat actor launching layer 7 DDoS attacks from various cloud services and open proxy infrastructures. Anonymous Sudan, a hacktivist group with possible ties to Russian threat actor group KillNet, claimed responsibility for the attacks. However, Microsoft has not explicitly linked Storm-1359 to Anonymous Sudan. For more about this story click here

 

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!