This Week’s Top 5 Cybersecurity News Stories March 2024 | 01

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets

Between January and October 2023, over 225,000 compromised OpenAI ChatGPT credentials were sold in underground markets, according to Group-IB’s Hi-Tech Crime Trends 2023/2024 report. These credentials were extracted using LummaC2, Raccoon, and RedLine stealer malware, affecting more than 130,000 unique hosts, a 36% increase from the previous five months. The increased sale of ChatGPT credentials is linked to a rise in infected hosts. Additionally, Microsoft and OpenAI have identified nation-state actors using AI and large language models in cyber attacks. Group-IB highlighted the risk of using large language models for cyber attacks, including reconnaissance and enhancing scamming capabilities. The report emphasizes the challenges in identity and access management, as attackers exploit valid credentials obtained through malware to infiltrate systems.

For more about this story click here


2. New Python-Based Snake Info Stealer Spreading Through Facebook Messages

Cybereason has uncovered a Python-based information stealer named Snake, spread via Facebook messages. This malware captures user credentials and sensitive data, then transmits it to platforms like Discord, GitHub, and Telegram. The campaign, first noticed on social media platform X in August 2023, uses RAR or ZIP files to initiate the infection. It progresses through batch and cmd scripts, eventually downloading the stealer from a GitLab repository. Three variants of Snake have been identified, with the latest being a PyInstaller-assembled executable. The malware targets web browsers, particularly the Vietnamese browser Cốc Cốc, to extract credentials and cookies, which are then exfiltrated via the Telegram Bot API. The emphasis on Facebook cookies suggests a motive to hijack accounts. This development follows a series of information stealers targeting Facebook, amidst growing criticisms of Meta for inadequate response to account takeovers. Additionally, there’s an observed trend of threat actors exploiting GitHub vulnerabilities for malware distribution, highlighting evolving cybersecurity threats.

For more about this story click here


3. Linux Malware Campaign Targets Misconfigured Cloud Servers

A sophisticated cryptojacking campaign is exploiting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances using Linux malware, according to Cado Security. The attackers use four new Golang payloads for automated discovery and exploitation, coupled with a reverse shell and user-mode rootkits like ‘libprocesshider’ and ‘diamorphine’ to conceal their activities. In Docker attacks, they create containers with bind mounts to the server’s root directory, facilitating malicious executable deployment and connection to their command-and-control (C&C) system. The initial payload, a shell script, handles C&C communication, utility checks, and root access exploitation, leading to the delivery of an XMRig miner and other utilities, including ‘masscan’. The script also compromises system security by disabling SELinux, removing monitoring agents, and manipulating SSH keys and systemd services for persistence. This campaign, showing similarities to the recent Migo malware targeting Redis servers, leverages vulnerabilities like CVE-2022-26134 in Confluence servers. Cado Security emphasizes the attackers’ deep understanding of cloud services and vulnerabilities, signifying a growing threat to cloud and Linux environments.

For more about this story click here


4. Poland experiences increase in DDoS attacks from Russia

The Cyber Defence Army of Poland reports a significant rise in DDoS (Distributed Denial of Service) attacks originating from Russia. These cyber attacks, which flood servers with overwhelming internet traffic to disrupt access to online services, have notably impacted various Polish websites, including the Railway Transport Office. Investigations, including efforts by Euronews correspondent Magdalena Chodownik, have geographically traced these attacks back to Russia, indicating a targeted cyber campaign against Poland.

For more about this story click here


5. Android’s March 2024 Update Patches Critical Vulnerabilities

Two critical vulnerabilities in Android, identified as CVE-2024-0039 and CVE-2024-23717, affect versions 12, 12L, 13, and 14, potentially allowing remote code execution and elevation of privilege. Addressed in Android’s March 2024 security update, the first part (2024-03-01 patch level) resolves these and 11 other high-severity issues. The second part (2024-03-05 patch level) fixes 25 additional vulnerabilities in various components. Google’s Pixel devices received patches for over 50 vulnerabilities, including 16 critical ones, in the same update. Users are advised to update their devices promptly as no attacks exploiting these vulnerabilities have been reported yet.

For more about this story click here

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!