Morning Tidings

Tag: hackers

  • Cyber Attacks: Hackers Can Use ChatGPT To Write Malicious Phishing Emails, Codes

    Cyber Attacks: Hackers Can Use ChatGPT To Write Malicious Phishing Emails, Codes

    New Delhi, December 20: As you write poems, essays or computer programmes via Artificial Intelligence (AI) chatbot called ‘ChatGPT’ created by for-profit research lab called OpenAI, cyber-security researchers on Tuesday warned of hackers potentially using the AI chatbot and Codex to execute targeted and efficient cyber-attacks.

    Check Point Research (CPR) used ChatGPT and Codex (OpenAI’s another AI-based system that translates natural language to code), to create malicious phishing emails and code, in order to warn of the potential dangers that the new AI technology can have on the cyber threat landscape. Chinese Government Backed Hackers Exploiting Zero-Day Bug in Citrix Products: Warns US NSA.

    The CPR team used ‘ChatGPT’ to produce malicious emails, code and a full infection chain capable of targeting people’s computers. The team chatted with ChatGPT to refine a phishing email to make infection chain easier. North Korean Hackers Responsible for $620 Million Cryptocurrency Heist, Says US.

    “Using Open AI’s ChatGPT, CPR was able to create a phishing email, with an attached Excel document containing malicious code capable of downloading reverse shells,” the researchers noted.

    Reverse shell attacks aim to connect to a remote computer and redirect the input and output connections of the target system’s shell so the attacker can access it remotely.

    ‘ChatGPT’ is an AI chatbot system that OpenAI released last month for the public to ask it countless questions and get answers that are useful. The researchers said that the expanding role of AI in the cyber world is full of opportunity, but also comes with risks.

    “Multiple scripts can be generated easily, with slight variations using different wordings. Complicated attack processes can also be automated as well, using the Learning Management Systems (LLMs) APIs to generate other malicious artifacts,” they wrote.

    Defenders and threat hunters should be vigilant and cautious about adopting this technology quickly, otherwise, our community will be one step behind the attackers, said the report.

    (The above story first appeared on Morning Tidings on Dec 20, 2022 05:50 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • Cyber Attacks Will Only Grow As Hackers Get Sophisticated, Says Top Cisco Executive Jeetu Patel

    Cyber Attacks Will Only Grow As Hackers Get Sophisticated, Says Top Cisco Executive Jeetu Patel

    Melbourne, December 15 : Cyber attacks are only going to increase in volume and as hackers use more sophisticated means to hit organisations, the need of the hour is to build cyber security for mass markets as it is no longer confirmed to niche markets only, Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, has said.

    In an interaction with IANS on the sidelines of CISCO Live’ event organised here recently, he said that cyber attacks have gone bigger as the sophistication of threats has gone higher. Chinese Government Backed Hackers Exploiting Zero-Day Bug in Citrix Products: Warns US NSA.

    “Sophistication of attackers has gone higher than what it was 5 to 7 years back. As technology seems to be going complex, users are seen making mistakes due to which breaches are happening. In this case, we are playing our part by ensuring that we build technology which is simple,” Patel said. “The disadvantage with attackers is that they have to be right once but you have to be right every single time,” he added.

    Highlighting the current crisis where cyberattacks and phishing etc have increased significantly, Patel said, “Security needs to be democratised. The entire system needs an overhaul where formal training is required for a user as well. This is because cyber attacks are becoming sophisticated”. European Parliament Website Affected by Hacking Attack.

    “A person receives a packet delivered on Amazon, and that’s how phishing attack starts; we need to train administrators, as well as users. Also, software companies need to be trained that they don’t make products which have higher friction rate. Instead, simpler products should be made as complexity decreases efficacy while simplification enhances the same,” the Cisco executive noted.

    Brushing aside the challenges of a slowdown, he said, “We aren’t seeing a slowdown, but are busy doing our job by innovating in a better way than we did yesterday. This is the way one can always stay ahead of the market.”

    “Most companies have to think that it is hard to ignore security spend and it is equally hard to ignore people to stay connected, these are core elements on how companies operate so connectivity and security shall stay in demand,” he added.

    On current trends, he said, “Right now, we have no plans of trimming, we are actually doing just the opposite, we are investing in businesses and are growing headcount year on year, but these are things hard to predict what will happen, what we can say is that we need to be sure about success, we need to access customer experience and continue to innovate, bring best people on board and make sure they have the opportunities to keep doing innovation.”

    Patel emphasised the fact that hybrid working seems to be the order of the day. Speaking on a big transformation being seen from pre-pandemic to post pandemic era, he said, “Hybrid working has emerged as a new order of the day. During the pandemic, we flipped overnight and added 1800 features in the first two years. Our innovation went up during this time.”

    Now, even as we go hybrid, we continue to innovate, he said, adding that the world will be better if network security, secure connectivity, zero trust, application security and threat detection and response are delivered on time.

    (The above story first appeared on Morning Tidings on Dec 15, 2022 05:48 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • Chinese Government Backed Hackers Exploiting Zero-Day Bug in Citrix Products: Warns US NSA

    Chinese Government Backed Hackers Exploiting Zero-Day Bug in Citrix Products: Warns US NSA

    Washington, December 15 : Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to systems, the US government has warned. According to the National Security Agency (NSA), the vulnerability allows hackers to remotely run malicious code on vulnerable devices — no passwords needed. What Is Bluebugging? How Do Hackers Use Bluetooth-Enabled Devices To Steal Data? How Can You Protect Your Phone? Know Everything Here.

    The desktop virtualisation company also admitted the bug is being actively exploited by threat actors. “We are aware of a small number of targeted attacks in the wild using this vulnerability,” said Peter Lefkowitz, chief security and trust officer at Citrix.

    “Limited exploits of this vulnerability have been reported,” he added in a Blog post. The company has released security updates for both products — Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool. WhatsApp Phone Numbers of About 500 Million Users Leaked, Put On Sale on ‘Well-Known’ Hacking Community: Report.

    “As part of our internal reviews and in working with our security partners, we have identified vulnerabilities in Citrix ADC and Citrix Gateway 12.1 and 13.0 before 13.0-58.32 builds,” said the company. Customers are urged to install the recommended builds immediately as this vulnerability has been identified as critical and aceno workarounds are available for this vulnerability”.

    According to an NSA advisory, APT5, a Chinese hacking group, has been actively targeting Citrix application delivery controllers (ADCs). “Targeting Citrix ADCs can facilitate illegitimate access to targeted organisations by bypassing normal authentication controls,” read the advisory.

    “Move all Citrix ADC instances behind a VPN or other capability that requires valid user authentication (ideally multi-factor) prior to being able to access the ADC and isolate the Citrix ADC appliances from the environment to ensure any malicious activity is contained,” the NSA recommended.

    (The above story first appeared on Morning Tidings on Dec 15, 2022 11:35 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • Iran Government-Backed Hackers Hit 18 High-Profile People via WhatsApp Links

    Iran Government-Backed Hackers Hit 18 High-Profile People via WhatsApp Links

    New Delhi, December 6: Iran government-backed hackers have targeted at least 18 high-profile activists, journalists, researchers, academics, diplomats, and politicians working on Middle East issues in an ongoing social engineering and credential phishing campaign via WhatsApp, Human Rights Watch (HRW) has revealed.

    The state-backed hackers also targeted two HRW staff members, revealed an investigation. The HRW attributed the phishing attack to an entity affiliated with the Iranian government known as APT42 and sometimes referred to as “Charming Kitten”. WhatsApp Restricted in Iran Amid Raging Anti-Hijab Law Protests After Death of Mahsa Amini in Custody of ‘Morality Police’.

    The email and other sensitive data of at least three of them had been compromised: a correspondent for a major US newspaper, a women’s rights defender based in the Gulf region, and Nicholas Noe, an advocacy consultant for Refugees International based in Lebanon, the HRW report mentioned. Iran: Fars News Agency Website Hacked.

    “Iran’s state-backed hackers are aggressively using sophisticated social engineering and credential harvesting tactics to access sensitive information and contacts held by Middle East-focused researchers and civil society groups,” said Abir Ghattas, information security director at HRW. “This significantly increases the risks that journalists and human rights defenders face in Iran and elsewhere in the region,” Ghattas added.

    For the three people whose accounts were known to be compromised, the attackers gained access to their emails, cloud storage drives, calendars, and contacts and also performed a Google Takeout, using a service that exports data from the core and additional services of a Google account.

    Organisations such as Google and the cybersecurity companies Recorded Future, Proofpoint, and Mandiant have linked APT 42 to Iranian authorities. In October, an HRW staff member working on the Middle East and North Africa region received suspicious messages on WhatsApp from a person pretending to work for a think tank based in Lebanon, inviting them to a conference.

    The joint investigation revealed that the phishing links sent via WhatsApp, once clicked, directed the target to a fake login page that captured the user’s email password and authentication code. The research team investigated the infrastructure that hosted the malicious links and identified additional targets of this ongoing campaign.

    HRW and Amnesty International contacted the 18 high-profile individuals identified as targets of this campaign. Fifteen of them responded and confirmed that they had received the same WhatsApp messages at some point between September 15 and November 25, 2022.

    Google should also promptly strengthen its Gmail account security warnings to better protect journalists, human rights defenders, and its most at-risk users from attacks, said HRW.

    “In a Middle East region rife with surveillance threats for activists, it’s essential for digital security researchers to not only publish and promote findings, but also prioritize the protection of the region’s embattled activists, journalists, and civil society leaders,” Ghattas said.

    (The above story first appeared on Morning Tidings on Dec 06, 2022 06:33 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • Data Breach: Hackers Now Selling 1.5 Lakh Patients’ Data of Tamil Nadu’s Sree Saran Medical Center on Dark Web

    Data Breach: Hackers Now Selling 1.5 Lakh Patients’ Data of Tamil Nadu’s Sree Saran Medical Center on Dark Web

    Bengaluru, Dec 2: As AIIMS-Delhi struggles to recover from a massive ransomware attack, hackers are currently selling at least 1.5 lakh patients’ data records belonging to Tamil Nadu-based multispecialty hospital called Sree Saran Medical Center for hundreds of dollars on the Dark Web, cyber-security researchers revealed on Friday.

    The stolen database is advertised for $100, meaning that multiple copies of the database would be sold. For actors seeking to be the exclusive owner of the database, the price is raised to $300 and if the owner intends to resell the database, the quoted price is $400. Delhi AIIMS Ransomware Attack: Key Patient Data at Risk of Leak, Sale on Dark Web, Say Cyber-Security Researchers.

    The cyber attack came on the heels of the massive AIIMS ransomware attack that has crippled nation’s premier healthcare institution for days.

    According to security researchers from AI-driven cyber-security firm CloudSEK, the data fields being sold on the Dark Web include patient name, guardian name, date of birth, doctor’s details and address information.

    The data was allegedly sourced from a compromised third-party vendor, Three Cube IT Lab, the report claimed. However, CloudSEK said it had no information that ThreeCube may be operating as a software vendor for Sree Saran Medical Center.

    “A sample was shared as proof for potential buyers to inspect the authenticity of the data. This data was found to be containing patient details from a hospital, based in Tamil Nadu. The sample image has data records dated from the years 2007-2011,” the report mentioned.

    CloudSEK’s AI digital risk platform XVigil discovered a post made by a threat actor, advertising sensitive data allegedly sourced from Three Cube IT Lab India.

    CloudSEK said it has informed all the stakeholders about the incident. Delhi AIIMS Server Down Since 7 Am Today, OPD and Sample Collection Handled Manually.

    “The sensitive data that was stolen from Three Cube IT Lab has been advertised on popular cybercrime forums and a Telegram channel used to sell databases and which is frequented by threat actors,” the report noted.

    “We can term this incident as a supply chain attack, since the IT vendor of the Hospital, in this case Three Cube IT Lab, was targeted first,” said Noel Varghese, Threat Analyst, CloudSEK.

    Using the access to the vendor’s systems as initial foothold, “the threat actor was able to exfiltrate Personally identifiable information (PII) and Protected Health Information (PHI) of their hospital clients,” Varghese added.

    CloudSEK’s researchers used the names of doctors from the database, in order to identify the healthcare firm, whose data was present in the sample.

    They were able to identify that the doctors work at a medical firm known as Sree Saran Medical Center.

    Meanwhile, nearly 1.9 million cyber attacks have been recorded on the Indian healthcare network this year, especially from countries like Pakistan, China and Vietnam, according to the CyberPeace Foundation and Autobot Infosec Private Ltd, along with the academic partners under CyberPeace Center of Excellence (CCoE).

    (The above story first appeared on Morning Tidings on Dec 02, 2022 03:32 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • What Is Bluebugging? How Do Hackers Use Bluetooth-Enabled Devices To Steal Data? How Can You Protect Your Phone? Know Everything Here

    What Is Bluebugging? How Do Hackers Use Bluetooth-Enabled Devices To Steal Data? How Can You Protect Your Phone? Know Everything Here

    New Delhi, December 1 : Smart devices have become an undeniable part of our daily lives. However, with the increasing usage and reliability of connected devices, we are becoming more vulnerable to online threats or cyber-attacks, where one might lose their personal data or getting their entire bank account wiped out. Bluebugging is another method which is being used by hackers to steal data from people’s devices.

    Thus, we need to exercise caution to protect our devices against hacking and practice safe online transaction practices. Cyber-criminals are churning out ingenious techniques to steal personal data and financial details, and one such new technique is called Bluebugging. Know what it is and how to protect yourself against it. WhatsApp Phone Numbers of About 500 Million Users Leaked, Put On Sale on ‘Well-Known’ Hacking Community: Report.

    What Is Bluebugging?

    Nowadays, a lot of smartphones don’t even offer a 3.5mm audio jack, which means we are being practically forced to embrace wireless or Bluetooth accessories. This in turn means we need to have Bluetooth activation on our devices at most times. This leaves the devices vulnerable to getting hacked through Bluebugging. Bluebugging, also known as Bluejacking or Bluesnarfing technique is a way the cyber-criminals hack your device through the Bluetooth connectivity. FIFA World Cup 2022: Hackers Selling Fake Hayya Cards, Digital Coins To Dupe Soccer Fans.

    Hackers just needs to be around 10 meters distance from the victim’s Blutooth enabled device and force connect with the device that is discoverable, and then hijack all data.

    How To Safeguard Yourself From Bluebugging :

    • Keep your smart device always updated with the latest software available with any security software patch.
    • Avoid using public Wi-Fi facilities and if you get any request to connect from an unknown device via Bluetooth, simply reject it.
    • America’s National Security Agency advises users to reboot their Bluetooth or Wi-Fi supported devices, whenever they access any public wireless internet connection.
    • Avoid using your personal name for hotspot sharing and Bluetooth connection.
    • Always have an anti-virus application on your device and scan regularly to detect any threats or malware.
    • While using public internet service do not shop on e-commerce or do any online financial transactions.
    • Regularly check which devices are connected to your Bluetooth enabled device.
    • Never use Bluetooth connectivity to exchange or share sensitive data.

    Stay informed and ensure that your Bluetooth-enabled devices are secure. In case you lose data or experience online fraud, reach out to cyber security wing of police in your respective areas.

    (The above story first appeared on Morning Tidings on Dec 01, 2022 02:11 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • TikTok Invisible Body Challenge: Hackers Spread Malware to Steal Passwords, Credit Card Details of Users

    TikTok Invisible Body Challenge: Hackers Spread Malware to Steal Passwords, Credit Card Details of Users

    San Francisco, November 30 : Hackers have exploited TikTok’s “Invisible Body Challenge” in order to spread malware that can steal passwords and credit card details, the media reported. According to Forbes, a trending challenge on TikTok involves users filming themselves naked while using an effect called “Invisible Body” which removes the body from the video and replaces it with a blurry background. TikTok Down: Chinese Video-Sharing App Back After Brief Global Outage.

    Hackers were taking advantage of this trend by posting videos offering to remove the filter, tricking people into thinking they will see naked bodies instead. However, all they received in return was a piece of malware capable of stealing Discord accounts, as first discovered by security firm Checkmarx. TikTok Continues Hiring As Competitors Laying-Off Employees, Says ‘Will Add Around 3,000 Engineers Across the World’.

    The victims were encouraged to download a piece of software that will supposedly remove the filter. However, the software was fake and they only received a piece of malware called “WASP Stealer (Discord Token Grabber)”, which gathers information from discord accounts, credit cards, passwords and cryptocurrency wallets, according to security firm CyberSmart.

    “The short and shareable format of TikTok’s videos means content can quickly go viral, attracting thousands, if not millions, of eyeballs in a short span of time,” Jamie Akhtar, CEO and co-founder of CyberSmart, was quoted as saying. “It is no wonder then that cybercriminals will be keen to jump on these trends as a vehicle for their scams,” he added. Currently, TikTok officially has over 1 billion monthly active users. A TikTok user spends an average of 95 minutes per day (over 1.5 hours) on the platform.

    (The above story first appeared on Morning Tidings on Nov 30, 2022 07:31 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • Microsoft Warns Hackers Attacking Energy Infrastructure in India Via Discontinued Web Server; Tata Power Targeted

    Microsoft Warns Hackers Attacking Energy Infrastructure in India Via Discontinued Web Server; Tata Power Targeted

    New Delhi, November 24 : Microsoft has warned that state-sponsored hackers are attacking critical energy infrastructure in India via exploiting a discontinued web server, with the most recent attack it observed was on Tata Power in October. Microsoft security researchers discovered a vulnerable open-source component in the “Boa web server” still being used in routers, security cameras and popular software development kits (SDKs), despite its retirement in 2005.

    Tata Power last month admitted it was hit by a cyber attack on its IT infrastructure. The power company, however, said that all its critical operational systems were functioning normally. India-Based ‘Hack-for-Hire’ Industry Flourishing in UK, Stealing Secrets From People, Finds Probe.

    The cyber attack on Tata Power was the handiwork of Hive ransomware group that has victimised over 1,300 companies worldwide, receiving approximately $100 million in ransom payments, according to a joint advisory by the FBI, the US Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services last week.

    Microsoft said it continues to see attackers attempting to exploit Boa vulnerabilities, indicating that it is still targeted as an attack vector. A report published by cybersecurity company Recorded Future in April this year first detailed suspected electrical grid intrusion activity and implicated common IoT devices. Microsoft Announces Sign Language View for Teams.

    While investigating the attack activity, Microsoft researchers assessed the vulnerable component to be the now-retired Boa web server, which is often used to access settings and management consoles and sign-in screens in devices.

    “Without developers managing the Boa web server, its known vulnerabilities could allow attackers to silently gain access to networks by collecting information from files,” said the tech giant.

    Moreover, those affected may be unaware that their devices run services using the discontinued Boa web server, and that firmware updates and downstream patches do not address its known vulnerabilities.

    “Microsoft assesses that Boa servers were running on the IP addresses on the list of IOCs published by Recorded Future at the time of the report’s release and that the electrical grid attack targeted exposed IoT devices running Boa,” said the security researchers. Tata Power Company had said that some of its IT systems were impacted by the cyber attack.

    According to Microsoft, the popularity of the Boa web server displays the potential exposure risk of an insecure supply chain, even when security best practices are applied to devices in the network.

    “In critical infrastructure networks, being able to collect information undetected prior to the attack allows the attackers to have much greater impact once the attack is initiated, potentially disrupting operations that can cost millions of dollars and affect millions of people,” it added.

    (The above story first appeared on Morning Tidings on Nov 24, 2022 11:16 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • Black Friday Sale 2022 on PlayStation Store: Stray, Soul Hackers 2 at Discounted Prices, Check Out the Best Deals Here

    Black Friday Sale 2022 on PlayStation Store: Stray, Soul Hackers 2 at Discounted Prices, Check Out the Best Deals Here

    Black Friday sales are around the corner and every brands are giving off huge discounts on their products and services to attract more customers. PlayStation store is also offering some handsome discounts on various games as part of Black Friday deals. The price of Stray has been cut off by $10 while Soul Hackers 2 will be up at half-off. Black Friday Sale 2022: PS5 Exclusives Discounted to Best Prices Ever on November 25.

    Check Out the Best Deals From PlayStation Store:

    (SocialLY brings you all the latest breaking news, viral trends and information from social media world, including Twitter, Instagram and Youtube. The above post is embeded directly from the user’s social media account and Morning Tidings Staff may not have modified or edited the content body. The views and facts appearing in the social media post do not reflect the opinions of Morning Tidings, also Morning Tidings does not assume any responsibility or liability for the same.)

  • Apple Warns of Flaw Allowing Hackers To Seize Control of iPhones, iPads; Urges Users To Install Emergency Software Updates

    Tech giant Apple which is probably the best in business when it comes to manufacturing best of the smartphones has warned its users of a flaw that is allowing hackers to seize control of iPhones, iPads, and Mac computers. One of the world’s most loved smartphone brands has urged users to install emergency software updates but has not disclosed the extent to which the flaw has been exploited.

    Check AFP News Agency’s Tweet:

     

    (SocialLY brings you all the latest breaking news, viral trends and information from social media world, including Twitter, Instagram and Youtube. The above post is embeded directly from the user’s social media account and Morning Tidings Staff may not have modified or edited the content body. The views and facts appearing in the social media post do not reflect the opinions of Morning Tidings, also Morning Tidings does not assume any responsibility or liability for the same.)