AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/09/2023

More Microsoft OneNote files are being hijacked to spread malware 

Researchers have uncovered a new cyber campaign using Microsoft OneNote files to infect devices with the QBot malware(opens in new tab)A report from Sophos claims the campaign, dubbed “QakNote”, is currently active, with unknown threat actors sending out phishing emails with NoteBook attachments  which come with attachments of their own. These attachments can be in pretty much any format, and in this case, they’re an HTA file – an embedded HTML application. 


Hackers are selling a service that bypasses ChatGPT restrictions on malware 

Hackers have devised a way to bypass ChatGPT’s restrictions and are using it to sell services that allow people to create malware and phishing emails, researchers said on Wednesday. ChatGPT is a chatbot that uses artificial intelligence to answer questions and perform tasks in a way that mimics human output. People can use it to create documents, write basic computer code, and do other things. The service actively blocks requests to generate potentially illegal content. Ask the service to write code for stealing data from a hacked device or craft a phishing email, and the service will refuse and instead reply that such content is “illegal, unethical, and harmful.” 


Jailbreak Trick Breaks ChatGPT Content Safeguards 

Users have already found a way to work around ChatGPT’s programming controls that restricts it from creating certain content deemed too violent, illegal, and more. The prompt, called DAN (Do Anything Now), uses ChatGPT’s token system against it, according to a report by CNBC. The command creates a scenario for ChatGPT it can’t resolve, allowing DAN to bypass content restrictions in ChatGPT. Although DAN isn’t successful all of the time, a subreddit devoted to the DAN prompt’s ability to work around ChatGPT’s content policies has already racked up more than 200,000 subscribers. 


UK Proposes Making the Sale and Possession of Encrypted Phones Illegal 

A section of the UK government has proposed making the sale or possession of bespoke encrypted phones for crime a criminal offense in its own right. The measure is intended to help the country’s law enforcement agencies tackle organized crime and those who facilitate it, but civil liberties experts tell Motherboard the proposal is overbroad and poorly defined, meaning it could sweep up other forms of secure communication used by the wider population if not adjusted. 


Top mobile finance app Money Lover has some worrying security flaws 

A popular finance and budgeting mobile app was leaking email addresses and other sensitive data to anyone who was logged in to the platform, researchers discovered earlier this week. As reported on BleepingComputer, cybersecurity researchers from Trustwave were looking into the traffic of an Android(opens in new tab), iOS, and Windows app called Money Lover using a proxy and the Web Sockets view in the browser’s Developer Tools, when they stumbled upon a quickly populating list of email addresses and other data. Further investigation uncovered that the emails belonged to users of the so-called “shared wallet” feature. 


Cybercriminals exploit volatile job market for targeted email attacks 

Between July–December 2022, the median open rate for text-based business email compromise (BEC) attacks was nearly 28%, according to Abnormal Security. Additionally, of the malicious emails that were read, an average of 15% were replied to. And while less than one percent of recipients engaged with more than one attack, 36% of replies were initiated by employees who had previously engaged with an earlier attack. When it comes to email attacks, the odds are stacked against your workforce—and this new data shows just how much. Threat actors are increasingly taking advantage of social engineering tactics to encourage employees to open malicious emails and fulfill requests like providing login credentials, updating bank account information, and paying fraudulent invoices. 

Related Posts