AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/17/2023

Microsoft still unsure how hackers stole Azure AD signing key 

Microsoft says it still doesn’t know how Chinese hackers stole an inactive Microsoft account (MSA) consumer signing key used to breach the Exchange Online and Azure AD accounts of two dozen organizations, including government agencies. “The method by which the actor acquired the key is a matter of ongoing investigation,” Microsoft admitted in a new advisory published today. The incident was reported by U.S. government officials after the discovery of unauthorized access to several government agencies’ Exchange Online email services. 

 

WormGPT – The Malicious ChatGPT Alternative Empowering Cybercriminals 

In a disconcerting development for the cybersecurity community, a hacker has created a new chatbot called WormGPT, specifically designed to assist cybercriminals in carrying out illegal activities. WormGPT is being offered for sale on a popular hacking forum, enabling malicious actors to exploit its capabilities for nefarious purposes. This new breed of chatbot lacks the ethical guardrails found in similar AI models, making it a potent tool in the hands of cybercriminals. The alarming discovery was made by SlashNext, an email security provider, which recently tested the chatbot’s functionalities. In a blog post, the company revealed that malicious actors are now developing custom modules similar to ChatGPT but tailored for illegal activities, ultimately making it easier for cybercriminals to execute their schemes. 

 

Google Docs AI Open to Prompt Injection Attacks, Exposing Users to Phishing or Misinformation 

Google Docs’ new AI writing features have a gaping security hole that could lead to new kinds of phishing attacks or information poisoning. Available in public beta, the “Refine the selected text,” feature allows the user to have an AI bot rewrite large swaths of copy or an entire document to “formalize,” “shorten,” “elaborate” or “rephrase” it.  Unfortunately, the bot is vulnerable to prompt injection, meaning that a stray line of malicious text in the input can cause it to modify the output in ways that could fool the user or spread dangerous misinformation. 

 

Israeli defense forces employ more AI weapons systems in reinvention of warfare 

A hot potato: While the explosion in the use of AI, both generative and otherwise, this year has brought concerns over job losses and the death of human creativity, it’s also exacerbated long-held fears regarding artificial intelligence’s implementation in weapons. In Israel, the country has been utilizing autonomous guns and drones for years. Now, its air forces have started using AI to select targets for air strikes and organize wartime logistics. 

 

EU Urged to Prepare for Quantum Cyber-Attacks 

A new discussion paper has set out recommendations for the European Union (EU) on how to ensure member states are protected against quantum-enabled cyber-attacks. Written by Andrea G. Rodríguez, Lead Digital Policy Analyst at the European Policy Centre, the paper A quantum cybersecurity agenda for Europe emphasized the urgent need for a new EU Coordinated Action Plan to facilitate quantum-secured technologies before ‘Q-Day’ – the point at which quantum computers are able to break existing cryptographic algorithms. 

 

Linux Hacker Tricks Cybersecurity Researchers with Malicious Proofs of Concept on GitHub 

In an unexpected twist, a hacker specialized in Linux has managed to dupe cybersecurity researchers and possibly other threat actors by using fake Proofs of Concept (PoCs), loaded with malware, and posted on the coding platform GitHub. The exploit was discovered during a routine scan by security analytics firm Uptycs, revealing the shrewd use of legitimate PoCs for known vulnerabilities injected with Linux password-stealing malware. PoCs are critical tools in the realm of cybersecurity, enabling researchers to understand, test and analyze the potential impacts of publicly disclosed vulnerabilities. Their ubiquity, though, can also give threat actors the opportunity to conduct attacks more efficiently, exploiting these PoCs to identify weak spots in target systems. 

 

Related Posts