Hackers use RMM tools to breach freighters and steal cargo shipments
Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods. Researchers tracked the activity to June, but they found evidence of these types of campaigns delivering NetSupport and ScreenConnect since January. According to email security firm Proofpoint, these attacks is becoming more popular, with nearly two dozen campaigns recorded since August, each of them sending up to a thousand messages.
Ransomware negotiator, pay thyself!
A ransomware negotiator and an incident response manager at two separate cybersecurity firms have been indicted for allegedly carrying out ransomware attacks of their own against multiple US companies. Ryan Clifford Goldberg of Watkinsville, Georgia, Kevin Tyler Martin of Roanoke, Texas, and a third unnamed co-conspirator who lives in Land O’Lakes, Florida, allegedly broke into corporate networks, stole sensitive data, deployed ALPHV/BlackCat ransomware, and demanded tens of millions of dollars in extortion payments, according to an October 2 indictment [PDF].
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations
Microsoft uncovers a months-long campaign where threat actors used OpenAI’s legitimate API as a covert command-and-control channel, bypassing traditional detection methods. In a newly uncovered campaign, threat actors embedded a previously undocumented backdoor, dubbed SesameOp, which exploits the OpenAI Assistants API for relaying commands and exfiltrating results. According to researchers at Microsoft, the campaign was active for months before detection, and relied on obfuscated .NET libraries loaded via AppDomainManager injection into compromised Visual Studio utilities.
LinkedIn will soon use your data to train AI. Here’s what you can do to opt out.
On November 3, LinkedIn will begin sharing your data with Microsoft and its affiliates for AI training. You’re opted in by default, but there’s still time to do something about it. This new LinkedIn AI policy seems to fit into Microsoft’s broader strategy(new window) of feeding more data into its AI ecosystem. Just weeks earlier, the company announced that Word documents would start saving to OneDrive by default, with Excel and PowerPoint soon to follow. This move has raised concerns about how shifting personal or professional files into Microsoft’s cloud could intersect with AI training, especially when considering Microsoft’s multibillion-dollar investment in OpenAI, the maker of ChatGPT.
Government and industry must work together to secure America’s cyber future
At this very moment, nation-state actors and opportunistic criminals are looking for any way to target Americans and undermine our national security. Their battlefield of choice is cyberspace. Cybersecurity is the preeminent challenge of our time, and threats to our networks impact far more than just our data––they impact the resilience of our communities, the continuity of our economy, and the security of our homeland. Widespread cyber intrusions by Salt Typhoon and Volt Typhoon continue to demonstrate the Chinese Communist Party’s unrelenting quest to steal intellectual property, surveil government officials, and pre-position themselves in our nation’s critical infrastructure to disrupt our way of life at a time of their choosing. Russia, Iran, and North Korea are also probing for vulnerabilities to exploit in our networks
