Latitude Financial Stands Firm Against Ransom Demands
Australian non-bank lender, Latitude Financial, has chosen not to pay the ransom demanded by hackers who stole data from 14 million customers. Latitude Financial disclosed last month that the hackers stole approximately 7.9 million Australian and New Zealand driver’s license numbers, plus 6.1 million additional records, including names, addresses, phone numbers, and birthdates from a database containing information dating back to 2005. The stolen data has yet to be returned or destroyed.
The company continues to experience service disruptions while working to secure its IT platforms. Latitude Financial is under investigation by the Australian Federal Police, but details about the ransom group or ransom demand have not been disclosed by the company. Latitude Financial’s product lines include credit cards and installment payment plans, and the consortium of investors who bought the business from GE in 2015 includes KKR and Deutsche Bank. In 2021, the company went public.
Kaspersky’s North American Future in Jeopardy
The US Commerce Department is considering further action against Moscow-based cybersecurity giant, Kaspersky, which could have serious repercussions for the company’s struggling North American business. Enforcement actions could prohibit the use of Kaspersky software in specific situations, such as on critical infrastructure networks. This could have unintended consequences for other software as well.
Kaspersky’s North American business has been in decline for some time, and the company has been in the crosshairs of the American government since security agencies determined that Russia had interfered in the 2016 US presidential election. The ban on US government sales of Kaspersky’s software has made many American customers in the private sector, as well as state and local governments, reluctant to buy Kaspersky’s technology. The continued scrutiny of Kaspersky by the American government will likely only accelerate the decline of its North American business, and it is expected that the company will focus more on selling to organizations in nations friendly to Russia.
Reign Spyware Targets High-Risk iPhones
Researchers from Citizen Lab and Microsoft have discovered an Israeli spyware firm, QuaDream, using a suspected zero-day exploit to monitor journalists, opposition figures, and NGO workers across multiple continents. The software created by QuaDream and marketed as “Reign” was sold to at least 10 governments and could record audio, track locations, steal passwords, and take pictures. QuaDream is a company with minimal public presence, and the Citizen Lab said Reign’s malware could leave a residue on infected devices even after being removed.
Researchers identified at least five victims in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Hackers who deployed the EndOfDays exploit infected smartphones through invisible iCloud calendar invitations. QuaDream, a spyware company based in Israel, employs a Zero-Click Exploit to target high-risk iPhones. Microsoft is one company tracking the group, identifying them as a private sector offensive actor which sells “exploitation services and malware” to government customers. QuaDream’s malware, named KingsPawn, is capable of gathering and exfiltrating a range of sensitive data, including location, call logs, and device files.
Azure Shared Key Authorization Attack Warning
Researchers are cautioning that an Azure shared key authorization attack could allow attackers to access accounts and data, escalate privileges, move laterally across networks, and execute remote code. Shared keys are part of Azure infrastructure by default and, compared to Azure Active Directory (AD), they provide inferior security because whoever possesses the keys can abuse shared key authorization.
Microsoft recommends disabling shared key authorization in Azure or implementing least privilege and monitoring key access to help mitigate the risk. As the use of cloud services continues to grow, it is essential for organizations to prioritize security measures and stay up
-to-date on potential vulnerabilities.
Malicious AI Chatbot Facebook Ads Deliver RedLine Stealer
Cybercriminals have been discovered posting fake ads on hijacked Facebook business and community pages, offering free downloads of AI chatbots such as ChatGPT and Google Bard. Unfortunately, users who attempt to download these chatbots instead end up with the well-known RedLine info-stealer. RedLine Stealer is a malware-as-a-service (MaaS) that targets browsers to collect user data including credentials, payment-card details, and system information.
RedLine can also upload and download files and execute commands. RedLine malware is a popular choice for hackers due to its versatility and the fact that it only costs around $100 to $150 on the Dark Web. Users should be vigilant when downloading software from unverified sources and should take extra precautions when engaging with ads on social media platforms.
OpenAI Launches Bug Bounty Program
OpenAI, the maker of ChatGPT, announced the launch of a new bug bounty program on Tuesday. The program will pay registered security researchers for uncovering vulnerabilities in OpenAI’s Application Programming Interface (API) and ChatGPT. Bug bounty pay-outs will range from $200 for low-severity security flaws up to $20,000 for exceptional discoveries.
OpenAI clarified that model issues, jailbreaks, and bypasses are out of scope unless there is an associated security issue. The bug bounty program aims to improve the security of OpenAI’s products and services by encouraging researchers to discover and report potential threats. This proactive approach demonstrates OpenAI’s commitment to providing secure AI solutions for its users.
FBI Warns of “Juice Jacking” at Public Charging Stations
The FBI is alerting consumers to avoid using public charging stations due to the risk of “juice jacking,” a practice in which fraudsters infect charging machines with malware to steal user data. The term was first coined in 2011 after researchers created a charging station to demonstrate the potential for hacking such kiosks. Officials said the alert is a refresher to a similar warning released by the FBI and Federal Communications Commission (FCC) in 2021.
It’s unclear how common “juice jacking” is, but experts warn that the attack could allow hackers to take full control of a victim’s device. The safer alternative is using one’s own USB cord and plugging into an electrical outlet or a portable charger. Consumers should be cautious when using public charging stations and consider investing in personal charging options to minimize the risk of data theft.
Spyware Advertised in Python Repository
Researchers have discovered threat actors advertising an info-stealer on the Python Package Index (PyPI), the official Python public repository. Researchers say the perpetrators are a Spanish malware-as-a-service (MaaS) gang called SylexSquad, who conspicuously named their program “reverse-shell.” Reverse shells are commonly used by hackers to remotely harvest data from targeted computers.
Researchers speculate that the hackers’ motives for hosting their malware in a public code repository could range from gaining notoriety to having more control and ability to share their malware. The discovery also serves as a reminder to organizations to use caution when pulling code from public repos like PyPI. As the use of open-source code repositories grows, so does the potential for abuse by malicious actors seeking to distribute malware and exploit unsuspecting users.
April 2023 Patch Tuesday: Microsoft, Apple, Adobe, and More
Microsoft, Apple, Adobe, Google Cisco, Fortinet, and SAP all released security updates as part of April 2023’s Patch Tuesday. Microsoft issued 97 security fixes, including an update for seven Critical bugs and one actively exploited zero-day vulnerability. Apple plugged two actively exploited zero-day bugs in iOS and macOS, while Adobe released patches for vulnerabilities in its popular products, including Acrobat, Reader, Photoshop, Illustrator, and Premiere Pro.
Google addressed several security flaws in its Chrome browser and Android operating system. Cisco released fixes for multiple vulnerabilities in its products, including Webex, ASA, and Firepower. Fortinet issued patches for its FortiGate and FortiWeb products, while SAP announced fixes for several of its software solutions, including the SAP Commerce, SAP Marketing, and SAP HANA Database.
As part of this month’s Patch Tuesday, these companies have urged users to promptly update their devices and software to ensure protection against potential threats. Regularly updating software is a crucial step in maintaining a strong security posture, as cybercriminals often exploit known vulnerabilities to compromise systems and steal data. Users should prioritize installing security patches to minimize risks associated with outdated software.
Cyber threats continue to evolve and pose significant challenges to individuals, businesses, and governments alike. From ransom demands and cybersecurity giants’ struggles to spyware targeting high-risk iPhones and the dangers of public charging stations, it is crucial for all stakeholders to remain vigilant and invest in security measures to safeguard their digital assets. Initiatives such as bug bounty programs, security updates, and public awareness campaigns can help improve the cybersecurity landscape and protect users from potential threats.
That wraps up todays cybersecurity brief. As always, stay safe, stay vigilant, and we’ll see you tomorrow with another update!