By Waqas
Cyber Warfare Takes Flight: Geopolitics Fuel Attacks on Airlines - Dark Web Tool Aims at E-commerce!
This is a post from HackRead.com Read the original post: Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

Cybersecurity researchers have published two concerning reports where the first report highlights the surge in cyber attacks against the aviation and aerospace industries – And the second report exposes a dark web tool called TMChecker fueling attacks against E-commerce platforms.

Recent cyber incidents targeting the aerospace and aviation sectors have raised concerns about the industry’s vulnerability to malicious attacks, according to a report by Resecurity. The report highlights the critical need for strong cybersecurity risk assessments to protect airports and aviation infrastructure.

The aerospace sector, including the design, manufacturing, and maintenance of aircraft and spacecraft, has become a prime target for cyberattacks due to its reliance on interconnected digital infrastructures and global supply chains.

The integration of Industrial Internet of Things (IIoT) technologies has further strengthened this threat, making aerospace organizations more vulnerable and susceptible to cyber attacks.

Credit: Resecurity

****Ransomware Attacks & The Aviation Industry****

Ransomware emerges as a top threat facing the aviation industry, with a 600% increase in occurrences reported by Boeing Chief Security Officer Richard Puckett at the 2023 Aviation Week MRO Americas Conference.

The European Organisation for the Safety of Air Navigation (Eurocontrol) also highlighted ransomware as the sector’s leading attack trend in 2022, accounting for 22% of all malicious incidents. Some of the examples highlighted in the report include the LockBit ransomware gang’s attack on Boeing in November 2023, which the aviation giant later confirmed.

****Geopolitical tensions & The Aviation Industry****

According to Resecurity’s blog post titled “The Aviation And Aerospace Sectors Face Skyrocketing Cyber Threats,” geopolitical tensions and the designation of aerospace and aviation as critical infrastructure by the U.S. government have fueled cyberattacks targeting the industry.

Threat actors, including hacktivist collectives, are increasingly targeting aviation organizations to advance political agendas or disrupt operations. One such example is the hacktivist group Anonymous Sudan which targeted FlyDubai, an Emirati government-owned airline in Dubai, United Arab Emirates in February 2024 citing the company’s alleged support to the Rapid Support Forces (RSF) in Sudan.

Other recent cyberattacks targeting the aerospace sector include Distributed Denial of Service (DDoS) attacks by groups such as Mysterious Team Bangladesh (MTB) against Saudi Arabian airports and ALTOUFAN TEAM against Gulf Air.

> In stand with our steadfast Palestinian people in Gaza Strip in their brave and honorable resistance,ALTOUFAN TEAM targets companies normalized with the Zionist entity , Bahrain International Airport and the Bahraini national carrier “Gulf Air” servers and website…… pic.twitter.com/OKOhR12M3S
> 
> — ALTOUFAN TEAM (@altoufanteam) November 22, 2023

Additional incidents involve ransomware attacks on airlines like Air Albania and Continental Aerospace Technologies, compromising critical data and disrupting operations.

**T**MChecker – Dark Web Tool Targeting Remote Access and E-Commerce Platforms****

In another report published on March 13, 2024, Resecurity detailed a new cybersecurity threat named TMChecker that has surfaced on the Dark Web, posing a notable risk to remote-access services and popular e-commerce applications.

Developed by an actor known as “M762” on the Russian language XSS cybercrime forum, TMChecker is a sophisticated tool that combines corporate access login (log) checking capabilities with a brute-force attack kit. Available for a monthly subscription fee of $200, TMChecker has garnered attention for its ability to target a wide range of VPN gateways, email servers, and e-commerce platforms.

Credit: Resecurity

TMChecker stands out from similar tools like ParanoidChecker due to its focus on corporate remote access gateways, which are often primary targets for ransomware attacks and other malicious activities. The tool supports 17 solutions, including Cisco VPN, Citrix VPN, Office 365, WordPress, Magento, and cPanel, among others, making it a versatile and powerful weapon.

Cybercriminals exploit TMChecker to identify compromised data containing valid credentials for corporate VPN and email accounts. In one observed incident, threat actors used TMChecker to target the email server of a government organization in Ecuador, demonstrating the tool’s real-world impact.

M762 operates a Telegram channel with over 3,270 subscribers, potentially indicating a sizable user base for TMChecker. The addition of such tools aligns with a concerning trend highlighted in recent Microsoft research, which noted a significant increase in human-operated ransomware attacks.

These attacks often involve the abuse of remote monitoring and management tools, leaving behind less evidence compared to automated attacks delivered through malicious documents.

As TMChecker and similar tools lower the barriers to obtaining remote access credentials, the risk of destructive ransomware attacks and other malicious campaigns amplifies. This threat is particularly acute in the context of mergers and acquisitions, where cybercriminals target vulnerable organizations to exploit for financial gain.

1.  Cl0p ransomware gang hits Aviation giant Bombardier
2.  Hackers Uncover Airbus EFB App Flaws, Risking Aircraft Data
3.  Israeli: Hackers Targeted EL AL Flights in Mid-Air Hijack Attempt
4.  Military Satellite Access Sold on Russian Hacker Forum for $15,000
5.  Hackers posing as LinkedIn recruiters to scam military, aerospace firms

Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

By Deeba Ahmed
40% of 2024 CVEs Missing Key Info: NVD Data Gap Raises Security Risks!
This is a post from HackRead.com Read the original post: NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged

Alert! Missing NVD Data Leaves Businesses Vulnerable. Patching Delays Due to Disruption. Security Experts Urge Action.

A disruption at the National Institute of Standards and Technology (NIST) is causing problems for organizations that rely on its National Vulnerability Database (NVD). The NVD is a central repository for information about software vulnerabilities, serving as a critical resource for organizations to identify and address security weaknesses in their systems. 

Security policies mandate governments and commercial organizations to address vulnerabilities based on NVD-provided severity levels within specific days, making it the world’s most significant vulnerability database.

Therefore, it is concerning that NIST has stopped enriching software vulnerabilities in NVD since February 12, 2024. This significant drop in enrichment was first discovered by software security provider Anchore’s VP of Security, Josh Bressers, and subsequently noted by Cisco Threat Detection & Response’s principal engineer, Jerry Gamblin, Gamblin and NetRise.

The NVD announced on February 15th that it is working to establish a consortium to address challenges in the NVD program and develop “improved tools and methods.” This may cause temporary delays in analysis efforts, the NVD explained. However, security analysts opine that the NVD is lagging in fully reporting CVEs.

> _“NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. You will temporarily see delays in analysis efforts during this transition. We apologize for the inconvenience and ask for your patience as we work to improve the NVD program.”_

Hackread.com captured a screenshot from the website, which has been displayed since February 14, 2024.

Screenshot: Hackread.com

As pointed out by a report referring to NetRise CEO Tom Pace, reported that only 200 out of 2700 Common Vulnerabilities and Exposures (CVEs) have been enriched. This means over 2500 vulnerabilities added to the database have been uploaded without crucial metadata information.

These include the description of the vulnerability and software ‘weakness’ potentially leading to an exploit (called Common Weakness and Exposure/CWE), the names of affected software products, the vulnerability’s criticality/CVSS score, and patching status. Bressers shared an updated graph showing few CVEs have been enriched in the past 30 days.

The issue is attributed to a decrease in CVEs enriched with crucial metadata, such as Common Product Enumerators (CPEs) and criticality scores (CVSS). The NVD has left thousands of CVEs untagged since mid-February, leaving around 40% of this year’s CVEs without vital information. This is concerning as CPE is the main way to match a CVE to a component and relies on many home-grown vulnerability solutions.

For your information, MITRE developed the CVE framework to identify known security flaws. CVE IDs are reported by CVE Numbering Authorities, which include 350 tech companies, security vendors, and researchers.

CVEs are tagged with other cybersecurity acronyms like Common Weakness Enumerators (CWEs), Common Vulnerability Scoring System (CVSS), and Common Platform Enumerator (CPE). CWEs describe coding flaws, CVSS scores describe CVE impact severity, and CPEs identify systems in danger.

This disruption poses a significant challenge to organizations that depend on the NVD for vulnerability management. Without access to this comprehensive data, organizations cannot efficiently identify vulnerable systems within their networks. This can lead to delayed patching or remediation efforts, potentially exposing these systems to exploitation by malicious actors.

The cybersecurity researchers are urging NIST to prioritize resolving this interruption and resume providing complete vulnerability data within the NVD. Transparency regarding the cause of this issue is also essential to ensure continued trust and collaboration within the cybersecurity community.

1.  Vulnerability Risk Management for External Assets
2.  ZombieBoy crypto malware exploits CVEs to evade detection
3.  NIST’s Cybersecurity Framework 2.0: Guide for All Organizations
4.  Flashpoint Uncovers 100K+ Hidden Vulnerabilities, Including 0-Days
5.  Ethical Hackers Reported 835 Vulnerabilities, Earned $450K in 2023

NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged

By Waqas
Hackers claim to have breached Viber, stealing 740GB of data, including source code, and are now demanding ransom of 8 Bitcoin.
This is a post from HackRead.com Read the original post: Hackers Claim Accessing 740GB of Data from Viber Messaging App

Pro-Palestinian hackers calling themselves “Handala Hack” claim to have accessed 740GB of data from the messaging app Viber, including source code – Viber denies the breach but is investigating – Users are advised to change passwords.

Messaging app **Viber** is facing a potential data breach after a pro-Palestinian hacktivist group, Handala Hack, claimed responsibility for accessing its servers and stealing a trove of data.

In its Telegram post, Handala Hack alleged they stole over 740GB of data, including Viber’s source code. The group demands a ransom of 8 Bitcoin, or $583,000, for the stolen information.

“Have you seen the management panel of Viber Messenger before? Can you imagine the technology giants affiliated with the occupying regime, what information of citizens they store?” the group’s post read. As seen by Hackread.com, the claim was accompanied by an image allegedly showing a directory listing.

Handala Hack group on Telegram (Screenshot credit: Hackread.com)

Viber, a messaging app introduced in 2010 and acquired by Japanese multinational firm Rakuten in 2014 for $900 million, has responded to the hackers’ claims.

The company has denied any evidence of intrusion into its systems or data compromise but confirmed that it has already launched an investigation to verify if a security breach has occurred. 

“We are aware of the claim and are investigating the validity of the alleged breach with utmost urgency,” the company said. “The security of our users’ data is our top priority,” the company reiterated.

If confirmed, this could be one of the largest data breaches in recent history. Experts opine that this breach, potentially involving personal messages, call logs, contact details, and financial information, can devastate Viber users. 

Handala Hack is a controversial group known for targeting Israeli entities and their allies to support the Palestinian cause. It has been active since establishing its Telegram channel in December 2023 and later joining **Breach Forums**.

Handala Hack group on Breach Forums (Screenshot credit: Hackread.com)

This group claims to have targeted Israeli infrastructure, healthcare providers, community centers, tech companies, media outlets, and defence contractors with sophisticated techniques.

Some of these techniques include phishing emails mimicking F5 BIG-IP zero-day security updates and SQL injection attacks, compromising databases and highlighting their intent to disrupt political messages through cyber means. Their claimed targets include Hadarom Port, Home Medics, Rosh Ha’ayin Municipal Society, and DRS RADA Technologies.

Whether verified or not, the incident involving Viber raises questions about the app’s data security practices. Viber needs to address user concerns by clearly explaining the situation and any potential risks to user data. 

In the meantime, Viber users should exercise caution and change their passwords, be cautious of phishing attempts, and stay informed about any updates regarding the alleged data breach by checking Viber’s official channels.

1.  Pro-Palestinian TA402 APT Using IronWind Malware
2.  Hacktivists Hit Critical ICS Infrastructure in Israel -Palestine
3.  Hackers Target Israeli Rocket Alert App Users with Spyware
4.  Palestinian Engineer Jailed for Hacking Israeli CCTVs & Drones
5.  Hamas-Linked Group Revives SysJoker Malware, Leverages OneDrive

Hackers Claim Accessing 740GB of Data from Viber Messaging App

By Waqas
Another day, another cybersecurity threat hits unsuspected users!
This is a post from HackRead.com Read the original post: New Malware “BunnyLoader 3.0” Steals Credentials and Crypto

New high-performance malware “BunnyLoader 3.0” steals logins, crypto & lurks undetected. Palo Alto Unit 42 reveals its tricks to help businesses & individuals fight back. Learn how to protect yourself from this evolving cyber threat.

In the scenario where cybersecurity threats are peeking, staying one step ahead of malicious actors is crucial to protecting your online business and identity. Recently, Palo Alto’s Unit 42 released a report shedding light on a dangerous new malware called BunnyLoader, and its latest version, BunnyLoader 3.0. Here’s what you need to know:

****The BunnyLoader Menace:****

BunnyLoader is not your average malware. It’s a sophisticated tool developed by cybercriminals to steal sensitive information, credentials, and even cryptocurrency from unsuspecting victims. What’s more, it’s constantly evolving, making it a challenging threat for the cybersecurity community.

****A Constantly Evolving Threat:****

Since its discovery in September 2023 on **Breach Forums**, BunnyLoader has undergone multiple updates and enhancements, each aimed at outsmarting security measures and staying under the radar of cybersecurity researchers. From bug fixes to advanced keylogging capabilities, the creators of BunnyLoader are constantly tweaking their creation to maximize its effectiveness.

****The Release of BunnyLoader 3.0:****

On February 11, 2024, the threat actors behind BunnyLoader unveiled their latest version, BunnyLoader 3.0, boasting a 90% improvement in performance. This new iteration comes with a reduced payload size and enhanced keylogging capabilities, making it even more dangerous than before.

****Behind the Scenes of BunnyLoader:****

Unit 42’s **technical write-up** provides a glimpse into the inner workings of BunnyLoader, revealing the tactics and techniques used by its creators to evade detection. From changing file names to mimicking legitimate applications, BunnyLoader employs various strategies to stay hidden from cybersecurity experts.

****Protecting Yourself Against BunnyLoader:****

With the threat of BunnyLoader looming large, it’s more important than ever to stay vigilant and take proactive measures to protect yourself and your online assets. By staying informed about the latest cyber threats and implementing robust security measures, you can minimize the risk of **falling victim to malicious actors**.

1.  95.6% of New Malware in 2022 Targeted Windows
2.  SpyNote Android Spyware Poses as Legit Crypto Wallets
3.  Malware Turns Windows, macOS Devices into Proxy Nodes
4.  Mispadu Stealer’s New Variant Targets Browser Data of Mexicans
5.  Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain

New Malware “BunnyLoader 3.0” Steals Credentials and Crypto

By Waqas
New INTERPOL Financial Fraud assessment reveals how cybercrime is being fueled by the abuse of AI and other technologies.
This is a post from HackRead.com Read the original post: AI-Powered Scams, Human Trafficking Fuel Global Cybercrime Surge: INTERPOL

AI tech fuels surge in financial fraud and cybercrime, warns INTERPOL. Sophisticated scams and human trafficking rings exploit cryptocurrency and social engineering to steal billions. Urgent global action is needed to combat this growing threat.

In its latest assessment of global cybercrime and financial fraud, INTERPOL has rung the alarm on the rapidly increasing threat posed by growing sophisticated criminal operations leveraging technology.

The report reveals a difficult-to-face reality: the **emergence of Artificial Intelligence (AI)**, large language models, cryptocurrencies, and service-based fraud models like phishing and ransomware are empowering a surge in fraudulent activities worldwide.

Advanced technologies have enabled organized crime groups to carry out professional and complex fraud campaigns with minimal technical expertise and cost previously required. The emergence of malicious AI-powered chatbots like **WormGPT and FraudGPT** are a few such examples.

Notably, the report highlights the expansion of human trafficking networks involved in call center operations, particularly in executing hybrid scams such as ‘**pig-butchering**‘ schemes, which blend elements of romance and investment frauds while exploiting cryptocurrencies.

Secretary General of INTERPOL, Jürgen Stock, expressed serious concern over the epidemic of financial fraud, emphasizing the devastating impact on individuals, businesses, and even governments. He emphasised the urgent need for coordinated action to close existing loopholes, enhance information-sharing mechanisms, and encourage a global response to combat this threat.

Key findings from the report highlight the pervasive nature of financial fraud, with prevalent trends including investment fraud, advance payment fraud, **romance fraud**, and business email compromise. Furthermore, financial fraud typically involves networks of co-offenders, varying from highly organized to loosely affiliated groups.

To address the growing menace of financial fraud, the report advocates for the establishment of multi-stakeholder Public-Private Partnerships to trace and recover lost funds.

Notably, since the launch of INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) mechanism in 2022, over USD 500 million in criminal proceeds have been intercepted, primarily originating from cyber-enabled fraud.

Regional trends **outlined in the report** shed light on the evolving nature of financial fraud across continents:

**Africa:** Business Email Compromise (**BEC**) remains prevalent, with emerging trends in ‘pig butchering’ fraud. West African criminal syndicates are expanding transnationally, exhibiting expertise in various forms of online financial fraud.

**Americas:** Fraud types include impersonation, romance, tech support, advance payment, and telecom fraud. **Human trafficking-driven fraud** is on the rise, with syndicates exploiting victims coerced into committing financial crimes.

**Asia:** ‘**Pig butchering**‘ fraud schemes have proliferated, alongside telecommunication frauds where perpetrators impersonate officials to deceive victims. Criminal organizations in Asia are adopting business-like structures to facilitate fraudulent activities.

**Europe:** Online investment frauds and **phishing schemes are escalating**, targeting selected individuals and exploiting mobile phone apps. Criminal networks involved exhibit sophisticated modi operandi, often combining multiple fraud types.

In response to the news, we reached out to **Oliver Spence**, CEO of Cybaverse who emphasised the importance of employee training, of not ignoring the threats and tackling them before it is too late.

“This news from Interpol should not be taken lightly by organisations and clearly, financially motivated cybercrime is on the rise, and generative AI tools are heightening the problem while lowering the technical barrier of entry into cybercrime._”_

“To counter the threat, employees need to be trained about AI-generated phishing scams and taught to question emails, even when they seem realistic. Organisations must bolster this with email security solutions that can detect malicious code embedded into emails, so they can be stopped before reaching user inboxes,_”_ he advised.

As financial fraud continues to evolve and increase globally, the INTERPOL report goes on to highlight the urgent need for collaborative efforts to stem this growing epidemic and protect vulnerable individuals and entities from exploitation.

1.  INTERPOL Dismantles ’16shop’ Phishing-as-a-Service Platform
2.  Interpol Nets $300M, Arrests 3,500 in Major Cyber Crime Bust
3.  US government seizes classified advertising website Backpage
4.  Utilizing Programmatic Advertising to Locate Abducted Children
5.  Operation Narsil – INTERPOL Busts Decade-Old Child Abuse Network

AI-Powered Scams, Human Trafficking Fuel Global Cybercrime Surge: INTERPOL

By Deeba Ahmed
Another day, another massive data breach!
This is a post from HackRead.com Read the original post: Massive Data Breach Exposes Info of 43 Million French Workers

A massive data breach at a French employment agency is affecting over 43 million users – representing more than half of France’s total population.

A large-scale data breach has compromised the personal information of a staggering 43 million French workers, raising concerns about identity theft and fraud. The attack is believed to have impacted around two-thirds of France’s population. The unclaimed cyberattack targeted two French employment agencies France Travail and Cap Emploi.

On March 13, 2024, French employment agency France Travail, previously called Pole Emploi, announced becoming the victim of a data breach that exposed the personal data of their registered users. This includes names, social security numbers, dates of birth, email, postal addresses, phone numbers, and user IDs.

France Travail named another company Cap Emploi, a government employment service supporting people with disabilities, as the victim of this breach. France Travail confirmed that login credentials, passwords, and bank details are not at risk. 

On March 8, the agency notified the Commission Nationale de l’Informatique et des Libertés (CNIL), the national data protection agency, and filed a police complaint after which a formal investigation was launched.

Initial probing by the Paris Public Prosecutor’s Office and the Cybercrime Brigade of the Paris Judicial Police Department revealed that a malicious actor gained unauthorized access to Cap Emploi’s systems on February 6, impersonating a Cap Emploi civil service officer. France Travail began noticing suspicious activity within its IT systems between 6 February and 5 March 2024. 

According to CNIL, a cyberattack on France Travail (francetravail.fr) could have potentially exposed data of those currently registered on the job seekers list, those registered over the last 20 years, and those with a candidate space on the platform. The company will notify impacted users individually.

The French cybersecurity community has criticised France Travail’s security shortcomings, with some professionals surprised that the agency took around a month to notify authorities and 20 years of users’ data being accessible online.

While it is legally required to keep users’ data for a certain period, storing the oldest part in a secure backup repository is generally recommended. The CNIL has now initiated an investigation to assess the company’s compliance with data security measures with the EU’s General Data Protection Regulation (GDPR).

Interestingly, ethical hacker Olivier Laurelli (aka Bluetouff) attempted to publicly notify France Travail of security flaws in the agency’s new web application in February without receiving a response. The French government has warned of potential cyber threats, including phishing, scams, and identity theft, following the data breach.

> Bonjour @FranceTravail on a bien rigolé ce weekend, mais on est d'accord que l'info est remontée et que vos équipes travaillent d'arrache pied à corriger ce truc avant qu'un drame national n'arrive ? https://t.co/O7V4HCUqw1
> 
> — ☠ Bluetouff (@bluetouff) February 26, 2024

CNIL is urging French workers to remain vigilant and be cautious of any suspicious communication. They recommend monitoring bank statements closely for unusual activity and considering placing a fraud alert on credit reports. 

This massive data breach comes as a significant blow to France’s reputation for data security, highlighting the need for stricter regulations and improved cybersecurity practices within French companies, particularly those handling sensitive employee data.

For insights into the data breach, we reached out to Nick Tausek, Lead Security Automation Architect at Swimlane who added, “The scale of this latest breach surpasses previous incidents, highlighting the ongoing challenges faced by governmental agencies entrusted with safeguarding the personal data of millions.”

“To mitigate against these threats, organizations need to adopt a proactive cybersecurity approach. Investing in security platforms that centralize investigation and detection through the use of automation will allow security teams to respond to threats in real time and gain visibility across the SOC,” Nick advised.

1.  Air France website hacked by ‘Algerian Mujahideen’ Hackers
2.  France Weather Forecast Website Hacked By Anti-War Hacker
3.  Franch newspaper exposed 8TB of data with 7.4 billion records
4.  France Believes Russia Hacked TV5Monde Posing as ISIS Hackers
5.  Death linked to prank – France seeks extradition of hacker from Israel

Massive Data Breach Exposes Info of 43 Million French Workers

By Deeba Ahmed
The data breach is linked to a December 2023 cyberattack.
This is a post from HackRead.com Read the original post: Nissan Confirms Data Breach Affected 100,000 Customers and Employees

Following a cyberattack in December 2023, Nissan confirms a data leak impacting customers, dealers, and employees. Information potentially compromised includes names, contact details, and even government-issued IDs for up to 10% of those affected. Nissan is notifying individuals and offering support services.

Nissan Motor Corporation’s Oceania region has confirmed a data breach impacting roughly 100,000 individuals. The breach, linked to a December 2023 cyberattack claimed by the Akira ransomware group, exposed the personal information of customers, dealers, and some current and former employees.

For your information, Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand were impacted by a cyberattack on December 5, 2023.

“On 5 December 2023, a malicious third party obtained unauthorised access to our local IT servers. We took immediate action to contain the breach, and promptly alerted the relevant government authorities, including the Australian and New Zealand national cyber security centres and privacy regulators” Nissan revealed in an update released on 13 March 2024.

**Akira ransomware group** claimed to have stolen 128 GB of information including corporate files and personal information. Other impacted businesses included Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM. Hackers then published files stolen from Nissan systems, indicating the company refused ransom demands.

Akira ransomware announcing Nissan Australia data breach (Screenshot: Hackread.com)

Nissan detected the ‘disruptive incident’ the same month and notified customers but crucial details about data exfiltration weren’t confirmed until now. While the exact nature of the compromised data remains under investigation, Nissan acknowledges the possible leak of government-issued identification documents, names, and contact details. The company emphasizes that they are still validating contact information and removing duplicates, so the final number affected might be slightly lower.

Nissan Oceania has now started contacting the 100,000 affected individuals. The carmaker has reported that the type of information compromised in the breach might be different for each affected individual.

The company estimates that up to 10% of individuals may have had their government identification compromised, with the data set including 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports, and 1,300 tax file numbers. The remaining 90% of the affectees Nissan is notifying have had other personal information impacted, including loan-related transaction statement copies, employment or salary information, and general information like dates of birth. 

The company is providing support services to affected individuals and enhancing cybersecurity measures to prevent future incidents, while also offering free identity theft and credit services.

Nissan advises customers to remain vigilant and be cautious of any suspicious emails, calls, or text messages. They recommend monitoring financial statements for unauthorized activity and considering placing a fraud alert on their credit reports.

Commenting on the news and providing insight, Erfan Shadabi, a cybersecurity expert at comforte AG said, “This data breach on Nissan demonstrates just how important it is for every organization to rethink data security. Nissan must now assess just how much sensitive information has been released.”

“Hopefully, they can navigate this situation effectively with minimal damage. The distressing fact is that ordinary individuals and users invariably find themselves at the mercy of organizations failing to fortify their data against potential breaches. The fallout from such incidents can range from identity theft to financial losses, leaving users vulnerable to a myriad of cyber threats,” Shadabi warned.

“The ironic thing is that enterprises can avoid the threat of leaked hijacked data simply by taking a data-centric approach to protecting sensitive information. Using tokenization or format-preserving encryption, businesses can obfuscate any sensitive data within their data ecosystem, rendering it incomprehensible no matter who has access to it. These reports should all be treated as cautionary tales, as any enterprise might find itself in the same boat without the proper data-centric approach,” he stressed.

1.  Cybercriminals Exploit CAN Injection Hack to Steal Cars
2.  Nissan Leaf Maybe At Threat Because of Vulnerable APIs
3.  App Flaw Allowed Nissan Cars Hack by Knowing VIN number
4.  Nissan Canada cyber attack; millions of customer accounts stolen
5.  Nissan source code leaked, “admin” was its as username, password

Nissan Confirms Data Breach Affected 100,000 Customers and Employees

By Waqas
Microsoft's Copilot for Security will be accessible through a pay-as-you-use licensing model.
This is a post from HackRead.com Read the original post: Microsoft is Opening AI-Powered “Copilot for Security” to Public

Microsoft’s innovative security solution, Copilot for Security, will be available to the public from April 1, 2024, marking a significant advancement in the fight against cybercrime.

Microsoft Copilot for Security, initially accessible to select users through an exclusive early access initiative, is an innovative AI-driven tool aimed at fortifying defenders’ capabilities and efficiency in tackling security challenges. The feature is now becoming available to the public, enabling everyone to leverage its benefits.

****What is Microsoft Copilot?****

Copilot is an industry-first **generative AI** solution designed to empower security and IT professionals. It leverages the power of artificial intelligence to analyze vast amounts of data and provide crucial insights, allowing security teams to:

*   **Catch hidden threats:** Copilot’s AI capabilities can uncover subtle anomalies that human analysts might miss, bolstering overall threat detection.
*   **Respond faster:** By automating routine tasks and offering real-time guidance, Copilot streamlines security operations, enabling a quicker response to security incidents.
*   **Boost expertise:** The AI assistant serves as a valuable learning tool, helping security professionals stay up-to-date on the latest threats and best practices.

****Microsoft Copilot for Security: Tailored for the Modern Defender****

This specific feature of Copilot focuses on the unique needs of cybersecurity professionals. It integrates seamlessly with existing security workflows, offering features such as:

*   **Natural language interaction:** Security personnel can interact with Copilot using plain English, asking questions and receiving clear, actionable responses.
*   **Enhanced incident response:** Copilot assists in investigations by analyzing data, suggesting potential causes, and recommending next steps.
*   **Proactive threat hunting:** The AI proactively scans for vulnerabilities and suspicious activity, helping to identify potential threats before they escalate.
*   **Improved posture management:** Copilot continuously monitors an organization’s security posture, providing valuable insights for strengthening defences.

> _“Threat actors are getting more sophisticated. Things happen fast, so we need to be able to respond fast. With the help of Copilot for Security, we can start focusing on automated responses instead of manual responses. It’s a huge gamechanger for us.”_
> 
> Mario Ferket, Chief Information Security Officer, Dow Inc.

****General Availability and Beyond****

Microsoft **announced** the general availability of Copilot for Security on April 1, 2024. This means the solution is now accessible for purchase by any organization seeking to strengthen its cybersecurity efforts.

The future of Copilot appears bright, with Microsoft continuously developing new capabilities. The company emphasizes its commitment to working with security professionals to further refine the solution and ensure it remains a valuable asset in the growing cyber threat landscape.

1.  Microsoft’s new tool detects, reports pedophiles in chats
2.  Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!
3.  Microsoft’s Windows File Recovery tool recovers your lost data
4.  Microsoft launches Linux memory forensics tool to detect malware
5.  McAfee’s Mockingbird AI Tool Detects Deepfake with 90% accuracy

Microsoft is Opening AI-Powered “Copilot for Security” to Public

By Deeba Ahmed
Mikhail Vasiliev, a Russian-Canadian citizen faces four years in a Canadian prison and is likely to be extradited to the US after completing his sentence.
This is a post from HackRead.com Read the original post: LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition

Mikhail Vasiliev was also fined $860,000 for his involvement in the LockBit gang’s attacks. This case highlights the international effort to combat cybercrime and the severe consequences awaiting perpetrators.

A Russian-Canadian citizen, Mikhail Vasiliev, has been sentenced to nearly four years in prison for his involvement in the notorious **LockBit ransomware operation**. Vasiliev will also pay $860,000 in restitution to his Canadian victims.

Vasiliev’s lawyer reportedly argued that he turned to cybercrime due to financial difficulties during the **COVID-19 pandemic**.  However, Justice Michelle Fuerst rejected this justification, calling Vasiliev a _Cyber Terrorist_ whose actions were motivated by _greed_ and his crimes were “_far from_ _victimless crimes_.”

Investigations revealed Vasiliev’s role as a key member of the LockBit ransomware gang, involved in a significant number of cyberattacks with ransom demands ranging between €5m-€70 million. Vasiliev took responsibility for his actions, as confirmed by his lawyer Louis Strezos.

Vasiliev, 34, was arrested in October 2022 from his residence in Bradford, Ontario where he had moved from Moscow 20 years ago. He pleaded guilty in February 2024 to stealing victims’ computer data and using it for extortion.

Moreover, according to Canadian media **reports**, he admitted targeting at least three Canadian organizations, encrypting their data, and seeking ransom payments between 2021-2022, making $100 million in ransom demands for the gang from around 1,000 cyberattacks on victims in the U.S. and globally,

Vasiliev primarily targeted businesses in Saskatchewan, Montreal, and Newfoundland. His attacks likely caused significant disruptions and financial losses to the targeted businesses.

In November 2022, the US Department of Justice announced separate charges for his involvement in LockBit attacks. Vasiliev is set to be extradited to the U.S. for facing these additional charges

**LockBit, active since 2020**, operates under a ransomware-as-a-service (RaaS) business model, where affiliates exploit intrusions and deploy ransomware in exchange for some percentage of ransom payment.

In 2023, the gang gained significant profits from targeting companies like Boeing and Allen & Overy and exploited the **Citrix bleed security flaw** tracked as CVE-2023-4966 (CVSS score: 9.4).

LockBit’s infrastructure was **dismantled** by the law enforcement authorities in February 2024 as part of Operation Cronos with the seizure of 34 servers and 200 cryptocurrency accounts. Just a week after its seizure, LockBit **reemerged** with new leak sites, but RaaS is unlikely to recover. It claimed Operation Cronos was successful due to its negligence in updating PHP settings.

So far, Authorities have arrested six suspects in connection to LockBit, including Vasiliev, Ruslan Magomedovich Astamirov who was arrested **in June 2023**, two Russian nationals Artur Sungatov and Ivan Kondratyev, alias Bassterlord, and two others **arrested** in Ukraine and Poland.

Vasiliev’s potential extradition is a sign of growing international cooperation in combating cybercrime and serves as a warning to other gangs involved in such activities.

1.  Ragnar Locker Ransomware Dismantled, Key Suspect Arrested
2.  Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested
3.  Operator of Proxy Botnet ‘IPStorm’ Arrested, Pleads Guilty in US
4.  LockBit ransomware blames victim for DDoS attack on its website
5.  Multimillion-Dollar Vishing Scam Busted: Czech-Ukrainian Gang Arrested

LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition

By Deeba Ahmed
Critical security flaws found in ChatGPT plugins expose users to data breaches. Attackers could steal login details and…
This is a post from HackRead.com Read the original post: ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data

Critical security flaws found in ChatGPT plugins expose users to data breaches. Attackers could steal login details and access sensitive data on third-party websites – Update your plugins now and only use extensions from trusted sources to stay safe from AI-driven cyber threats.

Salt Security, a leader in application programming interface (API) security, has discovered critical security vulnerabilities within popular plugins of OpenAI’s AI chatbot **ChatGPT**. These flaws may allow attackers to steal sensitive user data and gain unauthorized access to accounts on third-party websites or data retrieval from **Google Drive**. 

This means ChatGPT plugin functionality, now known as GPTs, could be an attack vector, allowing vulnerabilities to access third-party user accounts, including GitHub repositories, and letting bad actors gain control of an organization’s account on third-party websites and access sensitive data.

For your information, ChatGPT plugins (exclusively accessible for users with a GPT-4 model, requiring a **ChatGPT Plus subscription** for utilization), are designed to enhance the chatbot’s capabilities by enabling it to interact with external services and be applicable across various domains. However, while using ChatGPT plugins, organizations may inadvertently permit them to send sensitive data to third-party websites and access private external accounts. 

****Three Vulnerabilities****

According to Salt Labs **research** shared with Hackread.com ahead of publication on Wednesday, the company discovered three vulnerabilities within ChatGPT plugins.

****First Vulnerability****

The first was within ChatGPT itself, where users are directed to the plugin website to receive a code to be approved. Attackers can exploit this function to deliver users a code approval with a malicious plugin, allowing them to install their credentials on a victim’s account. Any message written in ChatGPT may be forwarded to a plugin and the attacker can then access proprietary information.

****Second Vulnerability****

The second vulnerability was identified in PluginLab, a framework used to develop ChatGPT plugins. Salt Labs found that PluginLab doesn’t implement proper security measures during the installation process, hence, allowing attackers to potentially install malicious plugins without users’ knowledge. 

Since PluginLab did not authenticate user accounts, attackers can insert another user ID and gain a victim’s code, leading to account takeover. One affected plugin, “AskTheCode,” integrates between ChatGPT and GitHub, allowing attackers to access a victim’s account. 

****Third Vulnerability****

Another vulnerability was OAuth redirection manipulation, allowing attackers to send malicious URLs to victims, and steal user credentials. Many ChatGPT plugins request broad permissions to access various websites. This means compromised plugins could potentially steal login credentials or other sensitive data from these third-party websites.

Following responsible disclosure practices, Salt Labs’ researchers collaborated with OpenAI and third-party vendors to promptly address issues before their exploitation in the wild.

This research highlights the growing prevalence of AI and its potential security risks. In January 2024, **Kaspersky discovered over 3,000 dark web posts** where threat actors discussed exploiting AI-powered chatbots like ChatGPT for developing similar tools to conduct cybercrimes.

Recently **published Group-IB’s “Hi-Tech Crime Trends 23/24” report** shows a surge in the use of AI by cybercriminals, particularly for stolen ChatGPT credentials, which can be used to access sensitive corporate data. Over 225,000 infostealer logs containing compromised ChatGPT credentials were detected between January-October 2023.

Therefore, users are advised to carefully review permissions, only install plugins from trusted sources, and regularly update ChatGPT and plugins. Developers should address code execution vulnerabilities to safeguard user data. PluginLab developers should implement robust security measures throughout the plugin development lifecycle.

1.  **OpenAI’s ChatGPT Can Create Polymorphic Malware**
2.  **Malicious Abrax666 AI Chatbot Exposed as Potential Scam**
3.  **Malicious Ads Infiltrate Bing AI Chatbot in Malvertising Attack**
4.  **Following WormGPT, FraudGPT Emerges for AI-Driven Cyber Crime**
5.  **Researcher create polymorphic Blackmamba malware with ChatGPT**

Source

HackRead