Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.

Source: Shahid Jamil via Alamy Stock Photo

Apple has released security updates to address two zero-day vulnerabilities that are under active exploitation in the wild.

The bugs, tracked as CVE-2024-44308 (CVSS 6.8) and CVE-2024-44309 (CVSS 4.3), are, respectively, a vulnerability in JavaScriptCore that could lead to arbitrary code execution; and a cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack while processing malicious Web content.

The bugs affect Apple's iOS, iPadOS, macOS, visionOS, and the Safari Web browser; the company reports that it has addressed them with better checks and improved state management.

Clément Lecigne and Benoît Sevens at Google's Threat Analysis Group (TAG) first discovered and reported the vulnerabilities and, as is customary for the company, Apple did not provide any additional details of reported attacks nor did it offer indicators of compromise (IoCs).

"Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems," Apple stated its advisory for both zero-days, the lone piece of information regarding in-the-wild exploitation attempts.

Those using affected Apple ecosystem products should update to iOS 18.1.1, macOS Sequoia 15.1.1, and  iOS 17.7.2 as soon as possible to avoid compromise.

**About the Author**

Apple Urgently Patches Actively Exploited Zero-Days

Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.

The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can.

To check if you’re using the latest software version, go to **Settings > General > Software Update**. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

To determine whether your Mac is Intel-based or equipped with Apple silicon, follow these simple steps:

*   Click the Apple icon in the top-left corner of your screen.
*   Select **About This Mac**.
*   Check the information:
    
    *   If you see an item labeled Chip, your Mac has Apple silicon (like M1, M2, or M3).
    
    *   If you see an item labeled Processor, it indicates that your Mac is Intel-based, and the specific Intel processor name will be listed next to it.

**Technical details**

Because Apple does not share details until everyone has had a chance to update, it is hard to figure out what the exact problem is. But there are some things we can deduct from the given information.

The vulnerabilities that Apple says may have been actively exploited on Intel-based Mac systems are:

CVE-2024-44308: a vulnerability in the JavaScriptCore component. Processing maliciously crafted web content may lead to arbitrary code execution. This means that an attacker will have to trick a victim into opening a malicious file containing web content.

JavaScriptCore is the built-in JavaScript engine for WebKit that enables cross-platform development by providing a way to execute JavaScript within native iOS and macOS applications.

CVE-2024-44309: a cookie management issue in the WebKit component was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross-site scripting attack.

**We don’t just report on macOS security—we provide it.**

Cybersecurity risks should never spread beyond a headline. Keep threats off your Mac by downloading Malwarebytes for Mac today.

 Update now! Apple confirms vulnerabilities are already being exploited 

Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale.
The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.
"Criminals can now misuse Google Pay and Apple

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

AI-generated influencers based on stolen images of real-life adult content creators are flooding social media.

Instagram is flooded with hundreds of AI-generated influencers who are stealing videos from real models and adult content creators, giving them AI-generated faces, and monetizing their bodies with links to dating sites, Patreon, OnlyFans competitors, and various AI apps.

The practice, first reported by 404 Media in April, has since exploded in popularity, showing that Instagram is unable or unwilling to stop the flood of AI-generated content on its platform and protect the human creators on Instagram who say they are now competing with AI content in a way that is impacting their ability to make a living.

According to our review of more than 1,000 AI-generated Instagram accounts, Discord channels where the people who make this content share tips and discuss strategy, and several guides that explain how to make money by “AI pimping,” it is now trivially easy to make these accounts and monetize them using an assortment of off-the-shelf AI tools and apps. Some of these apps are hosted on the Apple App and Google Play Stores. Our investigation shows that what was once a niche problem on the platform has industrialized in scale, and it shows what social media may become in the near future: a space where AI-generated content eclipses that of humans.

Elaina St James, an adult content creator who promotes her work on Instagram, said she and other adult content creators are now directly competing with these AI rip-off accounts, many of which use photographs and videos stolen from adult content creators and Instagram models. She said that while there may be other changes to Instagram’s algorithm that could have contributed to this, since the explosion of AI-generated influencer accounts on Instagram her “reach went down tremendously,” from a typical 1 million to 5 million views a month to not cracking a million in the last 10 months, and sometimes coming in under 500,000 views.

“This is probably one of the reasons my views are going down,” St James told us in an interview. “It's because I'm competing with something that's unnatural.”

Alexios Mantzarlis, the director of the security, trust, and safety initiative at Cornell Tech and formerly principal of trust and safety intelligence at Google, compiled a list of around 900 accounts that 404 Media reviewed in its investigation. Mantzarlis, who stumbled on one of these accounts while casually using Instagram, said he started researching the AI-generated influencer accounts because it might show us where AI-generated content is taking social media and the internet more broadly, where he sees a “a rising blended unreality.” Mantzarlis believes he could have easily found 900 more accounts and that the only reason he didn’t get more is that Instagram restricted the account he used to scrape the platform.

“It felt like a possible sign of what social media is going to look like in five years,” Mantzarlis said in an interview. “Because this may be coming to other parts of the internet, not just the attractive-people niche on Instagram. This is probably a sign that it's going to be pretty bad.”

**The Accounts**

Out of more than 1,000 AI-generated Instagram influencer accounts we reviewed, 100 included at least some deepfake content which took existing videos, usually from models and adult entertainment performers, and replaced their face with an AI-generated face to make those videos seem like new, original content consistent with the other AI-generated images and videos shared by the AI-generated influencer. The other 900 accounts shared images that in some cases were trained on real photographs and in some cases made to look like celebrities, but were entirely AI-generated, not edited photographs or videos.

Out of those 100 accounts that shared deepfake or face-swapped videos, 60 self-identify as being AI-generated, writing in their bios that they are a “virtual model & influencer” or stating “all photos crafted with AI and apps.” The other 40 do not include any disclaimer stating that they are AI-generated.

One of the bigger accounts in the latter category is “Chloe Johnson,” who has a verified account on Instagram and 171,000 followers. This account was deleted by Meta within the past few weeks.

Inside the Booming ‘AI Pimping’ Industry

Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors.

Source: CG Alex via Shutterstock

Every night for five years, computers and network appliances from the headquarters of the African Union in Ethiopia — a facility built by Chinese firms — reportedly reached out to China-based systems and uploaded sensitive data. The espionage through the technology supply chain, which China's government denies, undermined the security of the pan-African organization.

The incident and more recent supply-chain breaches have underscored that reliance on foreign technological supply chains carries with it significant risks. While using a technology supply chain anchored in China was seen as a less constrained option than US and European options, the truth is that African nations need to evaluate the security of all their supply chains across applications, consumer devices, infrastructure, and service providers, according to a report published by the Africa Center for Strategic Studies, a research and academic center funded by the US Department of Defense.

"I don't think there's an African country that doesn't have some kind of interest in fostering a more robust technology industry and finding various ways to exert more ownership and agency over various aspects of the technology sector," says Nate Allen, associate professor at the Africa Center for Strategic Studies and the author of the report. "You are seeing increasing African interest in having more ownership and say over their technology supply chains."

Supply-chain security has become a major issue worldwide following malicious events, such as the WannaCry and NotPetya worms and the compromise of SolarWinds, as well as IT supply-chain failures, like this summer's CrowdStrike outage. The US government has voiced concerns over the extent to which US maritime ports are reliant on Chinese equipment and investment, and China has begun creating its own operating system and software ecosystem.

Similarly, African nations have become wary of information technology supplied by any number of foreign countries, including China, Russia, the US, and Europe. While African nations need the technology and investment, they are pursuing initiatives to reduce their reliance, says Mark Walker, vice president of data and analytics for the Middle East, Turkey, and Africa for IDC South Africa.

"The reality is that we live in a multidimensional, globally interconnected world, \[where\] development is reliant on significant capital investment and R&D to develop technology — often this is in limited supply across Africa," he says. "That said, many African nations are focusing on developing local software and technology skills in their populations to offset reliance on global players and also ensure that solutions are relevant to local market condition and needs. Education plays a significant role in this."

**China, US Dominate Africa's Tech Market**

Those efforts are still nascent, with the reality that the top technology suppliers in Africa come from China and the US. In mobile applications, for example, 36 of 2023's top-100 applications are from Chinese companies, while 23 are from US companies, according to a report from DataSparkle, a provider of data and analytics for emerging markets. Africa-based developers only account for only seven applications, mostly focused on digital cash and payment applications.

The US dominates the operating-system supply chain with Microsoft's Windows, Google's Android, and Apple's iOS dominating the field.

"If you're not China and you're not the United States, you just have a lot of dependencies in your technology supply chain, and there's no way around it — even to some extent, if you are China and the United States," ACSS's Allen says.

Yet, the 54 nations on the content have options. While foreign firms provide much of the technology, the African market continues to grow and the domestic technology sector continues to have the most insight into nation-by-nation needs.

"\[A\] detailed view of Africa’s technology sector reveals that it is not under the control of any one actor, and there are plenty of opportunities for Africans to assert agency," the ACSS report stated. "By further fostering diversity and competition within the tech sector, African governments can help mitigate the vulnerabilities that come from external actor influence."

**Future of Technology Supply Chains in Africa**

Companies entering the market should find ways to address the cybersecurity concerns of African customers, because if they don't, someone else will, says IDC South Africa's Walker.

"Competition is strong, and vendors are judged on their ability to supply relevant technologies and services at a fair price with solid \[local\] support structures," he says, adding that companies should understand "the local market dynamics, including economic and political realities and the local regulatory environments. Security issues faced in the Horn of Africa around Somalia are different to those faced in northern Nigeria and the Magreb, which again, differ significantly from southeast Africa."

Among incidents in Africa, Chinese hackers targeted Kenyan officials following the nation's trouble paying back loans from China, according to news reports published in 2023, while another incident involved a state-sponsored group targeting foreign-affairs ministries, embassies, and military forces in Africa in an operation dubbed Diplomatic Specter, according to a threat analysis published in May.

In addition, African officials have warned that an important technology supply chain for the continent — open-source software (OSS) — needs to be better secured to prevent malicious attacks.

"I don't think that Africans are naive, or any government around the world is naive — I think they know that, if you are being sold a technology product that is not domestically produced, then there's always going to be some kind of security risk there," says ACSS's Allen. "I think the question is, how can you mitigate that security risk?"

Companies working in the markets need to have an answer to that question, he says.

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

African Reliance on Foreign Suppliers Boosts Insecurity Concerns

Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.
The flaws are listed below -

CVE-2024-44308 - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content
CVE-2024-44309 - A cookie management vulnerability in

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Freshly released court documents reveal new details on controversial Israeli spyware firm's operations.

Source: Shubham singh 007 via Shutterstock

Israel's NSO Group may know a lot more about how customers use its Pegasus commercial spyware product than the company has let on, newly released court documents connected to a legal dispute with Meta's WhatsApp suggest.

In fact, NSO Group installed and operated the spyware on behalf of its customers, making the company directly liable for the spyware's use, WhatsApp lawyers said in one court filing, released Nov. 14 in the US District Court for the Northern District of California.

The court documents are part of a lawsuit that WhatsApp filed against NSO Group in October 2019 after discovering the Israeli firm had used WhatsApp servers to distribute Pegasus to some 1,400 mobile phones, including those belonging to journalists and rights activists.

The lawyers also claimed that NSO Group repeatedly developed and used exploits for abusing WhatsApp's servers to install Pegasus on target devices, including at least once after WhatsApp had sued the company over the issue.

**NSO 'Solely Responsible'**

"NSO is solely responsible for Pegasus’s unauthorized access to WhatsApp's servers," the social media giant noted in one briefing. "Despite what NSO has claimed, its customers had a minimal role in how the spyware tool operated or collected information. All that NSO Group customers typically had to do was enter their target's phone number, press install and wait for the malware to install on the target device without any further interaction," they noted.

Related:Trustwave-Cybereason Merger Boosts MDR Portfolio

"In other words, the customer simply places an order for a target device's data, and NSO controls every aspect of the data retrieval and delivery process through its design of Pegasus," WhatsApp's lawyers said. The company, in fact, was so aware of how customers were using its malware that it actually disconnected service to 10 customers for excessive abuse, the lawyers claimed.

**Controversial Surveillance Software**

Pegasus is a controversial mobile spyware designed to secretly monitor and extract data from iOS and Android smartphones. Once installed, Pegasus can intercept messages, emails, media, and passwords, and track location data, all while evading detection by antivirus software. NSO Group claims to sell the technology solely to authorized government agencies for legitimate law enforcement, crime-fighting, and anti-terror purposes. But critics argue that the tool has been misused, particularly in authoritarian regimes, to target journalists, human rights activists, political dissidents, and others critical of the government.  

Related:Xiphera & Crypto Quantique Announce Partnership

A 2021 database leak revealed that NSO Group customers had, at the time, targeted more than 50,000 phone numbers for surveillance in countries like Mexico, Hungary, and India. The US government formally blacklisted the company in 2021, meaning its ability to operate in the US or do business with US entities abroad is severely restricted.

The NSO Group has tried to get US courts to dismiss WhatsApp's lawsuit against the company, citing, among other things, a lack of jurisdiction and the fact that its clients are mostly governments and therefore are not doing anything illegal. WhatsApp lawyers have sought to portray NSO Group as indeed being liable for Pegasus by attempting to tie the vendor more directly to customer use of the spyware tool.

In the newly released court documents, WhatsApp has alleged that NSO Group repeatedly and deliberated worked around the mechanisms the company put in place to prevent misuse of the secure messaging platform. One of them was a modified WhatsApp client app called the WhatsApp Installation Server (WIS) that could access WhatsApp's back-end servers in ways its own client software could not. NSO Group then developed tools named Heaven and Eden to interact with WIS in such a way as to trigger Pegasus downloads on target phones via WhatsApp. The company developed Eden after WhatsApp discovered Heaven and put up blocks against it. When WhatsApp engineers discovered Eden, NSO developed and used yet another tool, called Erised, through 2020, or after WhatsApp had filed its lawsuit.

Related:North Korea's Andariel Pivots to 'Play' Ransomware Games

The WhatsApp lawsuit is one of several that NSO Group is currently battling in courts worldwide from organizations and individuals impacted by the malware. In September, Apple sought voluntary dismissal of a 2021 lawsuit it had filed against NSO Group, citing concerns over the company having to share information with the court that other spyware makers could abuse going forward.

Back when the lawsuit was filed, the NSO Group was among a handful of known purveyors of such mobile spyware software. Since then, there has been a sharp increase in the number of commercial spyware vendors, driven largely by demand from government agencies. A Google report earlier this year identified spyware vendors like NSO Group as being responsible for nearly half of all zero-day exploits it counted between mid-2014 and December 2023.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

The tangle of user-built tools is formidable to manage, but it can lead to a greater understanding of real-world business needs.

Source: Martin Harvey via Alamy Stock Photo

COMMENTARY

Shadow IT is what your business runs on while waiting for IT to provide an enterprise solution. It's your sales team buying licenses to an obscure software-as-a-service (SaaS) because it helps them get the job done. Or it's your finance team using an unapproved tool because the approved one is too clunky. Sometimes shadow IT exists specifically to bypass an overly annoying security mechanism — figuring out a way to forward business emails to your personal Gmail account because it's easier to view on mobile, for example.

You might hope shadow IT is a problem only for large enterprises, too big to centrally manage. My experience running a small startup suggests otherwise. We agonized over our choice of a productivity tools suite — considering pros and cons and balancing user experience with governability. And people are happy to use our tool of choice; they just also use other tools in parallel. We run on Google Workspace, but many of our employees use Office because they're used to it. We use Google Drive for file sharing, but we quickly learned some people prefer iCloud.

People's personal preferences play a significant role here. They want to get their jobs done, not worry about learning a new tool. Platforms make this tendency even worse. Many try to get you to use and rely on them for a long time before asking for added licensing. Consider local file saves on Windows or Mac. By default, every local file save actually gets saved in a directory backed up into Microsoft's or Apple's cloud.

A large enterprise might have more mature security controls to prevent use of unauthorized software, but it also has much more variety in the software people would like to use. The sheer size of an enterprise and the independence of different business units exacerbate the software spread even further. The standard industry security practice for controlling software usage combines bringing in security on every license purchase and restricting software and SaaS usage on the endpoint. While those tactics are useful, they are limited in scope. Paying out of pocket, which some users will do to get the software they want, bypasses enterprise procurement.

**Approved Apps Lead to Building Unapproved Apps**

Expanding the use of existing platforms into new and unapproved feature sets is even more pervasive. Did you purchase Office 365 for productivity or Salesforce for your sales reps? Congrats. You've now empowered your business users to build their own apps with the no-code/low-code platform bundled in. Unapproved uses of enterprise platforms also bypass SaaS usage controls. Enterprises can't block access to Microsoft or Salesforce, but through them users can send corporate data to unapproved systems.

With each new discovery of an unapproved system, the security team can either try to block it or bring it under their umbrella. Either way, it's an endless game of whack-a-mole. Some tools can help with this discovery, but they often lack context about how these systems are used and which are actually important to business functions.

What if we could ask every business user what systems they use in their day-to-day, regardless of corporate policies? And ask which of those are truly vital for the business? That could give us the ultimate list: a full mapping of shadow IT, coupled with its business importance. Unfortunately, that doesn't work — simply asking people likely won't result in a full list, and what end users find vital may be different from what management does.

**User-Built Tools Expose Shadow IT Network**

Enter citizen development, in which business users leverage low-code/no-code tools to streamline their processes, analyze their data, and build custom business applications for their use cases. To be relevant, these apps must connect to the data and processes that the business uses in practice. A citizen developer is not going to call IT to integrate their app with the approved corporate service; instead, they'll connect directly to what we call shadow IT.

Here's an example. Consider a sales team using an unapproved tool for lead tracking. To sync it with the approved CRM, they use no-code automation. By finding automations that connect to the CRM and following the data flow, we can easily find the unapproved tool and what type of data it holds.

Embracing citizen development can leave security teams at a much better spot — having visibility into what software the business actually runs on — if used right.

That "if" is very important. Citizen development introduces its fair share of security risks, which must be mitigated to avoid adverse effects. But by embracing citizen development, we're letting business users codify what used to be a copy-paste data integration. Following these processes will lead us directly to the most important elements of shadow IT.

**About the Author**

CTO & Co-Founder, Zenity

Michael Bargury is an industry expert in cybersecurity focused on cloud security, SaaS security, and AppSec. Michael is the CTO and co-founder of Zenity.io, a startup that enables security governance for low-code/no-code enterprise applications without disrupting business. Prior to Zenity, Michael was a senior architect at Microsoft Cloud Security CTO Office, where he founded and headed security product efforts for IoT, APIs, IaC, Dynamics, and confidential computing. Michael holds 15 patents in the field of cybersecurity and a BSc in Mathematics and Computer Science from Tel Aviv University. Michael is leading the OWASP community effort on low-code/no-code security.

To Map Shadow IT, Follow Citizen Developers

Plus: An “AI granny” is wasting scammers’ time, a lawsuit goes after spyware-maker NSO Group’s executives, and North Korea–linked hackers take a crack at macOS malware.

In perhaps the most adorable hacker story of the year, a trio of technologists in India found an innovative way to circumvent Apple’s location restrictions on AirPod Pro 2s so they could enable the earbuds’ hearing aid feature for their grandmas. The hack involved a homemade Faraday cage, a microwave, and a lot of trial and error.

On the other end of the tech-advancements spectrum, the US military is currently testing an AI-enabled machine gun that is capable of auto-targeting swarms of drones. The Bullfrog, built by Allen Control Systems, is one of several advanced weapons technologies in the works to combat the growing threat of cheap, small drones on the battlefield.

The US Department of Justice announced this week that an 18-year-old from California has admitted to making or orchestrating more than 375 swatting attacks across the United States.

Then, of course, there’s the Donald Trump of it all. This week, we published a practical guide to protecting yourself from government surveillance. WIRED has covered the dangers of government surveillance for decades, of course. But when the president-elect is explicitly threatening to jail his political enemies—whoever that may be—now’s probably a good time to brush up on your digital best practices.

In addition to potential dragnet surveillance of US citizens, US Immigration and Customs Enforcement started ramping up its surveillance arsenal the day after Trump won reelection. Meanwhile, experts are expecting the incoming administration to roll back cybersecurity rules instituted under president Joe Biden while taking a harder line against adversarial state-sponsored hackers. And if all this political upheaval has you in the mood to protest, beware: An investigation copublished by WIRED and The Marshall Project found that mask bans instituted in several states add a complicated new layer to exercising freedom of speech.

And that’s not all. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

In August 2016, approximately 120,000 bitcoin—at the time worth around $71 million—were stolen in a hack on the Bitfinex cryptocurrency exchange. Then in 2022, as the value of cryptocurrency had rocketed skywards, law enforcement officials in New York arrested husband and wife Ilya Lichtenstein and Heather Morgan in relation to the hack and laundering the much-inflated $4.5 billion of stolen cryptocurrency. (At the time, $3.6 billion of the funds were recouped by law enforcement investigators.)

This week, after pleading guilty in 2023, Lichtenstein was sentenced to five years of jail time for conducting the hack and laundering the profits. With subsequent cryptocurrency spikes and additional seizures related to the hack, the US government has now been able to recover more than $10 billion in assets. A series of operational security failures by Lichtenstein made much of the illicit cryptocurrency easy for officials to seize, but investigators also applied sophisticated crypto-tracing methods to unpick how the funds had been stolen and subsequently moved around.

Aside from the brazen scale of the heist, Lichtenstein and Morgan gained online prominence and ridicule after their arrests due to a series of Forbes articles written by Morgan and rap videos posted to YouTube under the name of “Razzlekhan.” Morgan, who also pleaded guilty, is due to be sentenced on November 18.

**An ‘AI Granny’ Is Wasting Phone Scammers’ Time**

Scammers are increasingly adopting AI as part of their criminal toolkits—using the technology to create deepfakes, translate scripts, and make their operations more efficient. But artificial intelligence is also being turned against the scammers. British telecoms firm Virgin Media and its mobile operator O2 have created a new “AI granny” that can answer phone calls from scammers and keep them talking. The system uses different AI models, according to The Register, that listen to what a scammer says and respond immediately. In one case, the company says it kept a scammer on the line for 40 minutes and has fed others fake personal information. Unfortunately, the system (at least at the moment) can’t directly answer calls made to your phone; instead, O2 created a specific phone number for the system, which the company says it has managed to get placed in lists of numbers that scammers call.

**Alleged NSO Group Spyware Victim Adds NSO Founders and Executive to Lawsuit**

In a new legal strategy for those attempting to hold commercial spyware vendors responsible, lawyer Andreu Van den Eynde, who was allegedly hacked with NSO Group spyware, is directly accusing two of the company’s founders, Omri Lavie and Shalev Hulio, and one of its executives, Yuval Somekh, of hacking crimes in a lawsuit. The Barcelona-based human rights nonprofit Iridia announced this week that it filed the complaint in a Catalan court. Van den Eynde was reportedly a victim of a hacking campaign that used NSO’s notorious Pegasus spyware against at least 65 Catalans. Van den Eynde and Iridia originally sued NSO Group in a Barcelona court in 2022 along with affiliates Osy Technologies and Q Cyber Technologies. “The people responsible for NSO Group have to explain their concrete activities,” a legal representative for Iridia and Van den Eynde wrote in the complaint, which was written in Catalan and translated by TechCrunch.

**North Korea-Backed Hackers Are Exploring New macOS Malware**

Research published this week by the mobile device management firm Jamf found that hackers who have been linked to North Korea have been working to implant malware inside macOS applications built with a particular open-source software development kit. The campaigns focused on cryptocurrency-related targets and involved infrastructure similar to systems that have been used by North Korea’s notorious Lazarus Group. It’s unclear if the activity resulted in actual victim compromise or if it was still in a testing phase.

Financially motivated and state-backed hackers have less occasion to use malware targeting Apple’s Mac computers than hacking tools that infect Microsoft Windows or Linux desktops and servers. So when Mac malware crops up, it’s typically a niche point, but it can also be a revealing indicator of trends and priorities among hackers.

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist

According to Mozilla, users have a lot more power to manipulate ChatGPT than they might realize. OpenAI hopes those manipulations remain within a clearly delineated sandbox.

Source: mundissima via Alamy Stock Photo

ChatGPT exposes significant data pertaining to its instructions, history, and the files it runs on, placing public GPTs at risk of sensitive data exposure, and raising questions about OpenAI's security on the whole.

The world's leading AI chatbot is more malleable and multifunctional than most people realize. With some specific prompt engineering, users can execute commands almost like one would in a shell, upload and manage files as they would in an operating system, and access the inner workings of the large language model (LLM) it runs on: the data, instructions, and configurations that influence its outputs.

OpenAI argues that this is all by design, but Marco Figueroa, a generative AI (GenAI) bug-bounty programs manager at Mozilla who has uncovered prompt-injection concerns before in ChatGPT, disagrees.

"They're not documented features," he says. "I think this is a pure design flaw. It's a matter of time until something happens, and some zero-day is found," by virtue of the data leakage.

**Prompt Injection: What ChatGPT Will Tell You**

Figueroa didn't set out to expose the guts of ChatGPT. "I wanted to refactor some Python code, and I stumbled upon this," he recalls. When he asked the model to refactor his code, it returned an unexpected response: directory not found. "That's odd, right? It's like a \[glitch in\] the Matrix."

Related:Microsoft Pulls Exchange Patches Amid Mail Flow Issues

Was ChatGPT processing his request using more than just its general understanding of programming? Was there some kind of file system hidden underneath it? After some brainstorming, he thought of a follow-up prompt that might help elucidate the matter: "list files /", an English translation of the Linux command "ls /".

In response, ChatGPT provided a list of its files and directories: common Linux ones like "bin", "dev", "tmp", "sys", etc. Evidently, Figueroa says, ChatGPT runs on the Linux distribution "Debian Bookworm," within a containerized environment.

By probing the bot's internal file system — and in particular, the directory "/home/sandbox/.openai\_internal/" — he discovered that besides just observing, he could also upload files, verify their location, move them around, and execute them.

**OpenAI Access: Feature or Flaw?**

In a certain light, all of this added visibility and functionality is a positive — offering even more ways for users to customize and level up how they use ChatGPT, and enhancing OpenAI's reputation for transparency and trustworthiness.

Indeed, the risk that a user could really do anything malicious here — say, upload and execute a malicious Python script — is softened by the fact that ChatGPT runs in a sandboxed environment. Anything a user can do will, in theory, be limited only to their specific environment, strictly cordoned off from any of OpenAI's broader infrastructure and most sensitive data.

Related:Trump 2.0 May Mean Fewer Cybersecurity Regs, Shift in Threats

Figueroa warns, though, that the extent of information ChatGPT leaks via prompt injection might one day help hackers find zero-day vulnerabilities, and break out of their sandboxes. "The reason why I stumbled onto everything I did was because of an error. This is what hackers do \[to find bugs\]," he says. And if trial and error doesn't work for them, he adds, "the LLM could assist you in figuring out how to get through it."

In an email to Dark Reading, a representative of OpenAI reaffirmed that it does not consider any of this a vulnerability, or otherwise unexpected behavior, and claimed that there were "technical inaccuracies" in Figueroa's research. Dark Reading has followed up for more specific information.

**The More Immediate Risk: Reverse-Engineering**

There is one risk here, however, that isn't so abstract.

Besides standard Linux files, ChatGPT also allows its users to access and extract much more actionable information. With the right prompts, they can unearth its internal instructions — the rules and guidelines that shape the model's behavior. And even deeper down, they can access its knowledge data: the foundational structure and guidelines that define how the model "thinks," and interacts with users.

Related:Cloud Ransomware Flexes Fresh Scripts Against Web Apps

On one hand, users might be grateful to have such a clear view into how ChatGPT operates, including how it handles safety and ethical concerns. On the other hand, this insight could potentially help bad actors reverse engineer those guardrails, and better engineer malicious prompts.

Worse still is what this means for the millions of custom GPTs available in the ChatGPT store today. Users have designed custom ChatGPT models with focuses in programming, security, research, and more, and the instructions and data that gives them their particular flavor is accessible to anyone who feeds them the right prompts.

"People have put secure data and information from their organizations into these GPTs, thinking it's not available to everyone. I think that is an issue, because it's not explicitly clear that your data potentially could be accessed," Figueroa says.

In an email to Dark Reading, an OpenAI representative pointed to GPT Builder documentation, which warns developers about the risk: "Don't include information you do not want the user to know" it reads, and flags its user interface, which warns, "if you upload files under Knowledge, conversations with your GPT may include file contents. Files can be downloaded when Code Interpreter is enabled."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Tag

#apple