Tag Archive for: sensitive

Attention Android users: A malware posing as McAfee security app can steal your sensitive data

/in


New Delhi,UPDATED: Apr 4, 2024 19:00 IST

Security researchers have found that a trojan malware has been posing as the McAfee security app. The malware only affects Android users, and aims to steal personal data like passwords, credit card details, photos, videos, and other sensitive information. This was first reported by Bleeping Computer.

The trojan malware is reportedly a more powerful version of the Vultur malware. Vultur was among the earliest Android banking malware to incorporate screen recording abilities and include functions like keylogging and interacting with a victim’s device screen. Its primary focus was to target banking apps for keylogging and remote control. The discovery of Vultur was initially made by ThreatFabric in late March 2021.

The malware is being circulated via Google Play Store. Apparently, the malware was first distributed on the Android app store in 2022 and has since been active on the platform.

How does the malware work?

The malware pretty much looks like a promotion message for the MacAfee security app, and it is quite easy to fall for. Usually, an Android user will receive an SMS that will claim to have found an unauthorised transaction in your bank account, urging them to call a provided number for assistance.

When you call that number, users will get connected to the scammers, who will send a follow-up SMS with a link to download a malicious version of the McAfee Security app containing the Brunhilda malware dropper.

By installing this fake app, it will gain access to your device’s ‘Accessibility Services’, which will eventually connect it to the malware’s main server. And once that happens, the attackers can access any information on your device remotely.

How to stay safe from such malware?

To ensure you are safe from such malware, never download any app from random links sent to you. Don’t even download apps off browsers. Only download official apps through the Google Play Store. It is also good to always check reviews and ratings of an app before you download it, which can give you a good sense of the authenticity of the app. Also, always pay attention to the developer details of every app before you download it.

Published By:

Nandini…

Source…

Salt Security uncovers security flaws within ChatGPT extensions that allowed access to third-party websites and sensitive data

/in


PALO ALTO, Calif.March 13, 2024 /PRNewswire/ — Salt Security, the leading API security company, today released new threat research from Salt Labs highlighting critical security flaws within ChatGPT plugins, highlighting a new risk for enterprises. Plugins provide AI chatbots like ChatGPT access and permissions to perform tasks on behalf of users within third-party websites. For example, committing code to GitHub repositories or retrieving data from an organization’s Google Drives. These security flaws introduce a new attack vector and could enable bad actors to:

  • Gain control of an organization’s account on third-party websites
  • Allow access to Personal Identifiable Information (PII) and other sensitive user data stored within third-party applications

ChatGPT plugins extend the model’s abilities, allowing the chatbot to interact with external services. The integration of these third-party plugins significantly enhances ChatGPT’s applicability across various domains, from software development and data management to educational and business environments. When organizations leverage such plugins, it subsequently gives ChatGPT permission to send an organization’s sensitive data to a third-party website and allow access to private external accounts. Notably, in November 2023, ChatGPT introduced a new feature, GPTs, a similar concept to plugins. GPTs are custom versions of ChatGPT that any developer can publish, and contain an option called “Action” which connects it with the outside world. GPTs pose similar security risks as plugins.

The Salt Labs team uncovered three different types of vulnerabilities within ChatGPT plugins.

The first of which was noted within ChatGPT itself when users install new plugins. During this process, ChatGPT redirects a user to the plugin website to receive a code to be approved by that individual. When ChatGPT receives the approved code from a user, it automatically installs the plugin and can interact with that plugin on behalf of the user. Salt Labs researchers discovered that an attacker could exploit this function, to deliver users instead a code approval with a new malicious plugin, enabling an attacker to install their credentials on a…

Source…

Courts service “PWNED” in Australia, as hackers steal sensitive recordings of hearings

/in


Hackers are believed to have successfully accessed several weeks’ worth of sensitive video and audio recordings of court hearings, including one made at a children’s court where the identities of minors are supposed to be particularly critical to protect.

The ransomware attack happened on the computer systems of Victoria’s Court Service in Australia, and is believed to have extended from 1 November 2023 until the network compromise was detected nearly two months later on 21 December.

The first that staff knew about the issue was when they were locked out of the PCs in the run-up to Christmas, with messages reading “YOU HAVE BEEN PWNED” appearing on their computer screens.

Media reports describe how staff were directed to instructions that pointed them to the dark web in order to make ransom payments if they did not want stolen data to be published.

Court Services Victoria (CSV) declared to share details of who might be responsible for the cybersecurity breach, but commentators have pointed the finger of suspicion at the Qilin (also known as Agenda) ransomware-as-a-service group.

However, at the time of writing, the latest claimed victim announced on Qilin’s extortion blog is Serbian energy company EPS – reportedly hit by a ransomware attack before Christmas.

In an FAQ published on its website, CSV shared some limited details of its “cyber incident” which saw unauthorized access to its audio-visual in-court technology network, and admitted that it was possible that some hearings before 1 November are also affected – including the children’s court case which was held in October 2023.

Amongst those hit were the the Supreme Court, with recordings from the Court of Appeal, the Criminal Division, the Practice Court, and two regional hearings in November potentially accessed.

“Maintaining security for court users is our highest priority.  Our current efforts are focused on ensuring our systems are safe and making sure we notify people in hearings where recordings may have been accessed,” said CSV CEO Louise Anderson. “We understand this will be unsettling for those who have been part of a hearing.  We recognise and apologise for the distress that this may cause people.”

No other court systems…

Source…

ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem’ Forever

/in


OpenAI didn’t immediately respond to WIRED’s request for comment on the researchers’ findings. When we tried the “repeat ‘poem’ forever” and “repeat ‘book’ forever” prompts ourselves, they didn’t produce training data but instead threw up flags for a potential violation of ChatGPT’s terms of use, suggesting at least some instances of the problem may have been fixed.

In the midst of Israel’s ongoing war with Hamas, US and Israeli government agencies on Friday warned that hackers calling themselves “Cyberav3ngers” but working for Iran’s Revolutionary Guard Corps had breached the networks of multiple US water and wastewater utilities. The breaches, which affected “less than 10” utilities, according to a CNN source, aimed to deface computer screens in the facilities with an anti-Israel message. In each case, the hackers took advantage of vulnerabilities in equipment sold by Unitronics, an Israeli company. “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is Cyberav3ngers legal target,” some of the defaced screens read. While the intrusions appear to have been opportunistic and aimed at sending a message, the ability of a foreign government to gain broad access to US critical infrastructure led the Cybersecurity and Infrastructure Security agency to brief members of Congress on the hacking campaign on Thursday.

In a sprawling bust that spanned multiple Ukrainian cities, at least five key members of a ransomware gang were arrested this week in raids coordinated by Europol along with law enforcement agents from Ukraine, the US, Canada, the Netherlands, and other European countries. The group’s members are accused of deploying multiple ransomware variants including LockerGoga, Hive, MegaCortex, and Dharma. According to Ukrainian police, the gang allegedly did at least $82 million in damage in attacks that encrypted more than a thousand servers on victim networks over the past five years.

In a very different sort of Ukrainian criminal case, Ukrainian law enforcement this week detained Viktor Zhora, the deputy director of the State Special Communications Service of Ukraine, its agency focused on cybersecurity. Zhora, along with the agency’s…

Source…