ChatGPT data leak and Gmail message theft by North Korean hackers
ChatGPT suffers data leak due to an open-source bug, North Korean hackers steal Gmail emails via Chrome extensions and the Nexus Android malware. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. OpenAI says an open-source bug leaked ChatGPT user data
OpenAI has disclosed that a bug in the Redis open-source library caused the exposure of personal information of some users of its ChatGPT service. The bug allowed certain users to see descriptions of other users' conversations, prompting the temporary closure of the chatbot. OpenAI noted that the glitch originated in the redis-py library, causing connections to be corrupted and return unexpected data from the database cache. While the issue has been resolved, the company stated that it may have exposed payment-related information of 1.2% of ChatGPT Plus subscribers.
2. North Korean Hackers stealing Gmail messages via Chrome extensions
North Korean hacking group Kimsuky (aka Thallium or Velvet Chollima) is using malicious Chrome extensions to steal Gmail emails from targets, including government agencies, journalists and politicians. The group, known for targeting South Korean companies, has been expanding its operations globally. A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea has warned of Kimsuky's use of a Chrome extension named 'AF', which intercepts and sends stolen email content to the attacker's relay server. The advisory cautions that while the current campaign targets South Korea, Kimsuky's methods can be used worldwide.
3. Procter & Gamble confirms GoAnywhere zero-day exploit
Consumer goods giant Procter & Gamble (P&G) has confirmed that it was one of many companies affected by the Fortra GoAnywhere vulnerability. The company revealed that the attackers obtained “some information” about its employees, but no customer data was affected. The disclosure followed the claim by ransomware group Cl0p that it had successfully targeted P&G along with other high-profile firms. Cl0p cited the Fortra vulnerability as being key to the campaign, with experts suggesting the gang’s openness about the issue may point to the tool being obsolete.
4. Customers of over 400 financial institutions targeted by Nexus Android malware
In a new threat to mobile banking and cryptocurrency applications, malware called "Nexus" is being used to target customers of 450 banks and cryptocurrency services globally. This Android trojan contains multiple features for account hijacking and siphoning funds out of accounts. Cleafy, an Italian cybersecurity firm, first discovered Nexus last year but identified it as a Sova variant. However, the malware has since evolved and emerged on hacking forums with new functionalities. The malware authors have launched a malware-as-a-service program for other threat actors to rent or subscribe to Nexus.
5. Emotet phishing campaign targets U.S. taxpayers with fake W-9 forms
A new phishing campaign using the notorious Emotet malware is targeting taxpayers in the U.S.. The hackers are impersonating the Internal Revenue Service (IRS) and companies that taxpayers work with, using fake W-9 tax forms as bait. Emotet has in the past been distributed via Microsoft Word and Excel documents with malicious macros, but after Microsoft blocked macros by default, the malware now uses Microsoft OneNote files with embedded scripts to install. Once Emotet is installed, it can steal victims' emails, send spam emails and install other malware. The malware is timed to coincide with the U.S. tax season.
Phishing simulations & training