Pete Recommends – Weekly highlights on cyber security issues, September 2, 2023

Subject: This Tool Lets Hackers Dox Almost Anyone in the US
Source: WIRED

A variety of summaries (not just DOXXING) that point to full-text.

Subject: United Nations: Gangs forcing vulnerable people to commit online crimes

Aug. 29 (UPI) — A growing number of organized criminal gangs are using the Internet to entrap victims, including those who are vulnerable like migrants and refugees, into illegal acts with threats and violence, the United Nations said in a report released Tuesday. The report said desperate and entrapped victims in Southeast Asia are forced by criminals to engage in numerous crimes, from romance-investment scams, to cryptocurrency fraud and gambling. The victims face threats to their safety and are often subjected to torture and cruel, inhuman and degrading treatment or punishment, arbitrary detention, sexual violence and forced labor.

Subject: U.S. Hacks QakBot, Quietly Removes Botnet Infections –
Source: Krebs on Security

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet’s online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computers.

In an international operation announced today dubbed “Duck Hunt,” the U.S. Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) said they obtained court orders to remove Qakbot from infected devices, and to seize servers used to control the botnet.

The DOJ says their access to the botnet’s control panel revealed that Qakbot had been used to infect more than 700,000 machines in the past year alone, including 200,000 systems in the United States.

This entry was posted on Tuesday 29th of August 2023 02:35 PM

Subject: Hacking campaign bruteforces Cisco VPNs to breach networks
Source: BleepingComputer

Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA).Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access….
Related Articles:
Akira ransomware targets Cisco VPNs to breach organizations The Week in Ransomware – June 30th 2023 – Mistaken Identity
Spain warns of LockBit Locker ransomware phishing attacks
LockBit ransomware builder leaked online by “angry developer”
The Week in Ransomware – August 18th 2023 – LockBit on Thin Ice

Subject: When Apps Go Rogue
Source: Schneier on Security

When Apps Go RogueInteresting story of an Apple Macintosh app that went rogue. Basically, it was a good app until one particular update…when it went bad.

With more official macOS features added in 2021 that enabled the “Night Shift” dark mode, the NightOwl app was left forlorn and forgotten on many older Macs. Few of those supposed tens of thousands of users likely noticed when the app they ran in the background of their older Macs was bought by another company, nor when earlier this year that company silently updated the dark mode app so that it hijacked their machines in order to send their IP data through a server network of affected computers, AKA a botnet.


Subject: NCSC Issues Cyber Warning Over AI Chatbots
Source: Infosecurity Magazine

[h/t Sabrina] Organizations have been warned about the cyber risks of large language models (LLMs), including OpenAI’s ChatGPT, by the UK’s National Cyber Security Centre (NCSC).

In a new post, the UK government agency urged caution when building integrations with LLMs into services or businesses. The NCSC said AI chatbots occupy a “blind spot” in our understanding, and the global tech community “doesn’t yet fully understand LLM’s capabilities, weaknesses and (crucially) vulnerabilities. ”The NCSC noted that while LLMs are fundamentally machine learning technologies, they are showing signs of general AI capabilities – something academia and industry are still trying to understand.A major risk highlighted in the blog was prompt injection attacks, in which attackers manipulate the output of LLMs to launch scams or other cyber-attacks. This is because research suggests that LLMs inherently cannot distinguish between an instruction and data provided to help complete the instruction, said the NCSC.This can lead to reputational risk to an organization, such as chatbots being subverted to say upsetting or embarrassing things….

Be Cautious of Latest AI Trends The NCSC also highlighted the risks of incorporating LLMs in the rapidly evolving AI market. Therefore, organizations that build services that user LLM APIs “need to account for the fact that models might change behind the API you’re using (breaking existing prompts), or that a key part of your integrations might cease to exist.”

Subject: Is it safe to charge my phone at a public charging station?
Source: Vox

But “juice jacking” is the decade-old cybersecurity urban legend that just won’t die.

>There’s just one problem: It’s not. The chances that a phone charge will ruin your life aren’t zero, but they are exceedingly slim. There are no known instances of juice jacking happening beyond proof-of-concept demonstrations. The wave of warnings we’re getting now aren’t from actual attacks, but from previous warnings. Juice jacking is a cybersecurity ouroboros that won’t die.

The world was first introduced to juice jacking in 2011 when a demonstration at the hacking and cybersecurity conference DEF CON showed that it was possible. Brian Markus, co-founder of Aries Security, and another researcher named Robert Rowley, saw that USB charging was a potential vulnerability and built a charging station to prove it. They put the kiosk out on the floor and waited to see who would be lured in by its promises of a free and easy battery charge. More than 360 people, many of them experienced hackers and cybersecurity professionals, plugged their dying phones in without thinking twice. When they did, they were greeted with a notice on the kiosk’s screen warning them not to trust random public charging stations.

With that in mind, if you’re inclined to be extra cautious, there are a few easy things you can do to protect yourself.

Subject: X to collect biometric, employment information from paid users

Sept. 1 (UPI) — Social media platform X updated its privacy policy to indicate it will begin collecting biometric and employment information from paid users. The company, formerly known as Twitter, updated the policy Thursday to indicate it would collect unspecified biometric information “for safety, security, and identification purposes,” with the changes set to take effect on Sept. 29. In the past, other companies have used biometrics including fingerprints and facial scans from photos to authenticate users or to protect financial and other sensitive information.

Editor’s Note: Twitter’s new privacy policy also giving them the right to use your posts and all of your data to train Elon Musk’s AI.


Posted in: AI, Cybercrime, Cybersecurity, Legal Research, Privacy, Social Media