News – Page 170

Kodi Hacked – Attackers Stole the Forum Database

Posted on 13 April 2023

From gbhackers.com

The Kodi Foundation learned that a dump of the Kodi user forum, MyBB software, was being sold on online forums.

Kodi is a multi-platform, open-source media player, manager, and streaming suite. It supports a wide range of third-party add-ons, which give users access to content from numerous sources and let them personalize their viewing.

A total of 3 million posts were made on the Kodi forum by its 401,000 users, who used it to talk about media streaming, share new add-ons, offer help, and more.

Bitter Group Distributes CHM Malware to Chinese Organizations

Posted on 13 April 2023

From asec.ahnlab.com

The Bitter (T-APT-17) group is a threat group that usually targets South Asian government organizations, using Microsoft Office programs to distribute malware such as Word or Excel. AhnLab Security Emergency response Center (ASEC) has identified multiple circumstances of the group distributing CHM malware to certain Chinese organizations. CHM files have been used by various threat groups in APT attacks since earlier this year and covered multiple times in ASEC blog posts.

The files used in the recent attack were being distributed as attachments to emails as compressed files. The compressed files contain a CHM file with the following filenames.

Don’t plug your phone into a free charging station, warns FBI

Posted on 13 April 2023

From malwarebytes.com

In a recent tweet, the FBI office in Denver warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers with the objective of infecting devices with malware or other software that can give hackers access to your phone, tablet or computer.

“Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead.”

When asked, the FBI’s Denver field office said the message was meant as an advisory, and that there was no specific case that prompted it. The method the FBI is referring to is often referred to as “juice jacking.”

RedLine Stealer Spotted in a New Campaign Leveraging ChatGPT

Posted on 13 April 2023

From cyware.com

The rising popularity of artificial intelligence platforms such as ChatGPT and Google Bard has caught the attention of cybercriminals looking for ways to propagate malware. One such recent attack campaign was found distributing RedLine stealer onto targeted systems.

Infection process

The infection chain starts with hackers purchasing the stealer malware from a dark web forum.

The malware is disguised as free downloads for GhatGPT or Google Bard files, promoted via fake posts on Facebook.
Threat actors leverage compromised Facebook business or community accounts to promote these fake posts.
These posts are designed to appear legitimate and use the buzz around Open AI language models to trick users into downloading files. This ultimately causes the execution of the malware in the final stage.

Newly Discovered “By-Design” Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers

Posted on 12 April 2023

From thehackernews.com

A “by-design flaw” uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code.

“It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access-tokens of higher privilege identities, move laterally, potentially access critical business assets, and execute remote code (RCE),” Orca said in a new report shared with The Hacker News.

The exploitation path that underpins this attack is a mechanism called Shared Key authorization, which is enabled by default on storage accounts.

US opens ChatGPT study, investigates AI regulation

Posted on 12 April 2023

From itp.net

The US government has announced that it is seeking public feedback regarding possible measures to ensure accountability for AI systems, amid concerns about its potential effects on national security and education.

ChatGPT, an AI program that has recently gained notoriety for its rapid response to a variety of inquiries, has specifically drawn the attention of US lawmakers due to its explosive growth and status as the fastest-growing consumer application in history, boasting over 100 million monthly active users.

Protecting crypto investments: 4 key steps to safety

Posted on 12 April 2023

From kaspersky.co.uk

Cryptocurrencies and other blockchain assets aren’t protected by bank guarantees or other “traditional” financial security measures. Therefore, investors need to take every possible precaution to protect themselves. Here are four key tips for storing cryptocurrencies securely and protecting other cryptoassets.