This week’s Cyber Security Headlines – Week in Review, January 30-February 3, is hosted by Rich Stroffolino with our guest, David Nolan, VP, Enterprise Risk & Chief Information Security Officer – Aaron’s
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Charter Communications says vendor breach exposed some customer data
Telecommunications company Charter Communications said one of its third-party vendors suffered from a security breach after data from the company showed up on a hacking forum. On Thursday, a forum user posted information allegedly stolen from the company that included names, account numbers, addresses and more for about 550,000 customers. A spokesperson for Charter stated, “at this time, we do not believe that any customer proprietary network information or customer financial data was included,” but did not respond to follow-up questions about what third-party vendor was hacked, when the hack occurred, or when affected customers will be notified.
(The Record)
ChatGPT is now finding, fixing bugs in code
Researchers from Johannes Gutenberg University and University College London have found that ChatGPT can weed out errors with sample code and fix it better than existing programs designed to do the same. They gave 40 pieces of buggy code to four different code-fixing systems. Essentially, they asked ChatGPT: “What’s wrong with this code?” and then copy and pasted it into the chat function. On the first pass, ChatGPT performed about as well as the other systems, solving 19 out of the 40 problems. They discovered that the ability to chat with ChatGPT after receiving the initial answer made the difference, ultimately leading to ChatGPT solving 31 questions, and easily outperforming the others, which provided more static answers.
(PCMag)
KillNet launches German DDoS
Last week, Germany transferred 14 tanks to the Ukranian military. According to Telegram channels monitored by the security firm Cado Security, the threat group Killnet attempted to organize a DDoS campaign against German targets in response. Cado reports attacks against financial institutions, the German customers service, and some law enforcement agencies. The German cybersecurity agency BSI said some websites were temporarily unavailable as a result. It did not see “indications of direct effects on the respective services.” While this DDoS does not seem to have caused significant disruption, it shows how quickly state-affiliated groups can launch cyber attacks in response to geo-political events.
Microsoft grants phishers ‘Verified’ Cloud Partner status
On Tuesday, researchers say that threat actors used “unprecedented sophistication” to obtain “verified publisher” status through the Microsoft Cloud Partner Program (MCPP). Beginning December 6, threat actors began spreading verified malicious OAuth apps to infiltrate the cloud environments of organizations in the UK and Ireland. OAuth is a token-based framework that enables user data sharing between third-party applications, without the need to divulge their login credentials. Victims of the scam were potentially exposed to account takeover, data exfiltration, and business email compromise (BEC). In response to the scam, Microsoft disabled the malicious apps and associated publisher accounts and made improvements to its MCPP vetting process.
Thanks to today’s episode sponsor, Hunters
DocuSign brand impersonation attack targets thousands of users
Researchers have spotted a brand impersonation attack targeting over 10,000 users by mimicking a common DocuSign workflow action. The emails have shown the ability to bypass both Microsoft Office 365 and Proofpoint email protection solutions. While the email sender name closely resembles legit DocuSign communications, the email address and domain show no association to the company which can be hard to spot for those using mobile devices. Upon clicking malicious links within the phishing email, victims are redirected to a fake landing page which exfiltrates their Proofpoint user credentials.
City of London on high alert after ransomware attack
A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. Ion Cleared Derivatives released a brief statement on Tuesday saying that it experienced a “cybersecurity event” that day which affected some of its services. Reports suggest 42 clients have been impacted by the attack on the provider, whose software plays a key role in derivatives trading around the world. It has been linked to the prolific Lockbit group which recently caused major disruption to the Royal Mail.
Watchdog warns that FDIC fails to test banks’ cyberdefenses effectively
The Federal Deposit Insurance Corp. isn’t doing enough to monitor cyber risk effectively at the financial institutions it regulates, according to a federal government watchdog. In a report issued Wednesday, the FDIC’s Office of Inspector General (OIG) identified major deficiencies in the agency’s IT and cyber risk assessment program, which is known as InTREx. In its report, the organization’s watchdog found that information used in InTREx was outdated, and that in some cases agency examiners were not completing tests. In addition, the study found that staff were not being kept abreast of latest cyberthreat updates, and that no training for examiners was offered to reinforce InTREx procedures. According to the OIG, unclear procedures have also led to InTREx examiners failing to file exam work papers properly.
Foreign states already using ChatGPT maliciously, UK IT leaders believe
Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. This according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of respondents see ChatGPT as generally being used for “good” purposes, 72% are concerned by its potential to be used for malicious purposes when it comes to cybersecurity. In fact, almost half (48%) predicted that a successful cyberattack will be credited to the technology within the next 12 months. The findings follow recent research which showed how attackers can use ChatGPT to significantly enhance phishing and business email compromise (BEC) scams.