Trans-Northern Pipelines confirms cyberattack
The Canadian pipeline operator disclosed it suffered a cyberattack in November 2023 after the ALPHV ransomware organization listed the firm as a victim on its leak site. Trans-Northern said it knows of the claims and began looking into them specifically. The company characterized the breach as impacting a “limited number of internal computer systems. ALPHV claims it obtained 183 gigabytes of internal documents.
Threat actors using LLMs to improve cyberattacks
Microsoft and OpenAI released a report detailing these efforts, with threat actors seen using ChatGPT and other services to improve scripts, perform research on victims, and refine social engineering approaches. The report found interest in the tools popular across a wide spectrum of threat groups, seen in use by state-affiliated groups from Russia, North Korea, Iran, and China. While the groups continue to experiment with the tools, Microsoft said it didn’t see any “significant attacks” using them yet. Microsoft also warned about future AI-use cases, specifically attacks using AI voice impersonation.
Email provider published internal emails in plain text
Security researcher Brian Krebs detailed that the Securence email service from the regional ISP US Internet Corp published these plain text emails for decades. The security firm Hold Security initially found the exposed emails, available on a public link with over 6,500 domains names. Some domains held emails as far back as 2008. Securence customers included dozens of state and local governments. Within minutes of notification from Krebs, US Internet secured access to the published inboxes. No word on how long the company exposed the trove of email.
FCC requires telco PII disclosures
The US Federal Communications Commission issued new rules requiring telecom and VoIP operators to issue breach notifications to customers when a security incident involves personally identifiable information, its first update to breach disclosure rules since 2007. The FCC defines PII to include names, social security numbers, contact information, and biometrics. Up until now the FCC only required notifications in cases where a breach impacted Customer Proprietary Network Information.
Huge thanks to our sponsor, Vanta
Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization.
Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk.
To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Bumblebee malware returns from the hive
The Bumblebee initial access loader first appeared in March 2022, finding popularity with threat actors for delivering payloads like infostealers and trojans. In October 2023, it dropped off security researchers’ radar. That changed this week, with Proofpoint releasing details on a new Bumblebee campaign underway against US organizations. This new campaign shows a change in tactics, curiously using VBA macro-enabled documents to create a script in a Windows temporary directory. No word on what threat group is behind the campaign.
Meta details efforts against spyware
The company’s quarterly adversary threat report detailed actions taken against eight spyware firms based in Italy, Spain and the United Arab Emirates. These firms created fake profiles to scrape user information, perform social engineering attacks, and attempt to access device information on victims. The report detailed advances these firms use, like more realistic AI generated photos and programmatic interaction behavior designed to look more human. Meta responded with code updates to reduce its threat surface. It also included indicators of spyware activity and other recommendations for government regulators and other platform operators.
Ubuntu package suggestion system open to exploits
Researchers at Aqua Nautilus discovered that the Linux distribution’s “command-not-found” package suggestion system can be gamed to promote malicious packages. This system automatically suggests snap packages to install when a user enters in a command for an uninstalled piece of software. However, threat actors could easily publish malicious apps to the Snap Store to effectively typo squat on this system. This is possible because developers often do not register their apps under common alias typos. Ubuntu does sandbox apps from the SNap Store that are not manually reviewed, the researchers not they still share the same system kernel. The researchers estimate 26% of command commands can be exploited with this approach.
Romance chatbots hoover up personal data
Mozilla’s “Privacy Not Included” project published a report on data usage by 11 AI-powered romance chatbots. Overall it found 10 of the bots reserved the right to sell or share user data for ads, with over half not allowing users to delete data. For context, these bots often encourage users to share secrets and ask for photos and voice recordings. Overall the bots used an average of 2,663 trackers per minute, with the Romantic AI bot skewing that with over 24,000 per minute. Additionally, only one app met Mozilla’s minimum security standards.
(Gizmodo)