Hackers target Japanese politicians with new MirrorStealer malware
A hacking group tracked as MirrorFace had been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named ‘MirrorStealer.’ The campaign was discovered by ESET, whose analysts report they could piece together evidence thanks to operational mistakes made by the hackers that left traces behind. The hackers deployed the new information-stealing malware along with the group’s signature backdoor, LODEINFO, which communicated with a C2 server known to belong to APT10 infrastructure.
Crooks use HTML smuggling to spread QBot malware via SVG files
Researchers at Talos have uncovered a phishing campaign that distributes QBot malware using a technique that leverages Scalable Vector Graphics (SVG) images embedded in HTML email attachments. HTML smuggling as it is known, is a highly evasive technique for malware delivery that leverages legitimate HTML5 and JavaScript features. Malicious payloads are delivered via encoded strings in an HTML attachment or webpage, and the malicious HTML code is generated within the browser on the target device which is already inside the security perimeter of the victim’s network.
FBI charges 6, seizes domains linked to DDoS-for-hire service platforms
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 48 domains that offered to perform distributed denial-of-service (DDoS) attacks on behalf of other threat actors, effectively lowering the barrier to entry for malicious activity. The six defendants have been charged with running various booter (or stresser) services, as well as violating the computer fraud and abuse act. These websites, although claimed to provide testing services to assess the resilience of a paying customer’s web infrastructure, and are believed to have targeted several victims in the U.S. and elsewhere, such as educational institutions, government agencies, and gaming platforms.
LEGO BrickLink bugs let hackers hijack accounts, breach servers
Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Group’s official second-hand and vintage marketplace for LEGO bricks. BrickLink is the world’s largest online community of LEGO fans, with over a million registered members. Two API security issues discovered by Salt Security could have allowed an attacker to take over members’ accounts, access and steal personally identifiable information (PII) stored on the platform, or even gain access to internal production data and compromise internal servers. The first one is a cross-site scripting (XSS) flaw in the “Find Username” dialog box of the coupon search section, the second flaw was located on the “Upload to Wanted List” page, where users can upload XML lists containing LEGO parts they wish to find and purchase.
Thanks to this week’s episode sponsor, Fortra
Microsoft’s EU data boundary plan to take effect January 1
Following up on a story we brought you yesterday, Microsoft on Thursday said it will begin rolling out the first phase of its European Union data boundary plan from January 1, 2023 that’ll allow customers to store and process their customer data within the EU. The move comes two days after the EU commission said it had officially begun the process of approving the EU-US Data Privacy Framework. Under the first phase of the plan, companies that use Microsoft products and services will be able to store and process their customer data within the EU. Microsoft has included Azure, Power BI, Dynamics 365 and Office 365 under the first phase.
NSA says Chinese hackers are actively attacking Citrix flaw
Following up on a story we brought you in Wednesday’s “You Should Probably Patch That” feature, the NSA said on Tuesday that it believes a Chinese hacking crew known as APT5 “has demonstrated capabilities” against an application delivery controller made by Citrix. Citrix released an emergency patch to fix the vulnerability on Monday and said that “exploits of this issue on unmitigated appliances in the wild have been reported.” The NSA has historically preferred to monitor such attacks rather than publicizing them, but in recent years it has grown more proactive in sharing intelligence on attackers such as APT5. Of special note in this story, Allan Liska, an intelligence analyst at Recorded Future said, “Combined with the recent Fortinet vulnerability it could make for a lousy Christmas. The two are equally bad in terms of being remote code execution and pre-auth. They are also both devices that tend to be publicly accessible from the internet, which means bad guys are likely already scanning for potential victims.”
ChatGPT owner OpenAI projects $1 billion in revenue by 2024
ChatGPT, the new chatbot that is the talk of Silicon Valley, can spit out haikus, crack jokes in Italian and may soon be the scourge of teachers everywhere facing fake essays generated by the AI-powered technology. The research organization, co-founded by Elon Musk and investor Sam Altman and backed by $1 billion in funding from Microsoft Corp, is expecting its business to surge. Three sources briefed on OpenAI’s recent pitch to investors said the organization expects $200 million in revenue next year and $1 billion by 2024. The startup has already inspired rivals and companies building applications atop its generative AI software, which includes the image maker DALL-E 2. OpenAI charges developers licensing its technology about a penny or a little more to generate 20,000 words of text, and about 2 cents to create an image from a written prompt, according to its website.
(Reuters)
UK arrests five for selling ‘dodgy’ point of sale software
Tax authorities from Australia, Canada, France, the UK and the US have conducted a joint probe into “electronic sales suppression software” – applications that falsify point of sale data to help merchants avoid paying tax on their true revenue. An announcement last Friday from the Joint Chiefs of Global Tax Enforcement (known as the J5), states that the probe resulted in the arrest of five individuals in the UK. The software allows retailers to keep a separate set of books and launder money in one transaction. J5 chief and Australian Taxation Office deputy commissioner John Ford described as an example how a customer might order a $60 steak and a $100 bottle of wine, at which point the software changes the transaction, recording it in the point of sale system as “a $10 bowl of chips and a $4 bottle of soft drink.”