All Okta customers exposed in breach
The access and identity stalwart disclosed that the breach it discovered in October saw threat actors steal data on all its customers. This contradicts Okta’s statement directly after the breach, which said the attack impacted 1% of customers. While the breach impacted all customers, 99.6% of them had only full names and email addresses stolen. Okta said it didn’t see signs of customers being actively exploited from the breach, but did say the information could prove effective social engineering fodder.
JAXA hit by cyberattack
Japan’s aerospace exploration agency, known as JAXA, disclosed the security incident. Japanese media source’s say attackers targeted the space agency’s central Active Directory server over the summer. Reportedly the attackers obtained initial access through a known vulnerability in a piece of network equipment. A Jaxa spokesperson said it did not find evidence of any data leaks from the incident. This isn’t the space agency’s first cyber breach, with Chinese military threat actors targeting it in 2017.
OpenAI’s chatbots leak secrets
With all the drama with OpenAI’s leadership, it’s easy to forget that less than a month ago, they announced availability for customer GPT chatbots, trained on unique datasets for more customized responses. Wired’s Matt Burgess found several security researcher able to download these source files and obtain system prompts using prompt injections on the chatbots. According to Adversa AI CEO Alex Plyakov, these prompts required low sophistication, needing only “basic proficiency in English.” Northwestern University researcher Jiahao Yu said they found a 100% success rate in obtaining files from custom GPTs tested.
(Wired)
Google patches another Chrome zero-day
The search giant issued this emergency update, marking the sixth zero-day fixed in its browser this year. According to Google’s security advisory, the vulnerability came from an integer overflow in the Skia 2D graphic library, opening the door to arbitrary code execute. As Skia is an open source library, the flaw likely impacts other software, potentially including Google’s own Android, ChromeOS, and Flutter. The company said it will disclose further technical details of the zero-day once most users applied the patch.
Huge thanks to our sponsor, SpyCloud
Go to spycloud.com/ciso to see your company’s exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud’s focus is helping businesses act on what criminals are using right now to target them – addressing stolen passwords, cookies, and even API keys automatically to stop criminals in their tracks.
To learn more and get your darknet exposure report, go to spycloud.com/ciso.
Meta announces plans for 2024 election ads
Meta’s President of Global Affairs, Nick Clegg, announced the company informed US regulators that it will block new political ads for one week ahead of November’s US election. This largely reflects Meta’s previous election ad policies. Clegg also reiterated Meta’s recent policy change to require disclosure of any AI-generated media in political or social issue ads. Meta will rescind its ad freeze the day after elections.
Researchers call Bluetooth’s BLUFFS
Security researchers at Eurecom disclosed a collection of six Bluetooth vulnerabilities it refers to as BLUFFS. These exploits two previously unknown issues with how Bluetooth creates session keys, impacting the Bluetooth Core Specification from 4.2 to 5.4. BLUFFS effectively forces the creation of a weaker session key that’s susceptible to a brute force attack. From there, an attacker can decrypt and manipulate traffic. The Bluetooth SIG received the report and published a statement with best practices to avoid the issues.
US seizes crypto mixer
The US Treasury Department seized the mixing service Sinbad over its ties to money laundering for the North Korean Lazarus group. A statement from the Treasury said Lazarus processed millions of dollars through Sinbad, including crypto obtained through the Horizon Bridge and Axie Infinity attacks. The Treasury also tied the mixer to uses across the dark web, from evading sanctions, to drug trafficking, and purchasing CSAM. Authorities seized Sinbad’s clear web site and took down its Tor site.
Black Basta earned $100 million in extortion
A new report from Elliptic and Corvus Insurance claims the pernscious ransomware group acquired $107 million worth of Bitcoin through extortion since it began activity last year. It found many of these funds made their way to the Russian exchange Garantex. Manufacturing marked the group’s mostly commonly targeted sector, making up about 17% of attacks. The US accounted for 62% of victims. The report also shows links between Black Basta and the now defunct Conti ransomware group.
(Reuters)