In today’s cybersecurity news…
Rainbow Six Siege suffers breach, gamers go shopping
The Rainbow Six Siege (R6) online game, a product of French video game publisher Ubisoft, suffered a breach over the weekend that allowed all types of chaos to ensue including unbanning players, and granting players massive amounts of in-game currency. Ubisoft quickly shut down Rainbow Six Siege and its in-game Marketplace. It later stated that “players would not be punished for spending the granted credits, but that it would be rolling back all transactions made since 11:00 AM Paris time.”
Diesel generators and aircraft engines in high demand to power AI
The developers of data centers are now using aeroderivative turbines, “based on or made from jet engines,” as well as diesel generators, to address a growing need for power to process AI technology. This is being done to counter the issue of supply chain shortages and wait times of up to seven years to connect to the grid, as well as growing backlash over their impact on consumer utility bills. This power is needed for the training and running of artificial intelligence models. As a result, local and federal regulators in the U.S. are starting to loosen the restrictions on the use of backup generators and are even floating the idea of commandeering existing backup generators, such as those located behind many large stores and businesses, in order to support the demand.
LastPass 2022 breach reverberates through crypto world
According to blockchain intelligence firm TRM Labs, encrypted vault backups that were stolen in the 2022 LastPass breach are still being used to break weak master passwords, allowing threat actors to access crypto accounts. “Wallet drains continued through 2024-2025, with stolen funds traced through mixers to high-risk Russian exchanges. TRM Labs found repeated use of Russian cybercrime infrastructure and continuity of wallet control, indicating likely Russian criminal involvement in monetizing the breach.”
ChatGPT ads will allegedly prioritize sponsored content in answers
The ongoing back-and-forth regarding the inclusion of ads in ChatGPT space has seen a new concept enter the room, this one called “sponsored content.” Despite initial resistance from OpenAI management about adding adverts to ChatGPT, fearing quality issues especially in light of Gemini’s advancement in the space, a new report suggests that OpenAI “plans to prioritize sponsored content in AI answers.” This might take the form of sponsored information in a sidebar next to the main ChatGPT response window. Although search tools like Google Search have had ads for a long time, experts point out that Generative AI products like ChatGPT “know more about users than Google,” and as such are likely to “disrupt the web economy.”
Huge thanks to our sponsor, ThreatLocker
NY Governor allows warning labels on social media
Describing social media platforms as “addictive,” New York Governor Kathy Hochul signed a bill this past week that will “require social media platforms to show warning labels to younger users before they’re exposed to features such as autoplay and infinite scrolling.” The bill was actually passed in June, and the warnings are supposed to resemble those on tobacco products, and media with flashing lights. Surgeon General Vivek Murthy has also suggested last year “that social media platforms should add warning labels.”
Fake MAS Windows activation domain spreads PowerShell malware
According to BleepingComputer, “a typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the ‘Cosmali Loader’.” MAS is “an open-source collection of PowerShell scripts that automate the activation of Microsoft Windows and Microsoft Office using HWID activation, KMS emulation, and various bypasses.” Numerous reports have been showing up on Reddit that informed users about a Cosmali Loader infection with a warning popup that chides users for using the correct .win domain to activate Windows in PowerShell – being get.activate.win, and instructing them to enter a typosquatted address that has one additional letter added, that changes the word “activate” to “activated.”
Most parked domains serve malicious content, says Brian Krebs
Krebs is warning internet users – that means everyone about the dangers of parked domains – those web addresses that are no longer in use or that are intentionally misspelled as typosquatting sites. As with most things internet, exploitation is rife. Parking pages that show these parked domains as no longer in use often lead to malware disguised as antivirus software and illegal content scams. In his article published this month, which draws on research from Infoblox, he describes how parked websites can remain benign if a visitor arrives at the site using a VPN or a non-residential Internet address but will be redirected to a scam site if coming from a residential IP address. A link to the Krebs article is available in the show notes to this episode.