This week’s cybersecurity news updates discuss why patching security vulnerabilities can be a significant step toward a safer network. Read on to know more about how threat actors continued to exploit unpatched vulnerabilities and compromise information systems recently.
Pro-Russian Hackers Claim They Targeted French Senate Website
The French Senate’s website went offline on Friday after pro-Russian attackers claimed they had taken it down. The upper house of Parliament posted on Twitter, “Access to the website has been disrupted since this morning,” further adding that a team was busy fixing the problem.
A group that goes by the tag NoName on Telegram claimed responsibility for the attack, saying it took the step because “France is helping Ukraine on a new ‘aid’ package includes weapons.”
It is the same cybercriminal group that had taken responsibility for downing the website of France’s lower-house National Assembly in March. The group had also claimed responsibility for disrupting the Canadian government websites last month during the visit of Ukrainian Prime Minister Denys Shmyhal to Canada.
However, Canadian Prime Minister Justin Trudeau shrugged off the attack, saying that knocking a webpage offline would not prevent Canada from supporting Ukraine.
Researchers Observe Attack Attempts On TBK DVR Camera Devices
Researchers at Fortinet’s FortiGuard Labs recently noticed that hackers were exploiting a bypass flaw in TBK DVR video recording devices and increasing hacking attempts on this device worldwide. The vulnerability is a five-year-old authentication bypass flaw that remains unpatched in these devices.
TBK Vision’s website mentions that organizations across government, banking, and retail sectors are using its devices, significantly increasing the impact surface.
The researchers tracked the vulnerability as CVE-2018-9995, a critical authentication bypass issue that remote attackers can exploit to access the impacted network. Furthermore, a remote attacker can exploit the flaw to bypass authentication and receive administrative privileges through which they can access camera video feeds.
Besides, the Fortinet team noticed that the company did not release any security patches for the five-year-old flaw. Highlighting the attack’s widespread nature, researchers observed over 50,000 attack attempts on video recording devices with unique IPS detections last month.
Hackers Use Fake Websites That Look Like ChatGPT To Exploit Sensitive Information
Check Point Research recently noticed an uptick in cyberattacks leveraging websites linked to ChatGPT, which hackers are using in phishing attempts and distributing malware through websites that appear similar to ChatGPT. These campaigns trick users into revealing confidential information or downloading harmful files.
The security experts discovered that 1 out of 25 new ChatGPT-related domains was malicious since the beginning of 2023. Furthermore, they have noticed a steady increase in the frequency of these attack attempts over the past few months.
After clicking on these malicious links, victims get redirected to websites that can subject them to additional attacks. Researchers identified the following websites mimicking ChatGPT:
- chat-gpt-pc[.]online
- chat-gpt-online-pc[.]com
- chat-gpt-ai-pc[.]info
- Chat-gpt-for-windows[.]com
Attackers Abuse AT&T E-mail Accounts To Steal Cryptocurrency
Cybercriminals are breaking into victims’ cryptocurrency exchange accounts using their AT&T e-mail addresses and stealing their crypto assets. The following domain names are impacted:
sbcglobal[.]net, bellsouth[.]net, and att[.]net.
Image sourced from statista.com
The researchers believe that the cybercriminals accessed a part of AT&T’s internal network that creates mail keys for any user. AT&T e-mail users use these unique mail keys to login into their accounts through apps like Outlook or Thunderbird without requiring a password.
If the attackers obtain the primary key of a target, they can log in to their accounts through any e-mail app. Consequently, they reset passwords and use the id for other malicious actions like breaking into cryptocurrency exchanges.
A hacker group claimed on Telegram that they had accessed an entire AT&T employee database, which allows them access to information regarding OPUS, an AT&T employees portal.
Promising Jobs at the U.S.P.S, ‘US Job Services’ Leaks Customer Data
A Georgia-based online company that has made thousands of dollars purporting to sell access to the United States Postal Service (USPS) jobs recently exposed its internal IT database of nearly 900,000 customers. The leaked records indicate that the company’s chief technology officer in Pakistan was hacked over the past year.
Patrick Barry, chief information officer at Charlotte, an NC-based Security firm, alerted KrebsOnSecurity about the data exposure. He said that US Job Services had been leaking its customer payment records since 2016. Furthermore, the company revealed a 2019 log file containing the site administrator’s contact information and back end-database credentials.
Sharing screenshots of the back-end database, Barry said the administrator of US Job Services operates with the e-mail address tab.webcoder@gmail.com., which experts traced to Karachi-based developer Muhammed Tabish Mirza.
Even After Two Security Audits, Level Finance Crypto Exchange Hacked
Hackers recently exploited a Level Finance smart contract vulnerability and drained 214,000 LVL tokens from the DEX (decentralized exchange), further swapping them for 3,345 BNB, worth $1,100,000.
Downplaying the attack, Level Finance said the attack did not impact its liquidity pool or the DAO treasury. However, after the attack was discovered, the LVL token lost roughly 50% of its value. Although Level Finance took adequate phishing protection measures to protect its assets by ordering two audits from independent firms, the cybercriminals still found a way to exploit the code.