More MOVEit victims, more ransomware news and 100,000 stolen ChatGPT credentials are up for sale
Welcome to Cyber Security Today. It’s Wednesday, June 21st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
The Metro Vancouver Transit Police department is the latest organization to admit being victimized by the vulnerability in the MOVEit file transfer software. The agency said this week 186 of its files were copied. That is a “limited number” of its files, the agency added. There were no details about what was in the files.
Another company added to the list of MOVEit victims is Medibank, the Australian health insurance provider that suffered a huge data breach last year. According to the Financial Review, Medibank’s property management company was hacked through MOVEit. Among the data stolen was a file with the names, email addresses and phone numbers of Medibank employees.
The public school system of Des Moines, Iowa has started notifying nearly 6,700 individuals that their personal information was copied in a January theft and ransom attack. No ransom has been or will be paid, the school district said. The district also said since the attack cybersecurity of its IT system has been improved. According to researchers at Emsisoft, so far this year in the U.S. alone at least 38 grade-school districts and 49 post-secondary institutions have been hit by ransomware. One of the latest claimed by a criminal group is the University of Hawaii.
As the world goes wild over ChatGPT, so do crooks. According to researchers at Singapore-based Group-IB, there are over 100,000 computers and smartphones with infections have stolen the saved ChatGPT login credentials of users. How does it know? Because the stolen usernames and passwords are being sold on dark web. The discovery shows how important it is for organizations to set rules on employee use of ChatGPT. That’s because by default the chatbot stores the history of queries and responses of users. And those queries may give away confidential corporate information. The top six countries that credentials up for sale come are India, Pakistan, Brazil, Vietnam, Egypt and the United States.
The AlphV/BlackCat ransomware gang is threatening to release data stolen in February from Reddit unless the social media site pays a US$4.5 million ransom. That’s according to the TechCrunch news service. A Reddit executive at the time said the data included employee and corporate information. Reddit says that an attacker sent a plausible email to employees with a link to what looked like the company’s intranet gateway. Those who fell for the scam had their login credentials copied. On the weekend the gang said it contacted Reddit in April and last week about a payment but got no response. The gang also wants Reddit to back off its recent price increases for the use of its API.
Credit card provider Capital One has admitted an employee made unapproved purchases through customers’ accounts over a nine-month period ending in May of this year. In a letter being sent to 82 people, Capital One said the now former employee took advantage of their ability to see cardholder’s names, credit card numbers, date of birth, account balances and other information.
A Russian-based threat actor has been compromising Ukrainian organizations using the open-source Roundcube webmail platform. That’s according to researchers at Ukraine’s Computer Emergency Response Team and an American cybersecurity firm called Recorded Future. It’s the latest chapter in the war between Russia and Ukraine. The hacking of Roundcube servers overlaps with a campaign to break into Microsoft Outlook for Windows. Victims are being tricked by opening email attachments with supposed news about the war. Ukraine attributes these email hacking campaigns to a group researchers call Fancy Bear or Forest Blizzard, otherwise known as Russia’s military intelligence. The assumption is the hacking is aimed at gathering intelligence. IT departments with Roundcube software can protect their severs by always installing the latest security updates.
Finally, small and mid-sized businesses using 19 models of Wi-Fi routers from Asus are being urged to install the latest firmware to patch nine critical vulnerabilities. These models would also be used in homes. Asus says owners or device managers should either update their routers as soon as possible or disable services accessible from the internet such as remote access, port forwarding and VPN access. The patches will be found on the product pages for each Asus device. They include GT6, GT-AXE, GT-AX and GT devices. The alert is another reminder to owners and managers of all routers to regularly check the manufacturers’ web sites for security patches.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
