Cyber Security News - 05-12 FEB

• Israel's president became the first world leader to publicly use ChatGPT when he gave a speech partly written by the AI

During his speech, Herzog also emphasized that AI will not replace humans, despite using it to write part of it. "Let us not forget that our humanity is what makes us truly special," Herzog said. "It is not the machines that will shape our destiny, but rather our hearts, minds, and determination to create a brighter tomorrow for all of humanity."

• North Dakota Higher Ed Task Force to Study Risks of AI

ChatGPT, or Chat Generative Pre-Trained Transformer, is a program developed in November 2022 by the research laboratory Open AI. It allows users to pose questions, with an algorithm generating responses. Mark Hagerott, chancellor of the North Dakota University System and former professor of cybersecurity at the U.S. Naval Academy, said the State Board of Higher Education has been discussing the implications of artificial intelligence for years.

• ABA House adopts 3 guidelines to improve use of artificial intelligence

The Cybersecurity Legal Task Force, which submitted the resolution, also urges Congress, federal executive agencies and state legislatures and regulators to adhere to these guidelines in laws and standards associated with AI. Developers of AI should ensure their products, services, systems and capabilities are subject to human authority, oversight and control. Organizations should be accountable for consequences related to their use of AI, including any legally cognizable injury or harm caused by their actions, unless they have taken reasonable steps to prevent harm or injury. Developers should ensure the transparency and traceability of their AI and protect related intellectual property by documenting key decisions made regarding the design and risk of data sets, procedures and outcomes underlying their AI.

• Liveplex Adds Eclypses MTE Technology to Provide Customers Full Endpoint Data Protection

Eclypses, Inc., a leading provider in end-point data protection and developer of MTE technology, offers mobile device management, web application, and IoT device security to protect data at the application level. Utilizing the Eclypses Cryptographic Library (ECL), MTE uniquely delivers enhanced end-to-end security capabilities such as verification of each endpoint connection and uniquely protected data packets with no change to the user experience and minimal impact on system resources.

• mast1c0re: Introduction – Exploiting the PS4 and PS5 through a game save

In this multi-part blog series, I, McCaulay Hudson, will delve into the creation of the mast1c0re exploit for the PlayStation 4 and 5. The underlying vulnerabilities were initially investigated by CTurtE, with the help of flatz, balika011, theflow0, and chicken(s). CTurtE's blog post titled "mast1c0re: Hacking the PS4 / PS5 through the PS2 Emulator – Part 1 – Escape," published on September 14th, 2022, serves as the foundation for this series. As it covers the necessary vulnerabilities to achieve userland code execution on the two gaming consoles and provides the fundamental understanding needed for this series.

• OpenSSL fixes High Severity data-stealing bug – patch now!

OpenSSL, a widely-used encryption library known for its strong security, has recently released a series of three updates to enhance its security.  The updates apply to both the current open-source versions supported by the organization for everyone and the older 1.0.2 version, which is only available to those who pay for premium support. Moving away from the outdated 1.0.2 version, which OpenSSL has tried to retire for years, is recommended even if cost is not a concern, as it will provide a more secure environment.

• Top 10 web hacking techniques of 2022

"We are thrilled to present the Top 10 Web Hacking Techniques of 2022, the 16th edition of our community-driven initiative to showcase the most groundbreaking web security research of the past year. With a record 46 nominations submitted, the final 15 candidates were determined through voting by the community. Our expert panel of researchers, including Nicolas Grégoire, Soroush Dalili, Filedescriptor, and the author, spent the last two weeks evaluating and voting on the finalists to arrive at the top 10 new web hacking techniques of 2022."

• CISA Releases Recovery Script for Victims of ESXiArgs Ransomware

The US Cybersecurity and Infrastructure Security Agency (CISA) has made available a recovery script for those impacted by the ESXiArgs ransomware variant. The ESXiArgs-Recover tool can be downloaded from GitHub at no cost, and is designed to help organizations recover configuration files that might have been encrypted by the ransomware on VMware ESXi servers.  According to CISA, some organizations that have used the tool have successfully recovered their encrypted files without paying the ransom demand.

• Jailbreak Trick Breaks ChatGPT Content Safeguards

According to a report by CNBC, a new prompt called DAN (Do Anything Now) has been developed that allows users to bypass ChatGPT's content restrictions. The prompt works by creating a scenario that ChatGPT cannot resolve, taking advantage of the model's token system and allowing the generation of content that would otherwise be deemed inappropriate or illegal.  Although the DAN prompt is not always successful, a community has already formed around its ability to work around ChatGPT's programming controls. A subreddit dedicated to the DAN prompt has gained a substantial following, with over 200,000 subscribers who are interested in exploring its capabilities. This development highlights the ongoing challenge in maintaining appropriate content controls in AI systems, and the need for continued efforts to improve their programming and restrict the generation of harmful or illegal content. It is important for those in the AI industry to remain vigilant and proactive in their efforts to address these issues and ensure the responsible use of AI technology.

• Why ChatGPT Isn't a Death Sentence for Cyber Defenders

ChatGPT has been making waves in the tech world since its introduction in late November. This advanced AI tool has brought about many positive advancements, but it has also sparked serious concerns about its potential impact on the cybersecurity landscape. The rapid rise of ChatGPT marks the latest chapter in the ongoing arms race between attackers and defenders in the field of cybersecurity, where both sides are constantly seeking new and innovative technologies to gain the upper hand. However, the stakes have been raised with the introduction of ChatGPT. The generative AI tool has democratized social engineering, making it easier for threat actors to carry out their attacks. This presents a serious threat to organizations and individuals alike, as it expands the availability of a powerful tool that can be used to bypass even the most stringent security measures. Social engineering has always been a dangerous tool in the hands of cybercriminals, but with the help of AI and machine learning, it has become even more potent.

• Android mobile devices from top vendors in China allegedly have pre-installed malware

The experts pointed out that also users that leave the country are exposed to surveillance, through the pre-installed software. The researchers also compared the preinstalled system apps on the Chinese (CN) and Global (e.g., EU) Android OS distributions from the same OS developers. They discovered that the number of preinstalled third-party apps on CN OS distributions is 3 to 4 times larger than for the corresponding Global OS distribution and that these are given 8 to 10 times as many permissions as third-party apps in Global distributions.

• 'Money Lover' Finance App Exposes User Data

A security firm, Trustwave, reported that the finance app "Money Lover," created by Vietnamese company Finsify, has been discovered to be leaking sensitive user information, including financial transactions and metadata such as wallet names and email addresses.  The app, which helps with personal financial management, is available on Google Play for Android devices, Microsoft Store for PCs, and App Store for iOS and has a 4.6-star rating from over 1,000 reviewers.

• Toyota Sealed Up a Backdoor to Its Global Supplier Management Network

According to Eaton Zveare, a security researcher, he was able to successfully hack into Toyota's supplier management network. The hack gave him access to sensitive information related to around 3,000 suppliers and 14,000 users globally. The web application that was compromised, used by both Toyota employees and suppliers, contained important information on projects, parts, surveys, and purchases. Some of the notable partners and suppliers present on the system included Michelin, Continental, and Stanley Black & Decker.  The researcher was able to gain entry into the Japanese automaker's Global Supplier Preparation Information Management System (GSPIMS) by exploiting a backdoor in the login mechanism, granting him administrative access to the system.

• Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game

When thinking about V8 exploits, the initial thoughts likely revolve around complex browser zero-day exploits. Although the browser is an intriguing target for V8 exploits, it's important to remember that this open-source JavaScript engine is also incorporated into numerous other projects besides the browser. Whenever a JavaScript engine is utilized to execute potentially untrusted code across a security boundary, security problems may emerge. A notable example of this is the widespread Dota 2 video game, which was impacted by a security issue. Dota was using an outdated version of v8.dll that was compiled in December 2018, which made it susceptible to a range of CVEs, many of which had publicly available proof-of-concept exploits.

• Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet

Gigamon, a network visibility and IT observability company based in Santa Clara, California, has divested from the network detection and response (NDR) market. According to information obtained by Omdia, Gigamon sold its ThreatInsight NDR solution to Fortinet, a former competitor, at the end of last year. The acquisition was reportedly worth around $31 million. The sale also included the personnel dedicated to the ThreatInsight NDR solution, including Gigamon's former threat intelligence group.  Omdia research suggests that approximately 30 to 50 Gigamon employees made the move to Fortinet as a result of the transaction.