Cyber Security News - 26 March - 05 April

Lionsgate Streaming Platform With 37M Subscribers Leaks User Data

Researchers could not determine the exact purpose or usage of the hashes. However, the hashes all containing more than 156 characters indicates they were intended to remain unchanged for long periods of time.

“Hashes didn’t match any commonly used hashing algorithms. Since these hashes were included in the HTTP requests, we believe they could have been used as secrets for authentication, or just user IDs” - said researchers.

Cybernews reached out to Lionsgate about the leak, and the company responded by closing an open instance. However, at the time of writing, it has yet to provide an official response.

South Korean Beauty Content Platform, PowderRoom, Has Leaked the Personal Information of Nearly One Million People
The platform exposed full names, phone numbers, emails, Instagram usernames, and even home addresses. Researchers estimate that the database was publicly available for over a year.

Backed by beauty-product manufacturers, PowderRoom has hundreds of thousands of followers on social media, and its Android app has been downloaded more than 100,000 times on Google Play.

On the platform, users can review beauty products while being encouraged to actively participate and receive perks.

Puerto Rico Aqueduct and Sewer Authority (PRASA) is Investigating a Cyber Attack With the Help of the FBI and US CISA.
The agency recommends customers to change their passwords.

In early March, the Biden administration announced that it will make it mandatory for the states to conduct cybersecurity audits of public water systems.

Water systems are critical infrastructures that are increasingly exposed to the risk of cyberattacks by both cybercriminal organizations and nation-state actors, the US Environmental Protection Agency reported.

NCA Infiltrates the Cybercriminal Underground with Fake DDoS-for-hire Sites
“All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks” - reads the announcement.

“However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators”.

The activity is part of a coordinated international operation named Operation Power Off that is targeting DDoS-for-hire infrastructures worldwide.

A New MacStealer macOS Malware Allows Operators to Steal iCloud Keychain Data and Passwords from Infected Systems
The stealer then ZIPs up the data and sends it to C2 via a POST request using a Python User-Agent request (figures 8 and 9).” reads the analysis published by Uptycs. “It deletes the data and ZIP file from the victim’s system during a subsequent mop-up operation”.

The MacStealer transmits selected information to the listed Telegram channels.

The report also provides Indicators of Compromise (IoCs).

Hackers Exploiting ChatGPT’s Popularity to Spread Malware via Hacked FB Accounts
A number of elements are designed in such a way that will make the ads appear legitimate. These elements include all the information that is required to convince an unsuspecting individual.

In order to lend further credibility to the scam, a password is included along with the download link. It should also be noted that compromised accounts are also capable of stealing sensitive confidential information as well.

Australia’s Casino Giant Crown Resorts disclosed data breach after Clop ransomware attack
“We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files. We are investigating the validity of this claim as a matter of priority.” reads the statement published by the company on March 27, 2023. “We can confirm no customer data has been compromised and our business operations have not been impacted. We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.”

Top Data Breaches in 2022 and 2023 Point to Increases in Phishing and Ransomware
January 2022

• Jan. 6 2022– Flexbooker Data Breach
• Jan. 19 2022– Red Cross Data Breach
• Jan. 20 2022 – Crypto. com Data Breach

February 2022

• Feb. 20 2022 – Credit Suisse Data Leak
• Feb. 25 2022– Nvidia Data Breach

March 2022

• March 18 – Morgan Stanley Client Data Breach
• March 24 – Texas Department of Insurance Data Leak
• March 26 – US Department of Education Data Breach
• March 30 – Apple & Meta Data Breach

Read more about it the most recent Data Breaches of 2023 here.

Hackers are Actively Exploiting a Flaw in the Elementor Pro WordPress Plugin
The issue stems from improper input validation and a lack of capability check to restrict its access to a high privileged user only.

“An authenticated attacker can leverage the vulnerability to create an administrator account by enabling registration and setting the default role to “administrator,” change the administrator email address or, redirect all traffic to an external malicious website by changing siteurl among many other possibilities” - wrote Bruandet.

Microsoft Debuts New AI Chatbot for Cybersecurity Needs
The new chatbot is tied to Microsoft's (MSFT) partnership with ChatGPT developer OpenAI, and its new GPT-4 large language model.

According to Microsoft (MSFT), Security Copilot will work seamlessly with security teams, and give companies the ability "to see what is happening in their environment, learn from existing intelligence, correlate threat activity, and make more informed, efficient decisions at machine speed.

SANS First Look Report: Self-Supervised Learning Cybersecurity Platform for Threat Detection
In the report, SANS examines how MixMode’s platform is designed to focus on providing cybersecurity teams full visibility and real-time threat detection—at enterprise scale – via proprietary artificial intelligence (AI) that can ingest various data types, from cloud to network to endpoint, and helps analysts identify vulnerabilities and threats, from run-of-the-mill known attack methods to never-before-seen novel attacks.

MixMode lets you jump that barrier with their AI to find threats amongst all the noise, including novel attacks designed to bypass legacy systems.

AI Pause Urged by Musk, Wozniak and Other Tech Leaders
An open letter signed by nearly 1,300 people calls for AI labs to enact a six-month hiatus on “the training of AI systems more powerful than GPT-4” referring to the tool released earlier this month by Microsoft-based OpenAI.

The letter, issued via the nonprofit Future of Life Institute, argues that during the proposed pause, labs and researchers should craft protocols for AI that would be audited by “independent outside experts”.