Top Cyber Stories Of The Day

1. New U.S. National Cybersecurity Policy Raises Concerns: The recently announced National Cybersecurity Strategy by the Biden-Harris administration has experts worried about its potential impact on individual and small business investment in cyber awareness training. There are also concerns about defining threats and the potential suppression of information.

2. OpenAI’s ChatGPT Upgrades: OpenAI’s ChatGPT chatbot can now access up-to-date information on the internet, offering users the ability to ask questions about current events and access news. OpenAI plans to extend this browsing feature to all users in the future.

3. Massive Security Breach at Darkbeam: Digital risk protection company DarkBeam experienced a massive security breach that exposed billions of user usernames and credentials. The data stolen was collected to notify customers of potential breaches and likely resulted from human error.

4. Russian Zero-Day Vendor Offers $20 Million for Hacking Mobile Devices: Operation Zero, a Russian company specializing in acquiring and trading zero-day exploits, is now offering $20 million for hacking tools that can breach iPhones and Android devices. Similar companies also offer high payouts for zero-day vulnerabilities.

5. New BEC 3.0 Attack Exploits Dropbox: A recent wave of phishing attacks, known as BEC 3.0, has been detected, with attackers exploiting Dropbox as a tool. Over 5,000 attacks were detected in the first two weeks of September alone.

Today’s Threat Intelligence Reports

– Cybercriminals are selling an evolved version of the DoubleFinger loader malware called ASMCrypt, which aims to load the final payload undetected by antivirus and endpoint detection systems.
– Iranian APT group OilRig is using a new strain of malware called Menorah for covert operations involving cyber espionage.
– Researchers have discovered a new side-channel attack called GPU.zip that can steal sensitive information from nearly every contemporary GPU by exploiting graphical data compression.
– Reddit announces a new system where users will be paid for their posts that receive ‘gold’ awards, raising concerns about potential clickbait and unfair treatment of users with low karma.

Today’s Breach Bulletins

– DarkBeam, a digital risk protection company, experienced a massive security breach that exposed billions of user usernames and passwords. The breach was likely due to human error.
– Chinese hackers have stolen 60,000 US State Department emails from Microsoft.
– A ransomware group called ‘RansomedVC’ claims to have breached Sony’s networks and is threatening to sell stolen data on the dark web.

Security Research, Education & Awareness

– Harvard’s cybersecurity expert warns that AI is uniquely suited to internet-era propaganda during elections, as disinformation campaigns by countries like Russia, China, and Iran increase.
– Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent, exposing servers to remote attacks.
– Researchers have discovered a new side-channel attack called GPU.zip that can steal sensitive information from most contemporary GPUs.
– The US NIH is proposing guidelines to require research projects involving cephalopods to be approved by an ethics board before receiving federal funding.

Stay Secure, Let’s Know Together.