Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country’s DNS Hijacked

Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked.

Cybersecurity News tidbits

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories

Guilty pleas and convictions of foreign nationals in the US

The US Justice Department announced several guilty pleas and convictions this week. A British and Nigerian national, Idris Dayo Mustapha, pleaded guilty to his role in a $6 million operation that involved hacking into email and brokerage accounts. Russian national Anatoly Legkodymov has pleaded guilty over running Bitzlato, a cryptocurrency exchange used for illegal activities, including by ransomware groups. Ukrainian national Vitalii Chychasov has been sentenced to eight years in prison for running the SSNDOB cybercrime marketplace.

UK nuclear site reportedly hacked by Russia and China

Threat actors linked to Russia and China have hacked into the systems of the Sellafield nuclear waste and decommissioning site in the UK, according to an investigation conducted by The Guardian. The British government has dismissed the reports. 

Advertisement. Scroll to continue reading.

HTC Global hit by ransomware

IT and business process services provider HTC Global Services has confirmed experiencing a cybersecurity incident after the notorious BlackCat ransomware group claimed to have stolen sensitive information from the company. 

CISA removes fake CVE from KEV catalog

CISA has removed CVE-2022-28958 from its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which was initially described as an actively exploited D-Link router vulnerability, turned out to be a fake vulnerability. This is not the first time CISA has removed a CVE from its catalog. 

New Linux RAT Krasue targets Thailand

Group-IB has conducted an analysis of Krasue, a new Linux RAT that has been used in attacks against organizations in Thailand. The malware has been around since at least 2021, but it has managed to stay under the radar. Krasue, which contains several embedded rootkits, is believed to be deployed as part of a botnet or sold by initial access brokers. 

An entire country’s DNS name resolution hijacked

SEC Consult researchers have demonstrated the threat posed by DNS attacks by hijacking the DNS name resolution of an entire country by exploiting a DNS cache poisoning vulnerability. A malicious attack could have caused “serious harm”, the company said. 

Fake Lockdown Mode

Jamf has discovered a post-exploitation tampering technique that can allow malware to trick users into believing that their iPhone is running in Lockdown Mode (a feature designed to protect users against highly sophisticated attacks) when in reality the victim does not benefit from the feature’s protection. The company pointed out that the attack method does not exploit any actual vulnerability in iOS or Lockdown Mode. 

MLflow vulnerability exposes ML models and training data

Contrast Security has found a vulnerability in MLflow, a development framework for machine learning (ML) lifecycle management, that could lead to the exposure of an ML model and all training data to an attacker. Databricks, the creator and maintainer of MLflow, has been working on a patch.

Using AI to jailbreak LLMs

Robus Intelligence has found a way to use AI to automatically jailbreak GPT-4 and other large language models (LLMs). The attack method, named Tree of Attacks with Pruning (TAP), can be used “to induce sophisticated models like GPT-4 and Llama-2 to produce hundreds of toxic, harmful, and otherwise unsafe responses to a user query (e.g. ‘how to build a bomb’) in mere minutes”.

40% of Google Drive files contain sensitive information

A report from data security firm Metomic shows that over 40% of files stored in Google Drive contain sensitive information. The result is based on a scan of roughly 6.5 million files. Approximately 18,000 files contained highly sensitive data such as personally identifiable information. 

Related: In Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader Unmasked

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.