SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Guilty pleas and convictions of foreign nationals in the US
The US Justice Department announced several guilty pleas and convictions this week. A British and Nigerian national, Idris Dayo Mustapha, pleaded guilty to his role in a $6 million operation that involved hacking into email and brokerage accounts. Russian national Anatoly Legkodymov has pleaded guilty over running Bitzlato, a cryptocurrency exchange used for illegal activities, including by ransomware groups. Ukrainian national Vitalii Chychasov has been sentenced to eight years in prison for running the SSNDOB cybercrime marketplace.
UK nuclear site reportedly hacked by Russia and China
Threat actors linked to Russia and China have hacked into the systems of the Sellafield nuclear waste and decommissioning site in the UK, according to an investigation conducted by The Guardian. The British government has dismissed the reports.
HTC Global hit by ransomware
IT and business process services provider HTC Global Services has confirmed experiencing a cybersecurity incident after the notorious BlackCat ransomware group claimed to have stolen sensitive information from the company.
CISA removes fake CVE from KEV catalog
CISA has removed CVE-2022-28958 from its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which was initially described as an actively exploited D-Link router vulnerability, turned out to be a fake vulnerability. This is not the first time CISA has removed a CVE from its catalog.
New Linux RAT Krasue targets Thailand
Group-IB has conducted an analysis of Krasue, a new Linux RAT that has been used in attacks against organizations in Thailand. The malware has been around since at least 2021, but it has managed to stay under the radar. Krasue, which contains several embedded rootkits, is believed to be deployed as part of a botnet or sold by initial access brokers.
An entire country’s DNS name resolution hijacked
SEC Consult researchers have demonstrated the threat posed by DNS attacks by hijacking the DNS name resolution of an entire country by exploiting a DNS cache poisoning vulnerability. A malicious attack could have caused “serious harm”, the company said.
Fake Lockdown Mode
Jamf has discovered a post-exploitation tampering technique that can allow malware to trick users into believing that their iPhone is running in Lockdown Mode (a feature designed to protect users against highly sophisticated attacks) when in reality the victim does not benefit from the feature’s protection. The company pointed out that the attack method does not exploit any actual vulnerability in iOS or Lockdown Mode.
MLflow vulnerability exposes ML models and training data
Contrast Security has found a vulnerability in MLflow, a development framework for machine learning (ML) lifecycle management, that could lead to the exposure of an ML model and all training data to an attacker. Databricks, the creator and maintainer of MLflow, has been working on a patch.
Using AI to jailbreak LLMs
Robus Intelligence has found a way to use AI to automatically jailbreak GPT-4 and other large language models (LLMs). The attack method, named Tree of Attacks with Pruning (TAP), can be used “to induce sophisticated models like GPT-4 and Llama-2 to produce hundreds of toxic, harmful, and otherwise unsafe responses to a user query (e.g. ‘how to build a bomb’) in mere minutes”.
40% of Google Drive files contain sensitive information
A report from data security firm Metomic shows that over 40% of files stored in Google Drive contain sensitive information. The result is based on a scan of roughly 6.5 million files. Approximately 18,000 files contained highly sensitive data such as personally identifiable information.
Related: In Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader Unmasked