Security News > 2023 > July

According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been advertised on underground forums as a way for adversaries to launch sophisticated phishing and business email compromise attacks.In the hands of a bad actor, tools like WormGPT could be a powerful weapon, especially as OpenAI ChatGPT and Google Bard are increasingly taking steps to combat the abuse of large language models to fabricate convincing phishing emails and generate malicious code.

A criminal crew with a history of deploying malware to harvest credentials from Amazon Web Services accounts may expand its attention to organizations using Microsoft Azure and Google Cloud Platform. The crooks used to target primarily AWS users, and now seem to be looking for ways into Azure and Google Cloud accounts.

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account consumer signing key to breach two dozen organizations. "Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA consumer to access OWA and Outlook.com," the tech giant said in a deeper analysis of the campaign.

The Scarleteel threat targets AWS Fargate environments for data theft and more malicious types of attacks such as cryptojacking and DDoS. Learn how to mitigate this threat. Sysdig, a cloud and container security company, has released a new report on the Scarleteel threat that targets specific AWS environments for data theft and additional malicious activities.

Masayoshi Matsumoto is a "Master balloon artist," and he made a squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

The administrators of the Genesis Market for stolen credentials announced on a hacker forum that they sold the store and a new owner would get the reins "Next month." On June 28, the account GenesisStore, used by an operator of the Genesis Market for announcements on a hacker forum, posted that the group behind the store decided to sell the platform.

Microsoft says it still doesn't know how Chinese hackers stole an inactive Microsoft account consumer signing key used to breach the Exchange Online and Azure AD accounts of two dozen organizations, including government agencies. The threat actors used the stolen Azure AD enterprise signing key to forge new auth tokens by exploiting a GetAccessTokenForResource API flaw, providing them access to the targets' enterprise mail.

Popular collaboration product Zimbra has warned customers to apply a software patch urgently to close a security hole that it says "Could potentially impact the confidentiality and integrity of your data." The vulnerability is what's known as an XSS bug, short for cross-site scripting, whereby performing an innocent-looking operation via site X, such as clicking through to site Y, gives the operator of site X a sneaky chance to implant rogue JavaScript code into the web pages that your browser receives back from Y. This, in turn, means that X may end up with access to your account on site Y, by reading out and perhaps even modifying data that would otherwise be private to Y, such as your account details, login cookies, authentication tokens, transaction history, and so on.

Rockwell Automation says a new remote code execution exploit linked to an unnamed Advanced Persistent Threat group could be used to target unpatched ControlLogix communications modules commonly used in manufacturing, electric, oil and gas, and liquified natural gas industries.The company teamed up with the U.S. Cybersecurity and Infrastructure Security Agency to analyze the exploit linked to APT threat actors, but they have yet to share how they obtained it.

The White House has announced the first iteration of the National Cybersecurity Implementation Plan. The plan aims to boost public and private cybersecurity resilience, take the fight to threat actors, beef up the defense of infrastructure and draw a clear national roadmap of cybersecurity responsibilities.