Security News

ACRO, the UK's criminal records office, is combing over a "Cyber security incident" that forced it to pull its customer portal offline. In an email to users this week - seen by El Reg - ACRO confirmed it has "Recently been made aware of a cyber security incident affecting the website between 17th January 2023 and 21 March 2023.".

DOUG. Honeypots, patches and the passing of an icon. DUCK. I know where I want it to stop, Doug!

With the increased public interest in ChatGPT, the Europol Innovation Lab took the matter seriously and conducted a series of workshops involving subject matter experts from various departments of Europol. These workshops aimed to investigate potential ways in which large language models like ChatGPT can be exploited by criminals and how they can be utilized to aid investigators in their day-to-day tasks.

A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old "Legacy" database the company forgot it had. The genetic testing firm, DNA Diagnostics Center reached a settlement deal with states' attorneys general in Ohio and Pennsylvania last week, after the social security numbers of 45,000 residents of the two states was exposed, with each of the states getting $200k. DDC offers paternity testing, immigration testing, veterinary DNA testing and forensic testing.

A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has cracked yet another encrypted messaging application named Exclu used by organized crime groups. "Exclu makes it possible to exchange messages, photos, notes, voice memos, chat conversations, and videos with other users," the Politie said.

The Dutch police announced on Friday that they dismantled the Exclu encrypted communications platform after hacking into the service to monitor the activities of criminal organizations. In the Netherlands alone, the police searched 22 locations and arrested 11 individuals believed to be connected with the Exclu platform.

The security shop's research team said it has already seen Russian cybercriminals on underground forums discussing OpenAI workarounds so that they can bring ChatGPT to the dark side. We'd have thought ChatGPT would be most useful for coming up with emails and other messages to send people to trick them into handing over their usernames and passwords, but what do we know? Some crooks may find the AI model helpful in offering malicious code and techniques to deploy.

Malware-slinging miscreants are taking advantage of a trending TikTok challenge - and viewers' dirty minds - to spread data-stealing malware via a phony app that's had more than one million views so far. The new TikTok trend is called Invisible Challenge, and it involves a person filming themself naked while using an effect called Invisible Body that removes the body from the video.

A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of campaigns designed to steal sensitive information from compromised hosts. First advertised on Russian cybercrime forums in April 2022, Aurora was offered as a commodity malware for other threat actors, describing it as a "Multi-purpose botnet with stealing, downloading and remote access capabilities."

Two Russian nationals accused of operating Z-Library - one of the largest online book piracy websites - have been charged with criminal copyright infringement, wire fraud and money laundering. Around the same time, the Feds also took down Z-Library's network of nearly 250 domains and seized its assets - much to the dismay of students everywhere who used the site to access textbooks and academic journals without paying the hefty price tags charged by academic publishers.