Security News

Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs. HackerOne, a security platform and hacker community forum, hosted a roundtable on Thursday, July 27, about the way generative artificial intelligence will change the practice of cybersecurity. How threat actors take advantage of generative AI. "We have to remember that systems like GPT models don't create new things - what they do is reorient stuff that already exists stuff it's already been trained on," said Klondike.

A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799, the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively, VulnCheck disclosed in a Tuesday report.

Secondly, the underlying encryption algorithms are proprietary, guarded as trade secrets under strict non-disclosure agreements, so it simply hasn't had the levels of global, objective mathematical scrutiny that unpatented, open source encryption systems have. Simply put, if you need to keep the algorithm secret, as well as the decryption key for each message, you're in deep trouble, because your enemies will ultimately, and inevitably, get hold of that algorithm.

US-based enterprise software firm JumpCloud says a state-backed hacking group breached its systems almost one month ago as part of a highly targeted attack focused on a limited set of customers.On July 5, JumpCloud discovered "Unusual activity in the commands framework for a small set of customers" while investigating the attack and analyzing logs for signs of malicious activity in collaboration with IR partners and law enforcement.

Conor Brian Fitzpatrick, aka Pompompurin, the owner of the notorious BreachForums hacking forum, has pleaded guilty to hacking and child pornography possession charges. "BreachForums included a 'Marketplace' section that was dedicated to the buying and selling of hacked or stolen data, tools for committing cybercrime, and other illicit material, including a 'Leaks Market' subsection," court documents unsealed on July 13th read. "BreachForums operated as an illegal marketplace where its members could solicit for sale, sell, and purchase and trade hacked or stolen data and other contraband, including stolen access devices, tools for committing cybercrime, breached databases, and other services for gaining unauthorized access to victim systems."

A suspected senior member of a French-speaking hacking crew known as OPERA1ER has been arrested as part of an international law enforcement operation codenamed Nervone, Interpol has announced. "The group is believed to have stolen an estimated USD 11 million - potentially as much as 30 million - in more than 30 attacks across 15 countries in Africa, Asia, and Latin America," the agency said.

Security analysts have discovered a previously undocumented remote access trojan named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. In a more recent report from WithSecure, it was discovered that a North Korean group using a newer variant of DTrack, possibly Andariel, gathered valuable intellectual property for two months.

Microsoft has linked a threat group it tracks as Cadet Blizzard since April 2023 to Russia's Main Directorate of the General Staff of the Armed Forces. The company previously connected this new GRU hacking group with the destructive WhisperGate data-wiping attacks in Ukraine that started on January 13, 2022, more than a month before the Russian invasion of Ukraine in February 2022.

Russian nationals Alexey Bilyuchenko and Aleksandr Verner have been charged with the 2011 hacking of the leading cryptocurrency exchange Mt. Gox and the laundering of around 647,000 bitcoins they stole. The U.S. Department of Justice also charged Bilyuchenko with conspiring with Russian national Alexander Vinnik to run the unlicensed BTC-e Bitcoin trading platform between 2011 and 2017.

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.