Cyber Security Weekly Recap (13-19 March)

Cyber Security Weekly Recap 13 19.03 1024x640

A bogus ChatGPT Chrome extension is taking over Facebook accounts to spread dangerous ads.

Security researchers have spotted a false ChatGPT-branded Chrome browser extension that has the ability to hijack Facebook accounts and create rogue admin accounts. This is one of the newest tactics cybercriminals are using to propagate malware.

According to Guardio Labs technical analysis, with the help of this method, a threat actor can compromise prominent corporate accounts, build an “elite army of Facebook bots” and exploit its victims to promote sponsored advertisements on Facebook at their expense.

After reportedly receiving 2,000 daily installations since March 3, 2023, Google removed the “Quick access to Chat GPT” extension from the Chrome Web Store on March 9, 2023.

The browser extension is advertised through Facebook-sponsored posts. It lets users connect to the ChatGPT service, but it is also designed to steal their cookies and other account information while they are logged into Facebook.

Since the AI tool went viral, there have been a number of malicious ChatGPT apps found in the Google Play Store and other third-party Android app stores. These apps try to install malware on users’ devices.

A vulnerability in Fortinet’s FortiOS has been used in targeted cyberattacks against government agencies.

An unidentified threat actor has been attacking government agencies and other major enterprises by exploiting a vulnerability in Fortinet FortiOS.

Researchers from Fortinet stated in an advisory that the complexity of the attack indicates that this is the work of an advanced actor who is particularly focused on governmental or government-related targets.

The flaw in question is tracked as CVE-2022-41328 and is a medium security path traversal weakness in FortiOS that might lead to arbitrary code execution.

The affected FortiOS versions include 6.0, 6.2, 6.4.0 through 6.4.11, 7.0.0 through 7.0.9, and 7.2.0 through 7.2.3. The flaw has been addressed in versions 6.4.12, 7.0.10, and 7.2.4.

According to Fortinet, there is evidence that government or government-affiliated malicious actors  were behind the highly targeted attack.

Hacker groups use a three-year-old flaw to break into a U.S. federal agency.

An unnamed U.S. federal agency has been breached by multiple threat actors, including a nation-state organization, through a significant security hole in Progress Telerik that had existed for three years.

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MiState) released a joint advisory with the information at hand (MS-ISAC).

They alleged that hackers were able to exploit a Microsoft Internet Information Services (IIS) web server vulnerability and run code remotely on a federal civilian executive branch (FCEB) agency’s network. The IoCs connected to the cyberattack were discovered between November 2022 and early January 2023.

This vulnerability, identified as CVE-2019-18935 (CVSS score: 9.8), is a.NET deserialization flaw in Progress Telerik UI for ASP.NET AJAX, and it might result in remote code execution if it isn’t fixed. It is important to note that CVE-2019-18935 was among the most exploited vulnerabilities by various threat actors in 2020 and 2021.

Organizations may protect themselves from possible attacks by using phishing-resistant multi-factor authentication for accounts with elevated privileges, segmenting their networks, and upgrading to the most recent version of Telerik UI ASP.NET AJAX.

Google finds 18 critical security flaws in Samsung Exynos Chips

Google has brought to light many critical security vulnerabilities in Samsung’s Exynos semiconductors, some of which may be exploited remotely to entirely corrupt a phone without any intervention from the user.

Several different Android phones from Samsung, Vivo, and Google, as well as wearables and cars using Exynos W920 and Exynos Auto T5123 chipsets, are vulnerable to the 18 zero-day vulnerabilities. Four of the flaws on the list are of high severity since they allow an attacker to get access to the internet and take control of the affected devices.

The other 14 vulnerabilities are reportedly less serious since they require a malicious insider on the mobile network or local access to the device. The Pixel 6 and 7 have already received a fix as part of the March 2023 security upgrades. Patch availability for other devices is expected to be released in accordance with the manufacturer’s schedule.

To “eliminate the exploitation risk of these vulnerabilities,” users are encouraged to disable Wi-Fi calling and Voice over LTE (VoLTE) in their devices’ settings until further notice.

Microsoft has issued a warning about the widespread distribution of phishing emails.

An open-source adversary-in-the-middle (AiTM) phishing kit has gained popularity among cybercriminals, according to new research. Microsoft’s Threat Intelligence team is keeping tabs on the threat actor responsible for the development of the kit under the name DEV-1101.

Generally, during an AiTM phishing attack, a proxy server is placed between the user and the website in question in an attempt to capture and intercept the user’s password and session cookies.

What makes these attacks more potent is their ability to bypass MFA protections, such as time-based one-time passwords,

According to the IT giant, DEV-1101 is a threat actor that is responsible for many phishing kits that other criminal actors may buy or rent to conduct their own phishing campaigns with minimal investment of time and money.

Microsoft stated in a technical analysis that the availability of phishing kits for purchase by attackers is part of the industrialization of the cybercriminal economy and reduces the barrier to entry for cybercrime.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment