Cyber Security Today, April 8, 2024 – Crooks are hijacking Facebook pages to spread phoney AI applications
Crooks are hijacking Facebook pages to spread phoney AI applications.
Welcome to Cyber Security Today. It’s Monday April, 8th, 2024. I’m Howard Solomon with a roundup of the latest cybersecurity news.
Cybercrooks are taking over poorly-protected Facebook profiles to spread links to fake artificial intelligence applications. That’s according to researchers at Bitdefender. They say the hijacked Facebook pages are designed to trick victims into downloading what they think are official desktop versions of AI software including ChatGPT, Midjourney, Sora AI, DALL-E, Evoto and others. What the downloaded apps really do is steal information from victims’ computers, including usernames, passwords, credit card numbers and crypto wallet information. One Facebook page impersonating Midjourney had 1.2 million followers until it was shut last month. Two lessons from this: People need to enforce the security of their social media pages with strong passwords and multifactor authentication to ensure they aren’t taken over and abused by crooks. Also, organizations need to remind all employees they are forbidden to download applications from unapproved places like social media sites to any computer they have that’s allowed to connect to the company network.
Cisco Systems has tweaked the update it released last month to close a vulnerability in its IOS software for Catalyst 6000 series switches. The vulnerability is rated High.
Cisco also says there’s a vulnerability in the web-based management interface of six models of its RV series of Small Business Routers. Cisco says the hole could allow the devices to be compromised. Network administrators should disable remote management on two of the models. For the four other models certain ports should also be blocked. Note that software updates won’t be released to fix the vulnerability. Four of the routers are end-of-life and shouldn’t be on a network at all.
Threat actors have found a new way to compromise Adobe Magento e-commerce servers. Researchers at Sansec say if an attacker can get into the server it installs code that adds a backdoor which is re-injected after a manual fix or setup. It takes advantage of a vulnerability discovered in February. The goal is to insert a fake Stripe payment skimmer to steal credit and debit card information. Magento administrators should search for hidden backdoors, make sure their systems have the latest patches or are running the latest versions.
An American firm that provides economic experts to law firms doing litigation has increased the number of people it’s notifying about a data breach. In a filing with the Maine attorney general’s office Greylock McKinnon Associates now says it’s notifying over 341,000 people their data was stolen last year. It’s original estimate of victims was about 5,400 people. The information, including Social Security numbers, came from the U.S. Justice Department as part of a civil lawsuit. It was stolen in a cyber attack discovered last May.
Pacific Guardian Life Insurance is notifying just over 167,000 Americans of a data breach. In a notice to the Maine attorney general’s office it says the cause was phishing, but gives no other details of the incident. The theft was discovered last September. Among the data stolen were names and credit or debit card numbers ans associated passwords or PIN numbers.
A Pennsylvania IT school is notifying almost 31,000 people of a data breach. The York County School of Technology says the data was stolen in a cyber attack just over 12 months ago. Data stolen included names well as Social Security, drivers’ licence and State ID numbers.
A threat actor has launched a phishing campaign to steal information from the American energy sector. According to researchers at Cofense, the scheme involves targeted emails allegedly from the Federal Bureau of Transportation and sent to people claiming their vehicle had been in an accident or seen leaving an accident. It alleges they are at risk of being fined. The subject line of the message may include the word ‘Urgent.’ The possibility of a fine, of course, would attract the attention of the reader, who would out of an abundance of caution want to open the attached document — which links to malware. This is a variation of similar scams that have been going on for years and prey on the fears of people of being hurt if they don’t open a document. As always, you’ve got to examine who any message with an attachment come from, and signs of a scam like incorrect grammar. The fact is government agencies don’t send email messages like this. For one thing, how do they know your email address?
Finally, as I told listeners last week, Ivanti has promised to overhaul its product security management practices after the disclosure of more vulnerabilities in its Connect Secure and Policy Secure gateways. John Pescatore of the SANS Institute, which offers cybersecurity training courses, has a suggestion: Any company that makes a security-related product should have to show to the public measurable progress in its security culture, such as third party testing of all products. The penalty: No security product company would be allowed to use the terms AI or machine learning in their marketing and advertising unless they go at least 12 months without a vulnerability that has a CVSS score above 7.
Links to details about news mentioned in this podcast episode are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.