Articles of interest from the week of February 27, 2023

Users Looking for ChatGPT Apps Get Malware Instead

The massive popularity of OpenAI’s chatbot ChatGPT has not gone unnoticed by cybercriminals: they are exploiting the public’s eagerness to experiment with it to trick users into downloading Windows and Android malware and visiting phishing pages. (Help Net Security)

“Like any “Next Big Thing,” ChatGPT can count among its ardent admirers a number of con-artists and criminals who are unabashedly attempting to make money by association with it. The best defense against these types of attacks is to not let oneself get swept up in the moment and make impulse purchases, but to thoughtfully evaluate the technology and “try before you buy” anything that claims to be related to generative AI. ChatGPT is free to use right now, and I encourage anyone who is interested to experiment with it, so you know what it truly is and not what people may be trying to make you believe.” – Jason Ingalls, Founder & CEO at Ingalls Information Security

GoDaddy Source Code Stolen as Part of a Multiyear Campaign

GoDaddy’s source code was stolen and systems were infected with malware by an unknown threat actor in a breach of the web hosting company linked to a multiyear campaign.

The company, responding to customer complaints about intermittent site redirects starting in early December 2022, discovered unauthorized access to its cPanel shared hosting servers. (Cybersecurity Dive)

Pepsi Bottling Ventures Suffers Data Breach

Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of employees, including financial account information, state and federal government-issued ID numbers, driver’s license numbers, ID cards, social security numbers, and digital signatures. (CSO)

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

The PlugX remote access trojan has been observed masquerading as an open-source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system.

"This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers said in a report published last week. (The Hacker News)

US Warns of Cyberattacks by Russia on Anniversary of Ukraine War

The US Cybersecurity and Infrastructure Security Agency has issued an advisory urging organizations to increase cybersecurity vigilance today, the anniversary of Russia’s invasion of Ukraine, in the wake of a cyberattack against several Ukrainian government websites.

"The United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord," the CISA advisory said. (CSO)

CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping

CISA released Decider, a free tool to help the cybersecurity community map threat actor behavior to the MITRE ATT&CK framework. Created in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI) and MITRE, Decider helps make mapping quick and accurate through guided questions, a powerful search and filter function, and a cart functionality that lets users export results to commonly used formats. (CISA)