Articles of interest from the week of March 4, 2024

Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets

More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show. (The Hacker News)

“Compromised ChatGPT credentials (or any compromised LLM accounts) also offer a reduced cost to criminals. Aside from the potential for information harvesting, it is cheaper to buy stolen accounts than pay retail price, especially in the case of Enterprise Accounts. It is likely that info-stealing malware was more easily loaded onto personal devices used while accessing these services. It would therefore not be surprising to find that this was the primary method of extraction, as these types of devices tend to be used more frequently over public/free wifi, and without robust security monitoring, increasing the opportunity for compromise. There are many ways to utilize Generative AI for profit, and I believe that we will continue to see AI services being targeted for monetary gain. The rushing of Gen AI to the public has introduced a plethora of failures in the ability of Governance, Risk, and even remedial user training to keep up. That most companies may not fully understand the potential impact to their security will be a hot topic of conversation. Where will AI Governance fall? Should it be the responsibility of the CISO, or should AI Governance be the domain of a new role?” – Joseph Jaubert, Tier 3 SOC Analyst at Ingalls Information Security

eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operation

Attackers have compromised more than 8,000 subdomains from well-known brands and institutions to mount a sprawling phishing campaign that sends malicious emails numbering in the millions each day. (Dark Reading)

NIST Adds “Govern” Function to Cybersecurity Framework

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) now includes a sixth function, "Govern," which is poised to offer a fresh set of opportunities for MSSPs and MSPs to provide cybersecurity services help to their end customer companies. (MSSP Alert)

Calendar Meeting Links Used to Spread Mac Malware

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly, a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. (Krebs on Security)

Cloudflare Announces Firewall for AI

Cloudflare is one of the first providers to safeguard LLM models and users in the era of AI. (Cloudflare)

Citrix, Sophos Software Impacted by 2024 Leap Year Bugs

Citrix and Sophos products have been impacted by leap-year flaws, leading to unexpected problems in their products. (BleepingComputer)

New Redis Attack Campaign Weakens Systems Before Deploying Cryptominer

Cloud attackers are stepping up their game in a new cryptojacking campaign that targets exposed Redis deployments, researchers warn. Compared to previous attacks against the in-memory data store, the perpetrators make use of certain system weakening commands before installing their cryptocurrency mining malware. (CSO)

FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. (The Hacker News)

American Express Credit Cards Exposed in Third-Party Data Breach

American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. (BleepingComputer)