Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
The recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since at least October 2022.
Hackers Released Updated Version of Black Hat AI Tool WormGPT V2
With advancing tech, concerns rise over the misuse of large language models like ChatGPT. Recently, an LLM model called “WormGPT” surfaced on underground forums, which is significantly escalating the worries.
Threat actors with ChatGPT-like tools could pose major cybersecurity and safety risks. Highlights the need for vigilant AI development to prevent misuse.
The creators of WormGPT have just unveiled the second version of their revolutionary software, WormGPT V2. This latest release comes packed with an array of impressive new features and enhanced capabilities, building on the success of WormGPT V1.
WormGPT
The underground community’s interest in LLMs may lead to malicious variants. An unknown developer crafted WormGPT, an analog of ChatGPT for cybercriminals.
So, WormGPT is an infamous AI module system that gives the threat actors abilities to launch automated attacks like phishing, posing risks.
Besides this, the developers of this malicious generative AI module system are anonymous and sell access to this module in several underground forums.
Key features of WormGPT:-
Unlimited character support
Chat memory retention
Code formatting
The AI developers claim WormGPT’s versatility for malware, BEC phishing, and hacking, with no user logs and crypto-only payments. Apart from this, the new upgrades even allow code import as well.
Protect your Business Email from threats like tracking, blocking, modifying, phishing, account takeover, business email compromise, malware, and ransomware with Trustifi’s AI-powered email security solution.
Other discovered malicious AI chatbots
Here below we have mentioned all the malicious chatbots that have been discovered yet:-
The new version of WormGPT is also a generative AI module that uses the GPT-J LLM. But, unlike the WormGPT V1, this new version, WormGPT V2, features several new features.
WormGPT V2, an alternative to ChatGPT, is announced
Chinese Hackers Attacking U.S. Critical Infrastructure Since 2023
[[{“value”:”
VOLTZITE, a designated threat group, has been discovered by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which overlaps with the Volt Typhoon threat group.
This particular threat actor has been targeting since early 2023 and specifically targets emergency management services, telecommunications, satellite services, and the defense industrial base.
Moreover, this particular threat group also uses Living off the Land (LOTL) techniques and native tools available on compromised assets. Additionally, VOLTZITE also performs slow and steady reconnaissance to evade detections for a long time.
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks
.
Technical Analysis
According to the reports shared with Cyber Security News, VOLTZITE deploys various web shells and FRP for Command and control communications.
The threat actor utilizes stolen credentials and compromises SOHO (Small Office and Home Office) networking equipment to facilitate lateral movement.
Their activity has been observed since early 2023, but there are speculations that the threat group existed since 2021. As of Early 2023, the threat group was discovered to be related to an incident that involved the US Territory of Guam compromise.
Other notable activities were in June 2023 (United States emergency management organization) and January 2024 (US telecommunication provider’s external network gateways and a large US city’s emergency services GIS network).
In December 2023, the VOLTZITE was discovered to be involved in exploiting ICS VPN zero-day vulnerabilities alongside the other threat group UTA0178. Some of the applications the threat group exploited are as follows
Fortinet Fortiguard
PRTG Network Monitor Appliances
ManageEngine ADSelfService Plus
FatePipe WARP
Ivanti Connect Secure VPN
Cisco ASA
As for the LOTL techniques, the threat group uses several Windows tools which are
Certutil
dnscmd
Ldifde
Makecab
net user/group/use
netsh
nltest
ntdsutil
PowerShell
reg query/save
systeminfo
tasklist
wevtutil
wmic
xcopy
Dragos has published a complete report providing detailed information about this threat group, exfiltration methods, Lateral movement, and others.
Microsoft Exchange Online hit by new outage blocking emails
Microsoft is investigating an ongoing Exchange Online outage preventing customers from sending emails and triggering 503 errors on affected systems. […] Read More