EU becomes AI regulation pioneer. Senate Judiciary Committee considers reauthorization of Section 702. Texas passes data privacy law. Read More
The CyberWire
The all in one place for non-profit security aid.
EU becomes AI regulation pioneer. Senate Judiciary Committee considers reauthorization of Section 702. Texas passes data privacy law. Read More
The CyberWire
Researchers Exploited GOG Galaxy XPC for Privilege Escalation in macOS
A critical privilege escalation vulnerability has been discovered to affect macOS devices, particularly the GOG Galaxy software-installed machines. The CVE for this vulnerability has been assigned as CVE-2023-40713, and the severity rating has been given as 7.8 (High).
GOG Galaxy is a software designed to organize games across different platforms as a single beautiful library. The vulnerability also involves the XPC service and the connection validation of the GOG Galaxy software.
During the GOG Galaxy installation, it creates a new file in the /Library/LaunchDaemons directory with the name com.galaxy.ClientService.plist that results in the creation of Launch Daemon, a background process that runs with high privileges.
Furthermore, the XPC service was also involved with the PLIST file. This XPC service is highly used in macOS devices, allowing helper tools to perform certain tasks for an application.
Most of the applications use this XPC service to call and perform actions on behalf of the service. These applications also verify the client application and allow only specific applications to call exposed methods.
The vulnerability was based on a race condition in which the exploit sends several messages to the XPC service and executes the posix_spawn with the binary that completes the security requirement to replace the malicious binary PID.
Moreover, the time between the message processing and process validation allows the exploit to replace the exploit PID with a real application that validates the connection.
To exploit this vulnerability, a threat actor will need to follow the below steps,
Connect to XPC through forked processes
Replace the Child processes with the legitimate binary
Call the changeFolderPermissionsAtPath method by modifying the permissions of the /etc/pam.d/login file
Replace the login file with one that allows authentication without a password
Finally, Escalate to root by running sudo su.
Security Intelligence has published a complete report about this vulnerability, which provides detailed information, including the exploitation steps, source code, and other information.
The post Researchers Exploited GOG Galaxy XPC for Privilege Escalation in macOS appeared first on Cyber Security News.
Cyber Security News
Google Podcasts service shuts down in the US next week
U.S. users have just a few more days to make the transition from Google Podcasts as the company moves forward with the process of discontinuing the service globally. […] Read More
BleepingComputer
Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears mount over their potential for creating mutating malware, fueling a craze in the cybercriminal underground.
Concerns arise over the dual-use nature of LLMs, with tools like WormGPT raising alarms.
The shutdown of WormGPT adds uncertainty, leaving questions about how threat actors view and use such tools beyond publicly reported incidents.
Document
Protect Your Storage With SafeGuard
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
AI isn’t a hot topic on the forums Sophos researchers examined, with fewer than 100 posts on two forums compared to almost 1,000 posts about cryptocurrencies.
Possible reasons include AI’s perceived infancy and less speculative value for threat actors compared to established technologies.
There’s been a lot of speculation about how threat actors might weaponize AI, given the hype around ChatGPT and other LLMs – especially with developments like WormGPT. But what do the criminals themselves think?
— Sophos X-Ops (@SophosXOps) November 28, 2023
LLM-related forum posts heavily focus on jailbreaks—tricks to bypass self-censorship. The concerning thing is that the jailbreaks are publicly shared on the internet through various platforms.
Despite threat actors’ skills, there’s little evidence of them developing novel jailbreaks.
Many LLM-related posts on Breach Forums involve compromised ChatGPT accounts for sale, reflecting a trend of threat actors seizing opportunities on new platforms.
The target audience and potential actions of buyers remain unclear. Researchers also observed eight other models offered as a service or shared on forums during their research.
Here below, we have mentioned those eight models:-
BlackHatGPT
HackBot
PentesterGPT
PrivateGPT
Exploit forums show AI-related aspirational discussions, while lower-end forums focus on hands-on experiments. Skilled threat actors lean towards future applications, while less skilled actors aim for current use despite limitations.
Besides this, researchers also observed that with the help of AI, a multitude of codes were generated for making the following types of illicit tools:-
RATs
Keyloggers
Infostealers
Some users explore questionable applications for ChatGPT, including social engineering and non-malware development.
Skilled users on Hackforums leverage LLMs for coding tasks, while less skilled ‘script kiddies’ aim for malware generation.
Operational security errors are evident, such as one user on XSS openly discussing a malware distribution campaign using ChatGPT for a celebrity selfie image lure.
Operational security concerns arise among users about using LLMs for cybercrime on platforms like Exploit.
Some users on Breach Forums suggest developing private LLMs for offline use. However, the philosophical discussions on AI’s ethical implications reveal a divide among threat actors.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
The post Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks appeared first on Cyber Security News.
Cyber Security News