Plus: North Korean hackers are using a Chrome flaw to breach targets' emails
Part of Network | |
Presented by |
Hackers are breaching Facebook users through a fake ChatGPT Chrome extension. The campaign has been active at least since March 14, 2022. More: - The false Chrome extension is reaching victims by appearing in Google Search results whenever users type Chat GPT 4.
- The threat actors have been paying for advertising in order to rank higher on the Google Search result page.
- Once the users click on the sponsored search result, they are directed to a fake Chrome extension landing page.
- After the victim installs the extension, they gain access to ChatGPT in their search results, leading them to not suspect that what they downloaded may contain malicious files.
- So far, the extension has been downloaded over 1,000 times per day.
- The false extension was published on Feb. 14, 2023.
Zoom Out: - This new variant is considered part of the same campaign that was tracked last month.
| |
Researchers have tracked a phishing campaign that is falsely promising to loan $36M to businesses. The target was able to thwart the threat using AI software. More: - The threat actor is using Business Email Compromise as a vector.
- This campaign targeted an escrow officer at an insurance company by cc'ing the presumed client and sending seemingly legitimate invoices.
- It is likely that hackers specifically targeted this client because of their activity in commercial real estate, an industry where clients often send large sums through different channels.
- The targeted organization was able to detect the threat by using software to spot the following tells:
- Hackers had written "Reference: Name" instead of "Reference Name,"
- The sender's email and the cc'd domains were registered less than a week before the email was sent,
- Irregular language patterns, etc.
Zoom Out: - Business email compromise has consistently ranked as one of the most used threat vectors by hackers due to the large sums of money involved in these hacking campaigns.
- Hackers earned at least $2.7B from BEC attacks in 2022. This figure may be significantly larger because many cyberattacks are not reported to law authorities.
| |
A message from REGUS GLOBAL Work better. Save bigger. 25% off*. This March, we’ve reduced the price of selected workspaces* for a limited time only. So now you can enjoy more for less. Running a business is complicated enough. Our private office space includes all you need to get up and run immediately for one simple monthly cost. With everything from ergonomic furniture to business-grade amenities, plus the use of our break-out areas and worldwide business lounge network. - A wide choice of different sizes, layouts and configurations
- Our support teams are here to take care of you during the day
- We look after your space by keeping it clean and secure
- Tech essentials such as WiFi and printer access included
*T&Cs apply; participating locations only Enquire Now | |
The infamous hacker forum BreachForums has been shut down after its administrator was arrested earlier this week. The decision was announced on Telegram by a forum member and administrator. More: - A BreachForums admin named baphomet stated that the decision would likely be temporary.
- The administrator continued by saying that they intend to bring BreachForums back online soon, but at the moment, keeping the forum active is too risky.
- Earlier this week, Conor Brian Fitzpatrick was arrested after an FBI investigation and charged with conspiracy to commit access device fraud.
- He is set to appear in a federal court session on Friday.
- The FBI stated that Fitzpatrick confirmed being the owner and administrator of BreachForums.
| |
North Korean hackers are using a Chrome flaw to breach their targets' email accounts. Kimsuky is believed to be the threat actor behind the campaign. More: - Kimsuky, also tracked as Thallium and Velvet Chollima, is a North Korean threat group that uses spear phishing to conduct cyber espionage.
- The group has previously targeted:
- diplomats,
- politicians,
- journalists,
- government agencies,
- university professors, etc.
- The group previously targeted individuals and organizations in South Korea, while now it is also targeting entities in the U.S. and Europe.
- The group's attack sequence begins with a phishing email that leads the victim to install a browser extension.
- The extension can be downloaded in Chrome, Microsoft Edge, and Brave.
- The extension is named AF and can only be seen in the extensions list if the user specifically searches for the extension using a command in the browser's address bar.
- Once the victim visits Gmail through the infected browser, the extension steals the victim's email content and credentials.
| |
A message from FORTE GROUP ChatGPT, "when it comes to whether 'ilities' should be prioritized in software engineering, who is right, the CTO or the CEO?" To learn the answer firsthand, join Forte Group on March 30th, 2023, for a virtual panel discussion, "The balance between business expectations and CTOs' software sustainability needs." A panel on how CTOs balance and prioritize non-functional requirements into their roadmap. We have lined up seasoned professionals in the room who drive the evolution from agile, excellent cloud migration, and test-driven-development to become what we refer to as modern engineering. Our expert panel, composed of experienced CTOs and business leaders and our special guest ChatGPT, will share their thoughts on 7 "ilities" that continue to be the source of conversation within engineering circles: - Usability
- Maintainability
- Scalability
- Availability
- Extensibility
- Security
- Portability
Take the opportunity to learn from experts in the field and gain valuable insights into the latest engineering trends! Register Now | |
Oleria has raised an $8M funding round to create new ways of using Multi-Factor Authentication. Salesforce Ventures led the funding round. More: - According to the company, the current MFA methods that are used are not user-friendly.
- The company uses a concept called adaptive authentication.
- Adaptive authentication creates a profile for each user in a network. Every time a user tries to authenticate, the request is evaluated and assigned a risk score. Depending on that score, they are either required to provide additional credentials or allowed to use fewer credentials.
- Oleria aims to keep its client's digital assets secure through continuous access reviews and remediation.
- Tapestry VC also participated in the funding round.
- The company intends to use the funds to accelerate growth and expand operations.
- This is the company's first major funding round.
| |
Quick Hits: - Unleash Google Cloud's full potential! Learn with step-by-step recipes in the GCP Cookbook. Download your copy now.*
- Organizations in Ukraine have been attacked by hackers using malware named CommonMagic.
- ROver hackers have cyber-attacked the lower house of Italy's parliament, among other institutions.
- More than 2,400 false job advertising pages have been tracked targeting Arabic speakers in only 12 months.
- CISA released eight Industrial Control Systems advisories on Tuesday.
- Wind River Learning Subscription: Get an in-depth embedded software education for $3,600.*
*This is sponsored content. | |
Upcoming events at Inside: - March 23 - Inside Marketing Coffee Break w/ Aditya Vempaty (Register Here)
- March 27 - Inside Interview with Zscaler - Zero Trust Defense Strategies to Take Your Security to the Next Level (Watch On Demand)
- March 28 - Inside Startups Coffee Break (Register Here)
- March 30 - A panel on how CTOs balance and prioritize NFRs into their roadmaps (Register Here) *
- April 18 - Human Resources Summit'23 (Register Here)
*This is sponsored content. | |
| | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
|
|
767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2023 Inside.com | |
|