Weekly Cyber Reports

This Week in Cyber 31st March 2023

Latest news and views from our Cyber Analysts

Written by

Team Nucleus

Written on

30th March, 2023


U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

The UK National Crime Agency (NCA) has created a network of fake DDoS-for-hire websites to gather data on cyber criminals. Users who register on these fake websites are not given access to cybercrime tools, but rather their data is collected by investigators. The NCA is part of an international joint effort called Operation PowerOFF that aims to dismantle criminal DDoS-for-hire infrastructures worldwide. Booter services, also known as stressers, rent out access to a network of infected devices to launch DDoS attacks against websites. The NCA notes that such services have made it easier for people with low-level cyber skills to commit cyber offences.

3CX Supply Chain Attack

Communications software supplier 3CX has confirmed that multiple versions of their Windows & MacOS 3CX client desktop app have been affected by a supply chain attack. Evidence so far indicates a possible compromise of 3CX’s software build environment which enabled malicious code to be inserted into versions 18.12.407 and 18.12.416 for Windows and 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS. 3CX first identified potential malicious activity on March 22nd, but as none of the antivirus engines on VirusTotal detected anything suspicious it was deemed to be a false positive.

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

OpenAI disclosed that a bug in the Redis open source library caused the exposure of users' personal information and chat titles in its ChatGPT service. The bug enabled certain users to view descriptions of other users' conversations from the chat history sidebar. Additionally, a critical account takeover vulnerability was discovered by security researcher Gal Nagli, allowing attackers to seize control of another user's account and access their sensitive data. OpenAI has since addressed both issues and reached out to affected users.

Alienfox Toolkit Steals Credentials For 18 Cloud Services

Researchers at SentinelLabs have analyzed a toolset called AlienFox which targets common misconfigurations in popular online hosting frameworks such as Laravel, Drupal, Joomla, Magento, Opencart, Prestashop, and WordPress. AlienFox is a modular toolset that includes various custom tools and modified open-source utilities created by different authors, with three identified versions indicating ongoing development by the author. Threat actors use AlienFox to collect lists of misconfigured cloud endpoints from security scanning platforms, and then use data-extraction scripts to search the misconfigured servers for sensitive configuration files containing secrets such as API keys, account credentials, and authentication tokens. The targeted secrets are for cloud-based email platforms such as 1and1, AWS, Bluemail, Exotel, Google Workspace, Mailgun, Mandrill, Nexmo, Office365, OneSignal, Plivo, Sendgrid, Sendinblue, Sparkpostmail, Tokbox, Twilio, Zimbra, and Zoho. The toolkit also includes separate scripts to establish persistence and escalate privileges on vulnerable servers.


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus