Cyber Security Headlines: Havok framework, Carbon Black flaw, ransomware attack time

Threat actors cry Havoc, let slip a new post-exploitation framework

Use of legitimate red team software by threat actors isn’t anything new. Colbalt Strike remains the de rigueur framework for many threat groups. But Zscaler recently released a report showing the rise in the open source framework Havok. The company found it included advanced evasion capabilities, able to get around most versions of Windows 11 defender. It installs Hack Demon agents similar to Beacons in Colbalt Strike to achieve persistence and deliver further payloads. Zscaler saw the framework in action in a January 2023 attack on a government organization

(Hacker News)

VMware warns of critical Carbon Black flaw

The company released a critical security upgrade to several versions of its Carbon Black App Control for Windows. This suite helps organizations operate endpoints only running trusted software. However security analyst Jari Jääskelä discovered a critical injection vulnerability that could allow for accessing the underlying server OS. The exploit does require privileged access to the App Control administration console. VMware did not offer other mitigations or workarounds. It’s not clear if the flaw is under active exploitation. 

(Bleeping Computer)

Ransomware attack time shrinking rapidly

IBM released its X-Force Threat Intelligence Index. The report found that the time to orchestrate a ransomware attack shrank rapidly in recent years. In 2019 the average ransomware deployment time sat at over 60 days. In 2020 that fell to 9.5 days, further falling to just 3.85 days in 2021. The report also found that ransomware represented 17% of all attack in 2022, while business email compromise represented 6% of attacks. Even when not using ransomware, IBM commonly saw extortion attempts across all attack types, seen in 27% of all attacks. This saw significant regional variability, with Europe seeing extortion attempted in 44% of attacks. 


China warns local firms against ChatGPT

It seems like every day, we hear stories of firms trying to find a way to wedge something ChatGPT-related into their products. Well we’ve now got one place where that isn’t going to happen. Nikkei Asia’s sources say Chinese regulators informed several domestic tech giants, including Tencent and Ant Group, to not offer public access to ChatGPT services, either on their own platforms or those from third-parties.Of course, plenty of Chinese firms began work on generative AI chatbots, with Baidu planning to start launching integrations with its Ernie Bot in March. But launching any ChatGPT-like service would also reportedly require approval from regulators. 

(Nikkei Asia)

And now a word from our sponsor, Barricade Cyber Solutions

Have you fallen victim to a ransomware attack? Don’t worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit

Researchers ID users based on VR movement

When we think of privacy concerns with virtual reality headsets, we might think of the bevy of cameras on these devices. Or maybe about how VR platform operators will use that data, but researchers  t the University of California Berkeley discovered that just simple motion tracking can be used to identify individuals. This looked at 2.5 million anonymized VR data recordings from over 50,000 Beat Saber players. The researchers found individuals could be identified with 94% accuracy using 100 seconds of motion data, with half of all users identified with only 2 seconds of data. This identification only used three data points for tracking motion. Given that headsets also track many other movements and even eye tracking, this telemetry data likely could further refine the accuracy of identification. 

(Venture Beat)

Faked Russian air strike warnings blamed on hackers

This week commercial radio stations in Russia broadcast warnings, purportedly for air and missile strikes. Russia’s largest media company, Gazprom-Media said an “attack on the instrastructure of a satellite operator” allowed the messages to hit several radio stations. The country’s Ministry of Emergency Situations said this came as a result of a “hacker attack.” Its not clear who to blame for the incidents, but Ukranian actors took credit for a DDoS this week that disrupted websites broadcasting a speech by Russian President Vladimir Putin. 

(The Record)

Employees learn of Activision breach from researchers

Back on December 4th, threat actors used a phishing attack against an Activision employee to gain access to internal employee and game data. TechCrunch’s sources say the company did not inform employees about the breach, even those impacted by the data loss. Instead a screenshot of the stolen data from the research group vx-underground revealed the stolen data. An Activision spokesperson said it “swiftly” responded to the attack, determining that “no sensitive employee data, game code, or player data was accessed.” The spokesperson further said “there are no requirements for a company to notify when there is no evidence of sensitive data access.”


Microsoft starts lifting Bing restrictions

It’s a tale as old as time. Company introduces AI chatbot, people discover they can make it get weird, leading to the company putting limits on user inputs. Within days of limiting the use of its new Bing chatbot, Microsoft started loosening the reigns. It previously limited users to 5 turns of questions per chat session, and no more than 50 sessions a day with Bing. That’s now expanding to 6 turns per session and 60 sessions a day, with Microsoft expecting that limit to hit 100 “soon.” The company will also start testing letting users specify a “tone” for Bing response, with options for precise, creative, or balanced. 


Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.