Cyber Security Headlines: Musk wants to develop TruthGPT, Southwest disrupted by ‘technical issue’, Officials warn hackers targeting Cisco routers

Elon Musk wants to develop TruthGPT

On Tuesday, Elon Musk said in an interview with Fox News that he wants to develop his own chatbot called TruthGPT, which Musk states will be “a maximum truth-seeking AI.” Musk added that this new AI would be, “unlikely to annihilate humans because we are an interesting part of the universe.” While Musk played a pivotal role in setting up OpenAI, Musk characterized the tool’s politically correct training models as, “another way of being untruthful.” He previously criticized OpenAI for becoming “closed sourced” and “effectively controlled by Microsoft.”

(TechCrunch)

Southwest’s operations resume after a ‘technical issue’

The US Federal Aviation Administration (FAA) said on Twitter that it paused Southwest’s departures at the carrier’s request due to a “technical issue” early Tuesday morning. The airline says the data connection issues were caused by a vendor-supplied firewall failure. Support staff quickly resolved the issue and operations were restored within about 40 minutes. FlightAware indicates that nearly 2,500 Southwest flights were delayed. 

(TechCrunch and The Verge)

US, UK warn of govt hackers targeting Cisco routers

On Tuesday, CISA, the NSA, the FBI and UK’s National Cyber Security Centre (NCSC) warned that Russian state-sponsored APT28 hackers are deploying custom malware named ‘Jaguar Tooth’ on Cisco IOS routers. APT28, also known as Fancy Bear, is a hacking group linked to Russia’s General Staff Main Intelligence Directorate (GRU). APT28 are exploiting an old SNMP flaw on Cisco IOS routers (CVE-2017-6742) to deploy Jaguar Tooth into memory and gain unauthenticated access and then exfiltrate device info over TFTP. Cisco admins should upgrade their routers to the latest firmware to mitigate these attacks. 

(Bleeping Computer)

RedLine malware operations disrupted by GitHub repository takedown 

Dating at least back to 2020, RedLine stealer is written in .NET and targets system and browser info, login credentials, credit card data, and crypto wallets. Researchers from ESET and Flare, have discovered that RedLine’s control panels use four specific GitHub repositories as dead-drop resolvers. The resolvers help to route infected victims to attacker command-and-control (C2) servers. The researchers alerted GitHub who then suspended the repositories, thus breaking panel authentication and disrupting RedLine stealer’s operations. So far, the researchers have not observed Reline falling back to any other channels.

(SecurityWeek)

And now a word from our sponsor, Pentera

This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface. 

Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. 
To learn more, visit Pentera.io

Europe spins up AI hub to hold Big Tech accountable

On Tuesday, the European Centre for Algorithmic Transparency (ECAT) was officially inaugurated in Seville, Spain. ECAT is expected to play a major role in interrogating the algorithms of mainstream digital services such as Facebook, Instagram and TikTok for compliance with the EU’s Digital Services Act (DSA). ECAT officials say they plan to leverage an AI-based recommender system to identify DSA infractions such as discriminatory or biased output and promote algorithmic transparency. The full sweep of provisions in the DSA won’t start being enforced until early 2024. 

(TechCrunch)

Stealthy malware loader distributed via AI-generated YouTube videos

The Aurora infostealer is a malware-as-a-service platform written in Go and sold on Russian-language cybercrime forums. Cyber criminals have been spotted leveraging a new loader executable called p3in4er to propagate Aurora infections by embedding the stealer into the descriptions for AI-generated videos which they post to hacked Youtube channels. The loader uses anti-virtual-machine (VM) and unusual compilation techniques to avoid detection. The savvy crooks are even using search engine optimization (SEO) techniques to help the rogue videos reach a wider audience. 

(CSO Online)

NSO Group credited with 3 more iOS zero-click exploits

Researchers from Citizen Lab have newly discovered three iOS 15 and iOS 16 zero-click exploit chains used by NSO Group against human rights activists globally in 2022. The researchers reported that NSO Group was hired to deploy its Pegasus spyware in Mexico via exploit chains known as PWNYOURHOME, FINDMYPWN, and LATENTIMAGE. Apple has since issued a HomeKit security update in iOS.16.3.1 and the researchers recommend that high-risk users use the iOS 16 feature known as “Lockdown Mode.” 

(Dark Reading)

Car thieves using tech hidden inside old Nokia phones

Earlier this month two cyber professionals showed how they were able to purchase and reverse engineer a device used to steal one of their very own vehicles last year. The rogue device leverages controller area network (CAN) injection, which sends fake messages appearing to come from the car’s smart key receiver. The problem is that vehicles trust these messages without verifying them. The devices can start the engines of numerous car brands including Toyotas, Jeeps and even Maseratis in only about 15 seconds. The curious part about the rogue device is that it’s hidden inside an old-school Nokia 3310. The devices are sold at high prices despite only being comprised of about $10 worth of parts. Some sites selling the devices are offering device updates which suggests that development of new capabilities is ongoing.

(VICE)

Sean Kelly
Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.