Please help us out with a 5 question survey about NoCode Apps

Security Researchers Create “Morris II”: A Test AI Worm that can Steal Data and Send Spam Emails between AI Agents

As generative AI systems like OpenAI’s ChatGPT and Google’s Gemini become more advanced, they are increasingly being put to work. Startups and tech companies are building AI agents and ecosystems on top of the systems that can complete boring chores for you: think automatically making calendar bookings and potentially buying products. But as the tools are given more freedom, it also increases the potential ways they can be attacked.

In a demonstration of the risks of connected, autonomous AI ecosystems, a group of researchers have created one of what they claim are the first generative AI worms—which can spread from one system to another, potentially stealing data or deploying malware in the process. “It basically means that now you have the ability to conduct or to perform a new kind of cyberattack that hasn’t been seen before,” says Ben Nassi, a Cornell Tech researcher behind the research.

Nassi, along with fellow researchers Stav Cohen and Ron Bitton, created the worm, dubbed Morris II, as a nod to the original Morris computer worm that caused chaos across the internet in 1988. In a research paper and website shared exclusively with WIRED, the researchers show how the AI worm can attack a generative AI email assistant to steal data from emails and send spam messages—breaking some security protections in ChatGPT and Gemini in the process.

The research, which was undertaken in test environments and not against a publicly available email assistant, comes as large language models (LLMs) are increasingly becoming multimodal, being able to generate images and video as well as text. While generative AI worms haven’t been spotted in the wild yet, multiple researchers say they are a security risk that startups, developers, and tech companies should be concerned about.

Read: https://www.wired.com/story/here-come-the-ai-worms/

Canadian Financial Intelligence Agency Pulls Corporate Systems Offline due to Cyber Incident

Canada’s financial intelligence agency FINTRAC has announced pulling its corporate systems offline due to a cyber incident that struck over the weekend. In a statement on its website, the agency said: “Over the last 24 hours, FINTRAC has and continues to manage a cyber incident. The incident does not involve the Centre’s intelligence or classified systems.”

The nature of the incident has not been disclosed. The agency said it was “working closely with its federal partners, including the Canadian Centre for Cyber Security, to protect and restore its systems.”

FINTRAC, the Financial Transactions and Reports Analysis Centre of Canada, is the Ottawa-based government body founded to detect and investigate money laundering and similar crimes. The agency is the national authority for suspicious transactions, including those relating to terrorist financing, and a partner to the country’s intelligence and law enforcement agencies.

“As a precautionary measure, FINTRAC has taken its corporate systems offline in order to ensure their integrity and to protect the information that the Centre maintains,” the agency added.

The nature of the incident has not been disclosed, and so it is not possible to infer whether the attack was financially motivated or perpetrated by attackers seeking access to FINTRAC intelligence — although the agency said it “does not involve the Centre’s intelligence or classified systems.”

Read: https://therecord.media/canada-fintrac-cyberattack-systems-offline

Canada’s Justice Minister Defends Controversial Online Harms Bill: House Arrest and Internet Restrictions

Canada finds itself facing criticisms of authoritarianism for seeking to institutionalize and legalize dystopian concepts such as “pre-crime.” Justice Minister and Attorney General Arif Virani is currently defending a peculiar provision within the “online harms” (C-63) bill, that would enable authorities to impose house arrest on individuals based on the “fear” that they might commit a “hate crime” in the future.

Measures also include a requirement for citizens to wear electronic tracking devices – again, this could be in anticipation of such a crime being committed.

Critics deem the bill “awful and unlawful,” but the government aims to fast-track it, while Virani portrays it as a democratic breakthrough. Those who post objectionable content may face home confinement or constant surveillance under the provision, with Virani seeing no problems with these measures.

In Canada, a peace bond is issued when someone is deemed likely to commit a criminal offense but lacks reasonable grounds for conviction. Such a bond could impose restrictions on approaching places like synagogues, mosques, and internet usage. The objective is to deradicalize those who engage in online learning and exhibit real-world violence. C-63 also aims to introduce life sentences for hate crime offenses combined with other crimes.

It is also worth noting here:

• Private member’s Bill 367 (which is framed as a bill to combat anti-semitism – now that it’s practically “hip” to be pro-Hamas these days) would seek to remove religious exemptions from the hate speech provisions of the Canadian Criminal Code, and
• Over in the UK – more than 3,000 people per year are being arrested for their social media posts – contrast to 400 people last year, charged for their social media activity in Russia).

Read: https://reclaimthenet.org/canadas-justice-minister-powers-to-place-people-under-house-arrest-cut-internet-access

So you’re in the latest credential leak – now what?

We’ve written about the Naz-API leak in previous issues – the largest cred dump of its kind ever, over 1 billion unique records – secured through a pervasive network of password stealers installed on infected computers.
Given that affected users are probably sitting on infected computers – we put together a general use-case remediation guide for what to do when you find out your passwords have been leaked – and in what order to do that.

Read: https://easydns.com/blog/2024/03/07/so-youre-in-the-latest-credential-leak-now-what/

Federal Judge Orders NSO Group to Reveal Pegasus Spyware Source Code in WhatsApp Lawsuit

A federal judge in California has ruled that NSO Group, an Israel-based company known for developing powerful surveillance software called Pegasus, share the source code for “all relevant spyware” with Meta’s WhatsApp. The judge’s order, issued in response to WhatsApp’s 2019 lawsuit accusing NSO of spying on 1,400 users, points to allegations that NSO sent specifically crafted data through the internet to targeted devices. Exploiting a vulnerability in WhatsApp’s VoIP stack, this malicious code enabled unauthorized access to victims’ conversations and sensitive information. NSO has been marketing this surveillance service to governments worldwide.

Between January 2018 and May 2019, NSO Group allegedly used WhatsApp to send malicious code to around 1,400 targeted devices, including attorneys, journalists, activists, diplomats, and government officials. NSO Group is facing similar legal claims from Apple and the Knight First Amendment Institute, and its attempts to assert immunity as foreign state clients have been unsuccessful. A federal judge also rejected NSO Group’s request to dismiss Apple’s lawsuit.

Amnesty International’s security lab head, Donncha Ó Cearbhaill, welcomed the court order as a step toward accountability but expressed disappointment over NSO Group’s exemption from revealing the clients responsible for unlawfully targeting WhatsApp users. Ó Cearbhaill emphasized the crucial need for Pegasus targets to identify the purchasers and deployers of the spyware in order to seek proper redress.

Read: https://www.theregister.com/2024/03/01/nso_pegasus_source_code/

US Treasury Department Sanctions Greece-based Spyware Company for Targeting American Journalists and Officials

The Treasury Department announced Tuesday it had sanctioned two people and a Greece-based commercial spyware company headed by a former Israeli military officer. The sanctioned parties had been working to develop, operate and distribute technology used to target U.S. government officials, journalists and policy experts.

The sanctions target Intellexa Consortium, which the U.S. says has sold and distributed commercial spyware and surveillance tools for targeted and mass surveillance campaigns. Other entities associated with Intellexa — including North Macedonia-based Cytrox AD, Hungary-based Cytrox Holdings ZRT and Ireland-based Thalestris Limited — were sanctioned for their parts in developing and distributing a package of tools known as Predator.

Biden administration officials said it marks the first time that the Treasury Department has sanctioned people or entities for the misuse of spyware.

Predator allows a user to infiltrate electronic devices through zero-click attacks that require no user interaction for the spyware to infect the device. The spyware, which has been used in dozens of countries, has allowed for the unauthorized extraction of data, geolocation tracking and access to personal information on compromised devices.

“Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens,” said Brian Nelson, Treasury undersecretary for terrorism and financial intelligence. “The United States remains focused on establishing clear guardrails for the responsible development and use of these technologies while also ensuring the protection of human rights and civil liberties of individuals around the world.”

The Commerce Department last year blacklisted Intellexa and Cytrox, denying them access to U.S. technology.

Amnesty International’s Security Lab in October published a report that said that Predator had been used to target but not necessarily infect devices connected to the president of the European Parliament, Roberta Metsola, and the president of Taiwan, Tsai Ing-Wen, as well as Rep. Michael McCaul, R-Texas, and Sen. John Hoeven, R-N.D.

Read:
https://www.securityweek.com/us-sanctions-spyware-company-and-executives-who-targeted-american-journalists-government-officials/

 Elsewhere Online:

Unveiling the Threat: Group-IB Report Exposes Sale of Over 225,000 Compromised OpenAI ChatGPT Credentials on Underground Market
Read: https://thehackernews.com/2024/03/over-225000-compromised-chatgpt.html

BlackCat Resurfaces, Allegedly Targeting Change Healthcare in Ransomware Attack
Read: https://www.darkreading.com/cyberattacks-data-breaches/blackcat-goes-dark-again-reportedly-rips-off-change-healthcare-ransom

Apple Bolsters iPhone Security: Urgent iOS 17.4 Update Shields Against Zero-Day Threats
Read: https://www.securityweek.com/apple-blunts-zero-day-attacks-with-ios-17-4-update/

Data Exposure Incident: American Express Credit Card Information Breach and Mitigation Strategies
Read: https://www.infosecurity-magazine.com/news/amex-credit-card-data-exposed/

Deceptive PDFs Used by CHAVECLOAK Trojan to Target Brazilian Users
Read: https://www.hackread.com/chavecloak-banking-trojan-brazil-malicious-pdfs

Previously on #AxisOfEasy