The Top Cybersecurity News Stories This Month: May 2023
News on vulnerabilities from top manufacturers like Samsung, Apple and other Android devices, a Discord data breach and Meta takes down a ChatGPT related malware campaign. The month of May had no shortage of cybersecurity headlines.
Here are the top 5 cybersecurity stories that emerged this month:
1. Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts
Source: The Hacker News
Bad actors have jumped on the Chat GPT hype train to steal users' Facebook account credentials with an aim to run unauthorized ads from hijacked business accounts.
Facebook parent company Meta said it took steps to take down over 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families.
The attack chains are primarily engineered to target the personal accounts of users who manage or are connected to business pages and advertising accounts on Facebook.
2. Apple Patches 3 Zero-Days Possibly Already Exploited
Source: Dark Reading
Three zero-day vulnerabilities were found in Apple's WebKit browser platform and affect "iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Apple said it's aware that the bugs may have already been actively exploited by threat actors but did not elaborate on any of these attacks.
Of the three vulnerabilities reported (CVE-2023-28204) entails processing Web content that may disclose sensitive information.
3. Warning: Samsung Devices Under Attack! New Security Flaw Exposed
Sources: The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency has warned of active exploitation of a medium-severity flaw affecting select Samsung devices running Android versions 11, 12, and 13.
Samsung described the issue as an information disclosure flaw that could be exploited by a privileged attacker to bypass address space layout randomization protections.
Other details about how the flaw is being exploited are currently not known, but vulnerabilities in Samsung phones have been weaponized by commercial spyware vendors in the past to deploy malicious software.
4. Guerrilla malware is preinfected on 8.9 million Android devices, Trend Micro says
Source: CSO Online
Lemon Group, a renowned cybercrime gang, has managed to pre-install a Guerilla malware on about 8.9 million Android-based smartphones, watches, TVs, and TV boxes. The Guerilla malware can load additional payloads, intercept one-time passwords from SMS texts, set up a reverse proxy from the infected device, and infiltrate WhatsApp sessions. Infected devices were shipped globally including to the USA, Mexico, Indonesia, Thailand, Russia, South Africa, India, Angola, Philippines, and Argentina.
The main plugin for the Guerrilla malware loads additional plugins, an SMS Plugin, a Proxy Plugin and a Cookie Plugin. It also hijacks WhatsApp sessions to disseminate unwanted messages from the compromised device.
5. Discord Suffers Data Breach Through Compromised Third Party
Source: IT Security Guru
Discord, a popular social media network, notified users it has suffered a data breach. The breach occurred after a support agent’s account at a third party became compromised.
The agent’s support queue was then accessed, exposing user email addresses, support messages and attachments sent via the ticket system. Discord acted swiftly to deactivate the compromised account and undertook security checks on the agent’s machine, including malware scans.
Additional measures have been put in place to avoid this incident going forward and users were contacted warning them to remain vigilant of any unusual activity regarding accounts including phishing or fraud attempts.
For all the the latest cybersecurity news download our free mobile app, Onyxia: Cybersecurity Intel, available on iOS and Google Play stores.
