Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Prepare for the long weekend
ISA Cybersecurity featured in Business View Magazine
ISA Cybersecurity is featured in the June 2023 edition of Business View Magazine. Through interviews with President & CEO Kevin Dawson and Director of People and Culture, Andrea Bailey, the extensive article talks about the ways ISA Cybersecurity is staying at the forefront of cybersecurity from both a technology and an HR perspective.
Over 100K devices found with stolen ChatGPT credentials
In a June 20 report, researchers at Singapore-based security firm Group-IB report that they have identified “101,134 stealer-infected devices with saved ChatGPT credentials”. So-called “stealer malware” is designed to silently collect credentials saved in browsers (which can include anything from browsing information to sensitive financial details and system credentials). All of this data is then sent back to the malware operator to be exploited directly, via resale, or through identity theft.
The number of compromised ChatGPT accounts is of special concern. The use of ChatGPT is becoming more prevalent in the business world, “be it [for] software development or business communications. By default, ChatGPT stores the history of user queries and AI responses. Consequently, unauthorized access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees,” according to the report.
Users of ChatGPT are encouraged to clear obsolete chats, reset their passwords periodically, and implement two-factor authentication. The chatbot application easily supports 2FA: to implement it, visit the Security tab on the Settings page, then select and confirm a preferred method of verification: SMS, email, or an authenticator app.
Patch alert: Asus releases urgent appeal to update router firmware
On June 19, hardware manufacturer Asus issued a security warning to users of 19 of its router products, urging customers to update their devices immediately, or implement network restrictions until they can be patched. The updated version of firmware contains a total of 18 fixes, including patches for nine separate CVEs. The most severe of the vulnerabilities is a critical memory corruption bug that could allow threat actors to launch denial of service attacks, or gain control of the device.
“[I]f you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, [and] port trigger,” according to the posting entitled “New firmware with accumulate [sic] security updates for GT6/GT-AXE16000/GT-AX11000 PRO/GT-AXE11000/GT-AX6000/GT-AX11000/GS-AX5400/GS-AX3000/XT9/XT8/XT8 V2/RT-AX86U PRO/RT-AX86U/RT-AX86S/RT-AX82U/RT-AX58U/RT-AX3000/TUF-AX6000/TUF-AX5400.”
Asus has not disclosed whether the flaws have been exploited in the wild.
Head of Communications Security Establishment interviewed by CBC
In an interview with CBC’s “The House”, aired on June 24, Communications Security Establishment chief Caroline Xavier says that Canadian individuals, organizations and critical infrastructure all face an increased threat from cybercriminals looking for economic advantage or to punish people for supporting Ukraine.
Xavier told the CBC that ransomware attacks have become increasingly popular among today’s threat actors, and that everyone has a role to play in fighting back against cyber crime.
“We talk about phishing and emails that could be coming into your organization and paying close attention to who sent it to you, do you recognize the sender and so on so forth. We tell you that for a reason, because all it takes is one click to be into a whole new game that you weren’t expecting,” said Xavier. “I’d love to say that we’re 100% being listened to, but the reality is we can’t stop saying it and we need to continue to be saying it as frequently as we can because it’s a whole societal piece to be able to have cyber resilience. It can’t just be on the government – we all have to do our part.”
Xavier also described how her agency is responding to the emerging risk areas presented by artificial intelligence and machine learning.