Latest Cybersecurity News 2023-06-26 Edition

Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news

Weekly CyberTip: Prepare for the long weekend

As we head into holiday weekends (Canada Day here at home and Independence Day in the United States), remember that threat actors don’t take time off like we do. Be extra vigilant for phishing scams looking to take advantage of staff who may be distracted with month- and quarter-end activities, or getting out the door a bit early to enjoy the long weekend. Hackers know that when people are rushed or extra busy, they are more likely to let their guard down. 

Also, ensure that full cyber monitoring and alerting procedures are in place over the break, as cyber criminals like to focus on holiday periods when IT staff may not be at full complement. One only needs to look back at the Kaseya software compromise over the July 2021 long weekend to recall the confusion and disruption that was caused. Do you know whom to call if a cyber incident or third-party breach is discovered over the long weekend? Make sure your communications channels and contact information are up to date and ready in case of emergency.

ISA Cybersecurity featured in Business View Magazine 

ISA Cybersecurity is featured in the June 2023 edition of Business View Magazine. Through interviews with President & CEO Kevin Dawson and Director of People and Culture, Andrea Bailey, the extensive article talks about the ways ISA Cybersecurity is staying at the forefront of cybersecurity from both a technology and an HR perspective.

Over 100K devices found with stolen ChatGPT credentials  

In a June 20 report, researchers at Singapore-based security firm Group-IB report that they have identified “101,134 stealer-infected devices with saved ChatGPT credentials”. So-called “stealer malware” is designed to silently collect credentials saved in browsers (which can include anything from browsing information to sensitive financial details and system credentials). All of this data is then sent back to the malware operator to be exploited directly, via resale, or through identity theft. 

The number of compromised ChatGPT accounts is of special concern. The use of ChatGPT is becoming more prevalent in the business world, “be it [for] software development or business communications. By default, ChatGPT stores the history of user queries and AI responses. Consequently, unauthorized access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees,” according to the report. 

Users of ChatGPT are encouraged to clear obsolete chats, reset their passwords periodically, and implement two-factor authentication. The chatbot application easily supports 2FA: to implement it, visit the Security tab on the Settings page, then select and confirm a preferred method of verification: SMS, email, or an authenticator app. 

Patch alert: Asus releases urgent appeal to update router firmware 

On June 19, hardware manufacturer Asus issued a security warning to users of 19 of its router products, urging customers to update their devices immediately, or implement network restrictions until they can be patched. The updated version of firmware contains a total of 18 fixes, including patches for nine separate CVEs. The most severe of the vulnerabilities is a critical memory corruption bug that could allow threat actors to launch denial of service attacks, or gain control of the device. 


“[I]f you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, [and] port trigger,” according to the posting entitled “New firmware with accumulate [sic] security updates for GT6/GT-AXE16000/GT-AX11000 PRO/GT-AXE11000/GT-AX6000/GT-AX11000/GS-AX5400/GS-AX3000/XT9/XT8/XT8 V2/RT-AX86U PRO/RT-AX86U/RT-AX86S/RT-AX82U/RT-AX58U/RT-AX3000/TUF-AX6000/TUF-AX5400.” 


Asus has not disclosed whether the flaws have been exploited in the wild. 

Head of Communications Security Establishment interviewed by CBC 

In an interview with CBC’s “The House”, aired on June 24, Communications Security Establishment chief Caroline Xavier says that Canadian individuals, organizations and critical infrastructure all face an increased threat from cybercriminals looking for economic advantage or to punish people for supporting Ukraine. 


Xavier told the CBC that ransomware attacks have become increasingly popular among today’s threat actors, and that everyone has a role to play in fighting back against cyber crime. 


“We talk about phishing and emails that could be coming into your organization and paying close attention to who sent it to you, do you recognize the sender and so on so forth. We tell you that for a reason, because all it takes is one click to be into a whole new game that you weren’t expecting,” said Xavier. “I’d love to say that we’re 100% being listened to, but the reality is we can’t stop saying it and we need to continue to be saying it as frequently as we can because it’s a whole societal piece to be able to have cyber resilience. It can’t just be on the government – we all have to do our part.” 


Xavier also described how her agency is responding to the emerging risk areas presented by artificial intelligence and machine learning. 


Get exclusively curated cyber insights and news in your inbox

Contact Us Today


Get monthly proprietary, curated updates on the latest cyber news.