VPN blocks, OpenAI election tools, Calvia ransomware attack | #ransomware | #cybercrime

Turkey blocks some VPNs

The Financial Times’ sources say the country’s Information Technologies and Communications Authority ordered ISPs to block access to 16 popular VPN services. This comes ahead of the national elections in Turkey in March. The Financial Times found many of the websites for these services already blocked, with service on the connected VPNs severely degraded. As civil rights organizations noted, VPNs remain legal to use in the country. 

(Financial Times)

OpenAI publishes election guidance

The AI giant announced some steps it’s taking to prevent people using its models to spread election misinformation. This includes controls in custom GPTs that prevent them from acting as real people or institutions and don’t deter people from the democratic process. ChatGPT will also direct uses to election resource links directly when asked and have access to real-time election information with supporting links. For DALL-E image generation, OpenAI will implement digital cryptographic credentials from the Coalition for Content Provenance and Authenticity to images. This will come “early this year.” The company also said it will keep monitoring how people use its tools and make adjustments as needed in the election season. 


Spanish municipality faces stiff ransomware demand

The mayor of the Spanish municipality of Calvia announced that he and the city council decided not to pay €10 million after getting hit with a ransomware attack on January 13th. It’s unclear what group orchestrated the attack, but it significantly impacted city IT services. This resulted in the city suspending all administrative deadlines until the end of January. The city formed a crisis cabinet to evaluate the impacts and response to the attack. Spain signed the Counter Ransomware Initiative last year, which contained commitments by national governments to not pay ransomware demands. 

(The Record)

Bosch warned of Thermostat vulnerability

A new vulnerability has been discovered by researchers at Bitdefender, this time affecting BCC100 thermostats made by Bosch. This vulnerability “can be exploited by an attacker on the same network to replace the device firmware with a rogue version.” The flaw affects one of two collaborating microcontrollers for a logic microcontroller. Boch has addressed the flaw with the release of the WiFi firmware 4.13.33, and says in advisory, “Home users should closely monitor IoT devices and isolate them as completely as possible from the local network. This can be done by setting up a dedicated network exclusively for IoT devices.”

(Security Affairs)

Huge thanks to our sponsor, Savvy Security

Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. 
Learn more at 

AI models can be trained to deceive

This finding comes from a study from researchers at the AI startup Anthropic. The researchers found they could train existing large language model with both desired and deceptive behavior. They could induce the model to lean into deceptive actions with set trigger phrases. The researchers could not find ways to remove these triggers and found existing AI safety practices did not reduce deceptive activity. The researchers noted that adversarial training actually saw the model conceal deceptions during training, only to crop back in production. The report did find embedding this deceptive practice wouldn’t likely occur in the wild. 


Ivanti zero-day cat is out of the bag

Last week we reported on two actively exploited flaws in Ivanti VPN appliances, which the company said wouldn’t start receiving patches until the week of January 22nd, although it did provide mitigation guidance. Initially Ivanti said less than 10 customers saw exploits. However it seems threat actors have found many other exposed devices online since then. The firm Volexity reports over 1700 devices online show signs of compromise. Threat actors appear to target these opportunistically, hitting a wide range of targets. Volexity believes Chinese-linked threat actors became strategically exploting the flaws on select targets back in December. 

(Infosecurity Magazine)

Crypto heists rise in 2023

The firm Comparitech released a report showing that the volume of cryptocurrency thefts in 2023 rose 42% on the year in 2023, up to 283 incidents. Despite this, the monetary value of those incidents fell 51% to assets worth $1.75 billion. This also marked a change in tactics, with so-called exit scams, where founders pull out of a proposed token before completion, fell 25% on the year. The report notes 2024 began with a fast starts, with $16.93 million lost in January, double what we saw a year ago. 

(Infosecurity Magazine)

Inferno malware impersonated Coinbase for a big payout

The Inferno Drainer tool helped contribute to the numbers we just talked about. While now defunct, Group-IB reports the operators of this drainer-as-a-service offering used it to create over 16,000 domains between 2022 and 2023. These served up high-quality phishing pages that proved successful in having over 137,000 victims link their crypto wallets. Spoofing sites for the exchange Coinbase proved the most popular, but attackers used a wide variety of lures. This resulted in over $87 million in losses. 

(The Hacker News)

Source link

National Cyber Security