Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Google’s AI Chatbot, Bard, was recently updated with a feature that allows users to share their chats with others, using a shared link. While this feature does allow for public sharing, chat URLs showing up in Google searches was neither intended, nor expected. Without warning, Google Search began indexing the shared links created for these chats, resulting in them mistakenly appearing in organic listings on search engines. Google revealed that these shared links are for “a specific prompt and Bard’s response or an entire chat,”.
This was an unexpected issue, and Google are currently working to ‘re-educate’ the chatbot to help it better understand the importance of privacy. This education should result in links being visitable if the specific URL is browsed to and ensure that these links do not show up in organic search listings.
Mozilla has just released version 118 of Firefox; this release includes fixes for nine total vulnerabilities, six of which have been classified as high severity.
As well as security fixes, Firefox will also receive several new features, including the automated translation of web content, improved anonymity for Web Audio, add-on suggestions for users in the US, and more.
We advise updating your browser as soon as possible, to ensure you are protected against the high-severity flaws currently affecting Firefox. For more details on the vulnerabilities addressed in this patch, see here.
OpenAI’s ChatGPT has previously been restricted to data from before September 2021. This prevented the AI chatbot from commenting on any events that occurred after this date and was not able to provide any information from the last two years. This latest update has lifted this restriction, allowing ChatGPT to access live news and comment on current affairs. The feature is currently only available for premium users, but will soon be made available for all users.
Another feature that was announced, but not yet implemented, is the introduction of voice conversations.
This week, Google were alerted to a high-severity buffer overflow vulnerability that was being actively exploited in the wild. Tracked as CVE-2023-5217, this flaw exists in the VP8 encoding of libvpx video codec library. The resulting impact could range from denial of service to full-blown remote code execution in the user's Chrome browser.
This was found by Google’s TAG researchers, who observed an attacker utilising the exploit to install spyware on user's devices. This is the second zero-day in two weeks after CVE-2023-4863 was discovered in which a buffer overflow vulnerability was identified in WebP code library.
Google has since produced a patch to protect against CVE-2023-5217 and recommends all users update to the latest version to protect against both of these vulnerabilities.
A newly seen phishing campaign impersonating the Red Cross, a nonprofit humanitarian organization, has been discovered by NSFOCUS Security Labs. During the investigation, NSFOCUS reported that the campaign was of a “high technical level and cautious attack attitude” and “part of the attacker's targeted strike on specific targets.”
Orchestrated by AtlasCross, this phishing campaign utilises malicious macros in a Microsoft document, that appears to be related to blood donation. When launched, the macros in the false document will work to extract system metadata to a remote server.
Not much is known about the group behind the attack, due to target scope being very limited; despite this, NSFOCUS has confirmed that “the attack processes they employ are highly robust and mature.”.
More details on the nature of these attacks can be found here. This includes a more in-depth breakdown of the data exfiltration, and IoCs that are related to the campaign.
Intel is currently being investigated as part of an EU antitrust case, in which they have been accused of illegally excluding rivals from the EU market and blocked Advanced Micro Devices from competing back in 2009. Further investigation also showed that Intel had paid HP, Acer, and Lenovo to cease or delay products between November 2002 and December 2006. "The General Court confirmed that Intel's naked restrictions amounted to an abuse of a dominant market position under EU competition rules," the European Commission reported. As a result of this case, the U.S. chipmaker has been fined $400 million (376M Euros).
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #253 – 29th September 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.