Introduction
Hello there and I welcome you to this week's security review. In this edition, we'll cover articles on malware, Artificial Intelligence, and mobile and wireless threats.
With that out of the way, let's go!
Ransomware attack forces 100 Romanian hospitals to go offline
The first thing that I thought when I read the title: Not Cool. Behind it is a code that forced hospital officials to switch to pen and paper for (almost) everything.
Here is an excerpt for you (emphasis mine):
The ransomware attack affected various hospitals across Romania, including regional and cancer treatment centers, with a team of DNSC cybersecurity experts currently investigating the attack's impact.
Microsoft Catches APTs Using ChatGPT for Vuln Research, Malware Scripting
I have always maintained this idea that if it's created by men, we'll find a way to misuse it. This article still shows why I'll stick with that idea. ChatGPT is here titled as "Great for everyday tasks", not MALWARE SCRIPTING (Yes, I am literally screaming).
Here is why:
Interactions have involved requests for support around social engineering, assistance in troubleshooting errors, .NET development, and ways in which an attacker might evade detection when on a compromised machine.
In another case, Microsoft said it caught notorious North Korean APT Emerald Sleet (aka Kimsuky) using LLMs to generate content likely to be used in spear-phishing campaigns.
Windows Zero-Day Exploited in Attacks on Financial Market Traders
I really don't know what to say. But I'll say two things: Microsoft patched it and do your best to update your system.
The following shows why:
According to Microsoft, this vulnerability impacts Windows Server 2019, Windows Server 2022, Windows 10, and Windows 11. It can be exploited by getting the targeted user to open a specially crafted file designed to bypass displayed security checks.
New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks
It's a research work by a professor and a student at KU Leuven research university in Belgium. It brings some joy (not the flaw) but a professor and a student working on something of this importance. It's WOW!.
More from the article:
The vulnerability can be exploited against Wi-Fi clients that are not properly configured to verify the certificate of the authentication server, which unfortunately still often occurs in practice, in particular with ChromeOS, Linux, and Android devices.
Mysterious ‘MMS Fingerprint’ Hack Used by Spyware Firm NSO Group Revealed
Humans are really crafty, and this article is one that you'll read and wonder how it's possible.
A quick one for you:
Labeled under ‘Infection Assisting Tools’ is a single entry titled ‘MMS Fingerprint’. NSO claims it can reveal the target device and the OS of the target device, ‘without user interaction, engagement or message opening’, and can be used against Android, Blackberry, and iOS.
OpenAI collapses media reality with Sora, a photorealistic AI video generator
This article is being reviewed because a video that you might see in the future could be fake. Moreover, at the time of writing, Sora is not available to the general public because it's still under testing.
What's more, the following is why you should read the article:
Technology like Sora pulls the rug out from under that kind of media frame of reference. Very soon, every photorealistic video you see online could be 100 percent false in every way. Moreover, every historical video you see could also be false.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.