Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
Twitter hack exposes emails of over 200 million users, threat actors exploit ChatGPT to write malicious code and the breach of Slack’s private GitHub repositories. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Phishing simulations & training
1. Cybercriminals leak email addresses of more than 200 million Twitter users
Hackers have reportedly stolen the email addresses of more than 200 million Twitter users and shared them on an online hacking form. Many cybersecurity outlets viewed the leaked data and confirmed that email addresses were actually of the listed Twitter profiles. Alan Gal, the co-founder of Israeli cybersecurity firm Hudson Rock and the first to spot the leak, stated that the leak would, unfortunately, result in a lot of targeted phishing, doxxing, and hacking.
2. Cybercriminals using ChatGPT to write malware code
Security company Check Point recently revealed that threat actors have already started to exploit ChatGPT to write malicious code. In one documented example, the firm spotted a thread on an underground hacking forum by a threat actor who stated he was experimenting with the AI chatbot to recreate malware strains. He went on to compress and share Android malware with the capability to steal files of interest. Plus, the adversary demonstrated another tool that installed a backdoor on a PC and could infect a computer with additional malware.
3. Slack's private GitHub code repositories stolen after a data breach
The renowned Salesforce-owned IM app Slack disclosed it suffered a security incident that led to the theft of some of its private GitHub source code repositories. Hackers managed to get hold of the repositories using the limited number of Slack personnel tokens that were spoofed. Slack invalidated the stolen tokens following the breach and is investigating the potential impact on customers. The company also stated that Slack’s user data and primary codebase weren’t affected.
4. CircleCI urges users to rotate secrets after a security breach
DevOps platform CircleCI recently asked its customers to rotate their secrets following a breach. The company is currently investigating the cause and said no unauthorized actors are active in its systems. But its chief technology officer Rob Zuber urged customers to rotate any secrets stored on the platform, which may be saved in contexts or environment variables. The company has recommended users review internal logs for signs of malicious activity from December 31, 2022, to January 4, 2023, suggesting that it was breached during the holidays.
5. Dridex malware pops back up and turns its attention to macOS
A new version of the banking trojan Dridex reportedly has macOS platforms in its sights. Threat researchers from Trend Micro found that it delivers payload via a Microsoft exe file, so it has not yet been converted to run in a MacOS environment. However, researchers noted that the variant overwrites document files that carry Dridex’s macros, implying that there’s a chance that threat actors behind this trojan will make further modifications to make it work on MacOS.
See Infosec IQ in action