Critical Infrastructure Organizations Compromised through Trojanized X_Trader Software

Read Time:1 Minute, 52 Second

FortiGuard Labs is aware of reports that several organizations worldwide downloaded and installed trojanized versions of X_Trader software, which is believed to be the infection vector of the 3CX breach. Some of the reported victims are in critical infrastructure sectors in the United States and Europe. The malicious installers deployed the Veiledsignal backdoor to targeted machines.Why is this Significant?This is significant because several unnamed organizations worldwide, including those in critical infrastructure sector, downloaded and installed malicious versions of the X_Trader software believed to be the attack vector used in the recent 3CX incident. The infection allowed the alleged attacker Lazarus, the infamous North Korean threat actor, to have backdoor access to affected organizations through the deployed Veiledsignal malware.X_Trader software is a trading platform developed by Trading Technologies. How did the Attack Occur?Reports indicate that the trojanized versions of X_Trader software installers were hosted on the official Trading Technologies Web site, which appears to have been compromised in early 2022. CVE-2022-0609 (Use After Free Vulnerability in Google Chrome). was reportedly leveraged in the compromise. The malicious installers are digitally signed using a Trading Technologies’ signing certificate. There is no indication that the installers were actively distributed, rather they had to be manually downloaded and installed.Once the installers are executed, they copy the legitimate X_Trader executable and drop two malicious DLLs that are then sideloaded by the executable. One DLL acts as a loader of the other DLL containing Veiledsignal backdoor payload.Veiledsignal backdoor injects a module into the Chrome, Firefox, or Edge web browsers, which connects to the attacker’s C2 (Command-and-Control) server for commands.What is the Status of Protection?FortiGuard Labs has the following AV signatures in place for the known available trojanized X_Trader installers:Riskware/NukeSpedW32/Sphone_XC3.Q!trFortiGuard Labs has the following AV signatures in place for other known available files used in the attack:W64/NukeSped.PB!trRiskware/NukeSpedW64/BURNTCIGAR.84DB!trW64/ShellcodeRunner.KZ!trW32/Kryptik.F5ED!trW32/Shellcode.RDI!trW64/Agent.203F!trW32/PossibleThreatC2 of of the Veiledsignal backdoor is blocked by Webfiltering.FortiGuard Labs has the following IPS signature in place for CVE-2022-0609:Google.Chrome.UpdateAnimationTiming.Use.After.Free

Read More

ChatGPT returns to Italy after OpenAI tweaks privacy disclosures, controls

Read Time:21 Second

ChatGPT is again available to users in Italy, after being temporarily banned by the country’s data privacy authority for possible violations of the EU’s General Data Protection Regulation (GDPR).

Italy’s Guarantor for the Protection of Personal Data announced the reinstatement of ChatGPT Friday, after Microsoft-backed OpenAI, the creator of the generative AI service, made changes requested by the government body.

To read this article in full, please click here

Read More

USN-6052-1: Linux kernel vulnerability

Read Time:16 Second

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed.

Read More

USN-6051-1: Linux kernel vulnerabilities

Read Time:30 Second

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)

It was discovered that a race condition existed in the io_uring subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1872)

Read More

Is misinformation the newest malware?

Read Time:27 Second

Misinformation and cybersecurity incidents have become the top scourges of the modern digital era. Rarely does a day go by without significant news of a damaging misinformation threat, a ransomware attack, or another malicious cyber incident.

As both types of threats escalate and frequently appear simultaneously in threat actors’ campaigns, the lines between the two are getting fuzzy. At this year’s RSA Conference, information security experts appeared on a panel entitled “Misinformation Is the New Malware” to hammer out the distinctions.

To read this article in full, please click here

Read More

The role of AI in healthcare: Revolutionizing the healthcare industry

Read Time:3 Minute, 27 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Introduction

Artificial Intelligence (AI) is the mimicry of certain aspects of human behaviour such as language processing and decision-making using Large Language Models (LLMs) and Natural Language Processing (NLP).

LLMs are specific type of AI that analyse and generate natural language using deep learning algorithms. AI programs are made to think like humans and mimic their actions without being biased or influenced by emotions.

LLMs provide systems to process large data sets and provide a clearer view of the task at hand. AI can be used to identify patterns, analyse data, and make predictions based on the data provided to them. It can be used as chatbots, virtual assistants, language translation and image processing systems as well.

Some major AI providers are ChatGPT by Open AI, Bard by Google, Bing AI by Microsoft and Watson AI by IBM. AI has the potential to revolutionize various industries including transportation, finance, healthcare and more by making fast, accurate and informed decisions with the help of large datasets. In this article we will talk about certain applications of AI in healthcare.

Applications of AI in healthcare

There are several applications of AI that have been implemented in healthcare sector which has proven quite successful.
Some examples are:

Medical imaging: AI algorithms are being used to analyse medical images such as x-ray, MRI scans and CT scans. AI algorithms can help radiologists identify abnormalities – assisting radiologists to make more accurate diagnoses. For example, Google’s AI powered Deepmind has shown similar accuracy when compared to human radiologists in identifying breast cancer.
 

Personalised medicine: AI can be used to generate insights on biomarkers, genetic information, allergies, and psychological evaluations to personalise the best course of treatment for patients.

This data can be used to predict how the patient will react to various courses of treatment for a certain condition. This can minimize adverse reactions and reduce the costs of unnecessary or expensive treatment options. Similarly, it can be used to treat genetic disorders with personalised treatment plans. For example, Deep Genomics is a company using AI systems to develop personalised treatments for genetic disorders.

Disease diagnosis: AI systems can be used to analyse patient data including medical history and test results to make more accurate and early diagnosis of life-threatening conditions like cancer. For example, Pfizer has collaborated with different AI based services to diagnose ailments and IBM Watson uses NLP and machine learning algorithms for oncology in developing treatment plans for cancer patients.

Drug discovery: AI can be used in R&D for drug discovery, making the process faster. AI can remove certain constraints present in drug discovery processes for novel chronic diseases. It can lead to saving millions of patients worldwide with a sped-up process, making it both cost and time efficient.

Per McKinsey research, there are around 270 companies working in AI-driven discovery with around 50% situated in the US. In addition, they have identified Southeast Asia and Western Europe as emerging hubs in this space. For example, Merck & Co. are working to develop a new treatment with the help of AI for Alzheimer’s.

What to expect in the future

We are seeing a revolution in the field of Machine Learning and AI happen in the past few years. Now we have LLMs and Image Processing Systems which can be used for faster, more efficient and prioritized results to make decisions more accurately and provide the best possible patient care.

Properly trained AIs are not biased – it’s important to develop these AI systems ethically. The efficiency of these systems depends on specific application and implementation.

AI systems can be biased if they are trained on biased data, so it is important to ensure that the data these models are trained on is diverse and representative. Implementation of AI in healthcare is still in early stages in drug discovery and it’ll see a continued growth going forward.

Read More

USN-6050-1: Git vulnerabilities

Read Time:24 Second

It was discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to overwriting some paths.
(CVE-2023-25652)

Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. (CVE-2023-25815)

André Baptista and Vítor Pinho discovered that Git incorrectly handled
certain configurations. An attacker could possibly use this issue
to arbitrary configuration injection. (CVE-2023-29007)

Read More

The hidden security risks in tech layoffs and how to mitigate them

Read Time:35 Second

In the shadowy corners of the tech world, there are plenty of stories of admins locking organizations out of their own IT environment, greedy employees selling data, or security engineers backdooring the network. The motivations for these acts can touch on anything from financial gain to revenge, and the consequences are generally disastrous for everyone involved.

The recent tech layoffs that have swept across various industries have only heightened the phenomenon. “Very large organizations only need one poorly vetted and treated [employee] to inflict a lot of harm,” says Frank Price, CTO of CyberGRX, a company that helps organizations manage, monitor, and mitigate risk in their partner ecosystems.

To read this article in full, please click here

Read More

CVE-2018-25085

Read Time:27 Second

A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755.

Read More