Cyber Markets Round-up: Week 27, July '23: The highs and lows of AI and how it transforms business landscapes
Cyber Markets Roundup | Weekly cybersecurity investment highlights
*Stock data as of the market close, cryptocurrency data as of 4:00 AM ET.
Hear from Ian L. Paterson, Plurilock CEO, as he shares his thoughts about where business leaders should go after Suncor confirmed its cybersecurity breach.
Canadian-based gold miner among the latest MOVEit data breach victims from IT World Canada
One of the largest gold and copper miners in the world is among the latest companies to be listed as victims of the vulnerability in Progress Sofware’s MOVEit file transfer platform, according to a cybersecurity researcher.
Brett Callow, a Canadian-based threat researcher for Emsisoft, tweeted today that Barrick Gold Corp. of Toronto has been listed by the Clop/Cl0p ransomware and data theft gang as being among the companies it hit.
Two other victims were listed by Clop today, making the total number of publicly-reported victim organizations 193, according to Callow. It isn’t known how many of them paid to prevent their stolen data from being leaked either publicly or to other crooks.
Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces from The Hacker News
Over 101,100 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials.
The credentials were discovered within information stealer logs made available for sale on the cybercrime underground.
To mitigate such risks, it's recommended that users follow appropriate password hygiene practices and secure their accounts with two-factor authentication (2FA) to prevent account takeover attacks.
Microsoft, OpenAI sued for $3B after allegedly trampling privacy with ChatGPT from The Register
Microsoft and OpenAI were sued on Wednesday by sixteen pseudonymous individuals who claim the companies' AI products based on ChatGPT collected and divulged their personal information without adequate notice or consent.
The complaint contends Microsoft and OpenAI have embedded into their AI products the personal information of millions of people, reflecting hobbies, religious beliefs, political views, voting records, social and support group membership, sexual orientations and gender identities, work histories, family photos, friends, and other data arising from online interactions.
The complaint:
"Despite established protocols for the purchase and use of personal information, Defendants took a different approach: theft."
"They systematically scraped 300 billion words from the internet, 'books, articles, websites, and posts – including personal information obtained without consent.' OpenAI did so in secret, and without registering as a data broker as it was required to do under applicable law."
"[Concerning] personally identifiable information, defendants fail sufficiently to filter it out of the training models, putting millions at risk of having that information disclosed on prompt or otherwise to strangers around the world."
New ChatGPT Attack Technique Spreads Malicious Packages from Info Security Magazine
A new cyber-attack technique using the OpenAI language model ChatGPT has emerged, allowing attackers to spread malicious packages in developers' environments.
By leveraging the code generation capabilities of ChatGPT, attackers can then potentially exploit fabricated code libraries (packages) to distribute malicious packages, bypassing conventional methods such as typosquatting or masquerading. The technique involves posing a question to ChatGPT, requesting a package to solve a coding problem, and receiving multiple package recommendations, including some not published in legitimate repositories.
By replacing these non-existent packages with their malicious ones, attackers can deceive future users who rely on ChatGPT's recommendations. A proof of concept (PoC) utilizing ChatGPT 3.5 illustrates the potential risks involved.
If you enjoyed this edition of the Cyber Markets Roundup, we are inviting you to connect with us on LinkedIn for FREE and let us build a community of like-minded individuals who are interested in cybersecurity, stocks, and financial markets.