The Top Cybersecurity News Stories This Month: March 2023

Mar 30

From the Whitehouse banning spyware to high-profile ransomware attacks against Ferrari and the NBA, March had plenty of cybersecurity-related headlines.

Here are the top 5 cybersecurity stories that emerged this month:

1. ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

Source: Security Week

Due to a glitch in the open-source software, ChatGPT’s payment system accidentally exposed the payment details of its paid users as well as the conversation histories of random users. The incident was initially reported by users trying to subscribe to ChatGPT Plus. Still, it was confronted with an issue where the email addresses of other unrelated users appeared in the payment form. Upon further investigation, it was discovered that the data leak was much more extensive and affected many premium subscribers.

Confirmed in a tweet by the OpenAI, the data breach was caused by a bug in an open-source library, Redis-py. The flaw exposed user information, including chat data belonging to other users, active users' chat history titles, and payment-related information of 1.2% of ChatGPT Plus subscribers.

We took ChatGPT offline Monday to fix a bug in an open source library that allowed some users to see titles from other users’ chat history. Our investigation has also found that 1.2% of ChatGPT Plus users might have had personal data revealed to another user. 1/2
— OpenAI (@OpenAI) March 24, 2023

OpenAI contacted affected users to notify them of the potential breach and took the chatbot offline to patch the flaw. Threat intelligence company GreyNoise warned of a new ChatGPT feature that includes a vulnerable docker image for the MinIO distributed object storage system. The vulnerability could be exploited to obtain secret keys and root passwords, and GreyNoise has already seen attempts to exploit the vulnerability in the wild.

2. Biden executive order bans federal agencies from using commercial spyware

Source: TechCrunch: Security

The Biden administration has issued a new executive order banning U.S. federal agencies, including law enforcement, defense, and intelligence, from using commercially developed spyware that threatens human rights and national security. The move comes as dozens of U.S. government personnel had their phones targeted. Human rights defenders and security researchers have warned of the risks posed by commercial spyware created in the private sector and sold almost exclusively to governments and nation-states.

The order aims to set standards for other governments and their allies which buy and deploy commercial spyware. The officials did not name the specific spyware affected by the executive order. Still, it is expected to affect known government spyware makers and vendors known to sell to authoritarian governments that commit human rights abuses. The order is the latest action the government took in recent years, including banning some spyware makers from doing business in the U.S. and passing laws to limit the use and procurement of spyware by federal agencies

3. New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

Sources: The Hacker News, Uptycs blog

The MacStealer macOS malware is a new threat that targets Apple's macOS operating system to steal sensitive information from compromised devices. The malware is propagated as a DMG file (weed.dmg), which, when executed, opens a fake password prompt that harvests passwords under the guise of seeking access to the System Settings app. MacStealer primarily affects devices running macOS versions Catalina and later running on M1 and M2 CPUs.

"It is designed to extract iCloud Keychain data, passwords, and credit card information from browsers like Google Chrome, Mozilla Firefox, and Brave, and can also harvest Microsoft Office files, images, archives, and Python scripts." MacStealer is just one of several information-stealing malware tools that have surfaced recently. To mitigate such threats, it's recommended that users keep their operating system and security software up to date and avoid downloading files or clicking links from unknown sources.

4. Part of Twitter Source Code Leaked on GitHub

Source: CSO

A security breach has hit Twitter, as an unknown user posted some of its source code on GitHub. The social media giant has taken legal action in the US District Court for the Northern District of California to identify the individual responsible. The code contained security vulnerabilities that could allow users' data to be extracted or bring the site down. Internal investigations have started, and it's believed the person behind the leak left the company last year. Elon Musk, who bought Twitter for $44bn in October 2022, plans to open source all the code to recommend tweets.

5. Details of ransomware attack on Ferrari and NBA

Source: Cybersecurity Insiders

Luxury car maker Ferrari has reported a data breach that resulted in hackers gaining access to some of its systems. The company has contacted customers whose information may have been accessed, including names, addresses, email contacts, and telephone numbers. However, evidence has not been found to suggest that this data has been misused. Ferrari has also been contacted by a threat actor demanding a ransom, with the amount to be disclosed after initial investigations into the breach. In a similar incident, the National Basketball Association (NBA) reported that some of its data stored on third-party newsletter servers was stolen by ransomware attackers. Still, no fan credentials or personal details were compromised. NBA urges affected customers to be vigilant in the face of potential phishing and other cyber scams.

That covers our round-up for March. To stay informed on all the latest cybersecurity news download our free mobile app, Onyxia: Cybersecurity Intel, available on IOS and Google Play stores. We are actively continuing to add new features that are personalized and customizable to your industry and interests. Much more to come on that!