June 23, 2023
ChatGPT Accounts Stolen, China in Cuba, Google Pledges to Cyber Clinics, Safari needs patching too
In this Episode:
Over 100,000 ChatGPT Accounts Stolen Via Malware For Sale on Dark Web
?? Edwin Kwan, Sydney, Australia ↗
Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces
Over 100,000 ChatGPT accounts stolen via info-stealing malware
Group-IB Discovers 100K+ Compromised ChatGPT Accounts on Dark Web Marketplaces; Asia-Pacific region tops the list
China in Cuba
?? Hillary Coover, Washington, DC ↗
Google pledges $20M to Cyber Clinics
?? Katy Craig, San Diego, California ↗
Google backs creation of cybersecurity clinics with $20 million donation | AP News
Safari needs patching too: Apple products affected by sophisticated implant
?? Olimpiu Pop, Transylvania, Romania ↗
https://www.csa.gov.sg/alerts-advisories/alerts/2023/al-2023-083
https://support.apple.com/en-us/HT201222
https://nvd.nist.gov/vuln/detail/CVE-2023-32434
https://nvd.nist.gov/vuln/detail/CVE-2023-32435
https://nvd.nist.gov/vuln/detail/CVE-2023-32439
https://thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html
https://thehackernews.com/2023/06/new-report-exposes-operation.html
This Day in Tech History
?? Marcel Brown, St. Louis, Missouri ↗
https://thisdayintechhistory.com/06/23
https://thisdayintechhistory.com/06/24
Episode Transcription:
Pokie Huang:
It’s 5:05 on Friday, June 23rd, 2023. From the source podcast network in New York city. This is Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Hillary Coover in Washington, DC, Katy Craig in San Diego, California, Olimpiu Pop in Transylvania, Romania and Marcel Brown in St. Louis, Missouri.
Let’s get to it!
Edwin Kwan:
This is Edwin Kwan from Sydney, Australia. Over the past year, more than 101,000 stolen ChatGPT accounts were being sold on the dark web marketplaces. Leaked ChatGPT credentials peaked in May 2023, with threat actors posting roughly 26,800 new accounts. The countries with the most member of compromised accounts include India, Pakistan, and Brazil. Because ChatGPT allows users to store conversations, access to an account might mean gaining insights into proprietary information, internal business strategies, personal communication, software code and more. Many enterprises are integrating ChatGPT into their operational flow with employees entering classified correspondence or using the bot to optimize proprietary code. Such concerns are the reason why many tech companies, like Samsung have outright banned their staff from using ChatGPT on work computers. If you input sensitive data on ChatGPT, consider disabling the chat saving feature, or manually deleting your conversations as soon as you are done using the tool.
Hillary Coover:
Hi, this is Hillary Coover. The Wall Street Journal is reporting a new Beijing training facility in Cuba and raising alarms. While alarms are certainly founded, it should come as no surprise since we know that China operates this way worldwide and has been for many years.
Their operation is commonly known as Project 141, where they establish signals collection sites in strategic areas around the world.
The United States has been countering this for years and competing for influence in strategic regions, and it will continue to do so. In the meantime, if you are interested, you can capture interesting insights using satellite imagery data, radio frequency data, maritime data, location data, business record data, because all of these are fair game at this point. There is no privacy legislation preventing anyone from leveraging those things to create a picture of what things look like on the ground there. Stay safe.
Katy Craig:
Google CEO Sundar Pichai is pledging $20 million to support the Consortium of Cybersecurity Clinics. The goal is to introduce students to cybersecurity careers and protect small government offices, rural hospitals and nonprofits from hacking.
This is Katy Craig in San Diego, California.
Pichai recognizes the rise in cyber attacks, which have increased globally by 38% in 2022. Google’s Cybersecurity Certificate program and partnerships with universities aim to address the shortage of trained cybersecurity professionals.
Congressional members from both sides of the aisle are applauding Google’s initiative. They recognize the economic and national security implications of addressing cyber threats. It’s no secret that China is producing more computer science doctoral students than the United States, and closing this gap is crucial.
The need for a diverse cybersecurity workforce is clear. With over 650,000 open cybersecurity jobs, we must foster talent from all walks of life to help protect our digital world. Google’s commitment to supporting this workforce growth is commendable.
This is Katy Craig. Stay safe out there.
Olimpiu Pop:
On Wednesday, Apple released a security update for many of its products, including Safari, iOS, MacOS, and watchOS. In total, the company fixed no more than nine zero-day flows this year.
The patch includes among others a pair of zero days that have been weaponized in a mobile surveillance campaign. Called Operation Triangulation it has been active since 2019, the threat actor behind it is still unknown.
The flows are:
An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges
And a memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing, specially crafted web content.
Apple is aware that the two issues might have been actively exploited against versions of iOS release before iOS 15.7. The information was credited to Kaspersky researchers. The spyware implant was used in a zero-click attack campaign targeting iOS devices via iMessage, carrying an attachment embedded with an exploit for a remote code execution vulnerability. The exploit will download additional components to obtain root privileges. Afterwards, the iMessage is deleted to conceal the trail. The implant called, TriangleDB, operates solely in the memory, leaving no traces of the activity after a reboot. The data collection and tracing capabilities are quite diverse.
The third zero day has been reported anonymously and could result in arbitrary code execution when processing malicious web content. There is a bunch of information. There is a bunch of information in the resources sections of 505Updates.com.
Olimpiu Pop reported from Sylvania, Romania.
Marcel Brown:
This is Marcel Brown, the most trusted name in technology delivering your technology history for June 23rd and June 24th.
June 23rd, 1868. Latham Scholes, Carlos Glidden, and Samuel Soule are awarded a patent for the “Type-Writer” which would become the basis for the first practical and commercially successful typewriter. Evolving into what would become known as the Sholes and Glidden typewriter, which would later become the Remington No.1, one of its lasting legacies was the introduction of the QWERTY keyboard, which is still the most popular keyboard layout in the world to this day.
A popular theory states that the design of the QWERTY keyboard was intended to slow down typists in order to minimize the clashing of the typebars which would jam up the early typewriters. There is little evidence to support this theory, however, in a research study published in 2011 asserts that the QWERTY design was more directly influenced by feedback from telegraph operators who were early adopters of typewriters and found previous keyboard layouts inefficient.
June 24th, 2010. After a wild lead up involving a prototype being lost at a bar, Apple’s iPhone 4 officially went on sale. Later, the iPhone four would then become the subject of the Antennagate controversy. With so much attention given to the phone, it really was no wonder that it went on to set sales records.
That’s your technology history for today. For more, tune in next week and visit my website ThisDayInTechHistory.com.
Pokie Huang:
That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.
5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.
Thank you to Edwin Kwan, Hillary Coover, Katy Craig, Olimpiu Pop, Marcel Brown for today’s contributions.
The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you next Monday… at 5:05.