CYBER SECURITY NEWS – WEEK OF MARCH 27, 2023
FBI confirms access to Breached cybercrime forum database
- The FBI confirmed they have access to the database of the notorious BreachForums (aka Breached) hacking forum after the U.S. Justice Department also officially announced the arrest of its owner.
- 20-year-old Conor Brian Fitzpatrick (also known as Pompompurin) was charged for his involvement in the theft and sale of sensitive personal information belonging to “millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies” on the Breached cybercrime forum.
- In new court documents published this Friday, FBI Special Agent John Longmire revealed that the FBI has the Breached database, which helped establish that Fitzpatrick is indeed Pompompurin as charged, the forum’s main admin, based on activity logs and the Optimum Online Internet connection he used (registered using the [email protected] email address).
ChatGPT flaw exposed users’ chat histories
- Microsoft-backed startup OpenAI has fixed the ChatGPT bug, which company CEO Sam Altman described as a “significant issue.” The flaw allowed users to see parts of conversations other users had with the chatbot.
- “We had a significant issue in ChatGPT due to a bug in an open source library, for which a fix has now been released, and we have just finished validating,” Altman said in a tweet.
- OpenAI’s CEO added that users would not have access to their chat histories for some time. Altman said the chat history would not be available on Monday. However, in doing so he didn’t specify an exact date, because he only referred to which day in the week the history would be down.
Ferrari hacked, refuses to pay ransom demand
- An unknown threat actor has hacked the Italian luxury automaker Ferrari and is now demanding a ransom in exchange for certain client contact details.
- “Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details,” the statement said.
- “As a policy, Ferrari will not be held to ransom, as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” the luxury company said.
- “Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident,” Ferrari said.
Rio Tinto hints at possible breach
- Personal data on miing giant Rio Tinto’s former and current employees in Australia may have been stolen by a cybercriminal group, according to an internal staff memo seen by Reuters.
- The memo said that the “data relates to certain records processed by our payroll services team in January 2023, such as payslips and overpayment letters, for a small portion of past and present employees based in Australia, who received these records by post.”
- It added: “Investigations now indicate a possibility that Rio Tinto data may be impacted.”
Dole confirms employee data was breached in ransom attack
- The Dole Food Company revealed in an SEC filing Wednesday that employee data was accessed during last month’s ransomware attack.
- “In February of 2023, Dole was the victim of a sophisticated ransomware attack involving unauthorized access to employee information,” the shareholder document stated.
- The attack forced the manufacturer to stop production at all its North American facilities, causing a packaged lettuce shortage at US grocery stores and a ruckus among brand enthusiasts.
- At the time, Dole said it quickly shut down computer systems to contain the ransomware spread, and a manual backup program was in place if needed.
BreachedForums shutdown over user exposure fears
- BreachedForums admin decided to shut down the website, fearing the arrest of the cybercrime marketplace’s leader allowed the feds to access secured systems.
- “This will be my final update on Breached , as I’ve decided to shut it down,” the site’s remaining admin, Baphomet, told users in an encrypted message.
- “It seems someone logged in on Mar 19, 1:34 EST, prior to me logging into the server. Unfortunately, this likely leads to the conclusion that someone has access to Poms machine,” the threat actor explained.