Cybersafe Cyber Security News

Researchers at Google said that they have discovered the first vulnerability using a large language model which is an exploitable stack buffer underflow in SQLite. According to a blog post, Google said it believes the bug is the first public example of an AI tool finding a previously unknown exploitable memory-safety issue in widely used real-world software. The vulnerability was found in SQLite, an open source database engine popular among developers.  Google researchers reported the vulnerability to SQLite developers in early October, who fixed it immediately. As the issue was found before it appeared in an official release it did The post Google uses large language model to find real-world vulnerability first appeared on Cybersafe News.

German police shut down DDoS-for-hire platform Dstat.cc and arrested two men accused of operating the site used for launching DDoS attacks. Two men, aged 19 and 28 from Darmstadt and Rhein-Lahn, were arrested in Germany for allegedly managing criminal infrastructure used for DDoS attacks and large-scale drug trafficking. Authorities accuse them of running the online platform “Flight RCS,” which sold designer drugs and the facilitation of DDoS attacks.  “Flight RCS,” accessible via the free internet, was known for selling synthetic cannabinoids, while, “Dstat.CC” provided a service list for launching DDoS attacks, making cyber sabotage accessible even to those without technical The post DDoS attacks service provider websites seized by authorities first appeared on Cybersafe News.

Google’s Threat Analysis Group researchers warn of a Samsung zero-day vulnerability that is actively exploited in the wild. The vulnerability tracked as CVE-2024-44068 (CVSS score of 8.1) is a use-after-free issue, which could be exploited to escalate privileges on a vulnerable Android device. A vulnerability resides in Samsung mobile processors and according to the experts, it has been chained with other vulnerabilities to achieve arbitrary code execution on vulnerable devices. Samsung addressed the vulnerability with the release of security updates in October 2024. The affected versions include Exynos 9820, 9825, 980, 990, 850, W920. The vulnerability was discovered by the The post Google Warns of Samsung Zero-Day exploited in the wild first appeared on Cybersafe News.

The Bumblebee malware loader was found in recent attacks after Europol disrupted it during ‘Operation Endgame’ in May. The malware, believed to be the creation of TrickBot developers, emerged in 2022 as a replacement for the BazarLoader backdoor to provide ransomware threat actors access to victim networks. Bumblebee typically infects via phishing, malvertising, and SEO poisoning that promoted various software (e.g. Zooom, Cisco AnyConnect, ChatGPT, and Citrix Workspace). Among the payloads delivered by Bumblebee are Cobalt Strike beacons, information-stealing malware, and various ransomware strains. In May, an international law enforcement operation codenamed ‘Operation Endgame’ seized over a hundred servers supporting The post Bumblebee malware returns in recent attacks first appeared on Cybersafe News.

OpenAI has confirmed that hackers are exploiting its AI-powered chatbot, ChatGPT, to create malware and conduct cyberattacks. OpenAI has disrupted over 20 malicious cyber operations abusing ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. The report confirms that generative mainstream AI tools are used to enhance offensive cyber operations. The first signs of such activity were reported by Proofpoint in April, who suspected TA547 (aka “Scully Spider”) of deploying an AI-written PowerShell loader for their final payload, Rhadamanthys info-stealer. Last month, HP Wolf researchers reported that cybercriminals targeting French users were employing AI tools The post OpenAI confirms hackers use ChatGPT to write malware first appeared on Cybersafe News.

Star Health and Allied Insurance confirmed that it was hit by a malicious cyber attack which resulted in unauthorized and illegal access to certain data. The Indian health insurance provider assured that its operations remained unaffected. A thorough and rigorous forensic investigation, led by independent cybersecurity experts, is underway, and the insurance provider is working closely with government and regulatory authorities at every stage of this investigation. Star Health which is headquartered in Chennai offers health insurance to over 17 crore Indians through a vast network of around 14,000 hospitals and 850 offices in the country. It also provides personal The post Star Health Insurance data breach affects 31 M customers first appeared on Cybersafe News.

Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million records. A malicious JavaScript pop-up appeared on the Internet Archive website alerting the visitors that the Internet Archive was breached. The message read as “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”  The text “HIBP” refers to is the Have I Been Pwned data breach notification service created by The post Internet Archive data breach impacts 31 M user accounts first appeared on Cybersafe News.

Cloudflare disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) which lasted 65 seconds. The company has fended off more than one hundred hyper-volumetric DDoS attacks throughout the month, with most of the attacks aimed at the target’s network infrastructure (network and transport layers L3/4) exceeding 2 billion packets per second (pps) and 3 terabits per second (Tbps). In a volumetric DDoS attack, the target is overwhelmed with large amounts of data to the point that they consume the bandwidth or exhaust the resources of applications and devices, leaving legitimate users The post Cloudflare blocks largest ever 3.8 Tbps DDoS attack first appeared on Cybersafe News.

The Japanese video-sharing platform, Niconico, was forced to temporarily suspend its services following a large-scale cyberattack on June 8th. In response to the incident, the company temporarily suspended Niconico Family Services such as Niconico Video, Niconico Live Broadcast, Niconico Channel, etc. The company also suspended the Niconico Account login on external services. The company stated that on June 8th, an issue occurred that prevented access to multiple servers in the group. They then immediately shut down the relevant servers to protect the data. Based on the scope of its internal analysis and investigation that was conducted on the same day, The post Japanese video sharing site Niconico hit by cyberattack first appeared on Cybersafe News.

Semiconductor and software design company Arm warns of an actively exploited zero-day vulnerability tracked as CVE-2024-4610, in Mali GPU Kernel Driver. The vulnerability is a use-after-free issue that impacts Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) and Valhall GPU Kernel Driver (all versions from r34p0 to r40p0). According to the advisory published by the company, a local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. Arm is aware of reports of this vulnerability being exploited in the wild. Bifrost and Valhall GPU Kernel Driver r41p0, which were released on The post Arm zero-day in Mali GPU Drivers actively exploited in the wild first appeared on Cybersafe News.