This Week in Cyber Security – June 22, 2023

Welcome back to our weekly roundup, the battlefield of cybersecurity news. We’re here to cover the front lines of the cybersecurity industry for you!

After covering some cyber warfare stuff in last week’s roundup, here is what we have today:

• Google accuses Microsoft of being anti-competitive on its cloud services
• An important vulnerability was disclosed… On Twitter!
• “ChatGPT, tell me who stole my credentials”

Google vs Microsoft: a war between titans

Microsoft is being accused of establishing some anticompetitive practices when it comes to its Azure cloud unit, CNBC reports. In a letter to the Federal Trade Commission, Google said that the company founded by Bill Gates uses unfair licensing terms to “lock in clients” to exert control over the cloud-computing market. The letter comes after Google has been facing several anticompetition lawsuits from the Justice Department and the FTC.

Our take: What these giants are fighting about—their cloud services—is the backbone of the internet as we know it today. Regardless of how this new war between the two companies will go, the general public and many businesses are not aware of where their data is stored and transferred.

The importance of securing cybersecurity information

A researcher that decided to remain anonymous accidentally discovered a new zero-day vulnerability in the MOVEit software. But instead of sharing the vulnerability privately with the company, the researcher decided to send it as a message on Twitter. The behavior raised more than one eyebrow since it deviated from the standard practices in the cybersecurity world. As reported by Bloomberg, the message was then immediately removed from Twitter and a patch was subsequently issued the following day. However, all of the company’s cloud services were disabled to avoid any risk, which resulted in a significant reputational harm

Our take: the luckiest among us will not have to deal with such situations in their lifetimes. But if something like this ever happens to you, always make sure the disclosure of the vulnerability happens on a secure channel that can hardly be accessed by third parties. The one thing that is worse than finding a vulnerability in your software is accidentally giving it away to a hacker because of poor cybersecurity practices.

ChatGPT data stolen and sold on the dark web

As recently reported by Hacker News, over 100,000 ChatGPT credentials have been stolen and subsequently sold on the dark web. It seems like the majority of credentials were breached by the notorious Raccoon stealer (78,348), followed by Vidar (12,984) and RedLine (6,773). The most affected countries have been reported to be Pakistan, Brazil, Vietnam, Egypt, the U.S., France, Morocco, Indonesia, and Bangladesh. According to the company that disclosed the data breach, “the number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023.”

Our take: this is just another example of how easy it is for anybody to access your personal accounts and use the data against you to hijack passwords, cookies, credit cards, and other information from browsers, and cryptocurrency wallets. 

Quick Bites

A recent report revealed that Australian firms have suffered many cyber attacks during the past year—revealing a nation-wide problem when it comes to cybersecurity.

—

Experts are warning that the lack of cyber leadership in the US federal government may prevent agencies from recovering and responding to ransomware attacks

—

Chinese Hacker Group targets American Ministries with graphican backdoor. The campaign allegedly spanned from late 2022 to early 2023