By Deeba Ahmed
Twitter had to file a DMCA request after its source code was found on GitHub.
This is a post from HackRead.com Read the original post: Portion of Twitter’s proprietary source code leaked on GitHub

Reportedly, the source code remained public for several months before being taken down by GitHub.

According to a news report from the New York Times (NYT), some portions of Twitter’s source code were leaked online through GitHub after the social networking platform filed a DMCA request to take it down.

The report claims that the source code probably remained public for several months before being taken down by GitHub. It was published by a GitHub user with the username FreeSpeechEnthusiast, referring to Elon Musk’s statement that he was a Free Speech Absolutist previously.

Code-sharing service GitHub published the request online, stating that the leaked info was Twitter’s proprietary source code for internal tools and platforms. It is worth noting that the GitHub profile linked with the DMCA takedown listed a non-public code contributed in early January.

DMCA takedown notice

Proprietary source code is usually the most sensitive and secretive trade information. This code becoming public entails several risks for the company, such as it can disclose the platform’s software flaws that attackers can exploit.

Moreover, it gives the competitors a competitive edge by giving an insight into the company’s non-public internal workings.

Twitter also filed a court filing in California apart from requesting to take down the source code. The company submitted the filing to identify the perpetrator responsible for the leak as well as to get information on GitHub users who might have downloaded the code.

As per the filing, Twitter asked the court to order GitHub to disclose the users’ names, telephone numbers, addresses, social media profiles, IP addresses, and emails. The request was made under the Digital Millennium Copyright Act implemented in 1998.

Twitter execs suspect that one of the employees who left the company in 2022 after Elon Musk acquired the platform could be responsible for the leak. Since Musk laid off thousands of Twitter employees, it is difficult to determine the culprit as of now.

1.  Twitch hacked- Source code leaked
2.  Yandex Source Code Leaked Online
3.  Hackers Stole GoDaddy Source Code
4.  Hackers Steal LastPass’ Source Code
5.  Hackers Stole T-Mobile’s Source Code

Portion of Twitter’s proprietary source code leaked on GitHub

By Deeba Ahmed
This year's Pwn2Own 2023 was held in Vancouver between March 22nd and 24th, 2023.
This is a post from HackRead.com Read the original post: Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

At Pwn2Own 2023, participants were awarded a full bounty (more than $1,000,000) in each round for successful exploits.

**Pwn2Own**, as we know it, is an annual computer hacking contest that offers various advantages to the cybersecurity industry. At this year’s Pwn2Own 2023 held in Vancouver between 22 and 24 March 2023, around 19 entries were part of the event, aiming to target nine different platforms, including Tesla cars.

This time, participants were awarded a full bounty (more than $1,000,000) in every round for successful exploits.

During the three-day event, contestants revealed 27 unique zero days and won $1,035,000 cumulatively and a Tesla. Team Synacktiv won the most points (53 points) and was declared the Masters of Pwn. They took home $530,000, a $25,000 bonus, Platinum status in 2024 Pwn2Own, and a Tesla Model 3. Here are the highlights of vulnerabilities disclosed each day.

**Day 1 Highlights:**

**On day 1**, Haboon SA’s AbdulAziz Hariri (@abdhariri) used a 6-bug logic chain to attack Adobe Reader and successfully exploited multiple failed patches that evaded the sandbox and bypassed a banned API list. For this attempt, Hariri warned $50,000 and five Master of Pwn points.

STAR Labs successfully executed a 2-bug chain targeting Microsoft SharePoint and earned $100,000 with ten Master of Pwn points. Team STAR Labs also successfully executed an attack against Ubuntu Desktop. However, this was a known exploit for which they earned $15,000 and 1.5 points.

Qrious Security’s Bien Pham (@bienpnn) successfully exploited Oracle VirtualBox using an OOB Read with a stacked-based buffer overflow and earned $40,000 with 4 Master of Pwn points.

Synacktiv (@Synacktiv) successfully executed a TOCTOU attack against Tesla – Gateway and earned ten Master of Pwn points, a Tesla Model 3, and $100,000.

Marcin Wiązowski managed to get elevated privileges on Windows 11 using an improper input validation bug and received a $30,000 bounty with 3 Master of Pwn points.

**Day 2 Highlights:**

**On day 2**, Synacktiv team’s Thomas Imbert and Thomas Bouzerar successfully demonstrated a 3-bug chain targeting Oracle VirtualBox with a Host EoP. However, since the bug was previously known, they earned $80,000 and eight Master of Pwn points.

Another successful exploit came from Team Synacktiv’s David Berard and Vincent Dehors; they exploited Tesla- Infotainment Unconfined Root through a heap overflow and an OOB write.

The duo qualified for 25 Master of Pwn points, a Tier 2 award, and a $250,000 bounty. Another achievement of Team Synacktiv came from Tanguy Dubroca for acquiring privilege escalation on Ubuntu Desktop using an incorrect pointer scaling. The team earned $30,000 and 3 Master of Pwn points.

On the second day, Team Viettel used a 2-bug chain to target Microsoft Teams and earned eight Master of Pwn points with a $75,000 award. Team Viettel also successfully exploited Oracle VirtualBox using an uninitialized variable with a UAF bug and was awarded $40,000 with four Master of Pwn points.

**Day 3 Highlights:**

**On day 3**, ASU SEFCOM’s Kyle Zeng exploited Ubuntu Desktop using a double-free bug and earned $30,000 with three Master of Pwn points.

Synacktiv’s Thomas Imbert exploited Microsoft Windows 11 using a UAF. Imbert earned three Master of Pwn points and $30,000. Theori’s Mingi Cho also used a UAF to target Ubuntu Desktop. Chio earned a $30,000 bounty and three Master of Pwn points.

Lastly, STAR Labs targeted VMWare Workstation using an uninitialized variable and UAF. They earned eight Master of Pwn points and $80,000.

**Pwn2Own – Good for Cybersecurity**

An initiative like Pwn2Own provides a platform for security researchers to showcase their skills and identify vulnerabilities in widely used software and operating systems. By doing so, the contest helps identify weaknesses that may not have been discovered previously, allowing vendors to develop fixes and improve their products’ security.

Another advantage of Pwn2Own is that it incentivizes researchers to find and report vulnerabilities in a responsible manner, rather than selling them on the black market or using them maliciously. The contest rewards researchers for successfully exploiting vulnerabilities, encouraging them to disclose their findings to the relevant vendors, who can then address the issues and improve the security of their products.

Finally, Pwn2Own helps raise awareness about the importance of cybersecurity and the need for continuous improvement in the security of software and systems. By highlighting the risks and **potential consequences of cyber attacks**, the contest encourages individuals and organizations to take security seriously and invest in measures to protect themselves from potential threats.

1.  Hack DHS and get a $5,000 Bug Bounty
2.  6 of the Best Crypto Bug Bounty Programs
3.  Hack the Pentagon 3.0: Bug Bounty Program
4.  Bug bounty: Hack Tesla Model 3 to win Model 3
5.  Hacker at DefCon Jaikbreaks Tractor to Play Doom

Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

By Waqas
The CEO of Latitude Financial, Ahmed Fahour, has expressed disappointment in the incident and apologized unreservedly to customers.
This is a post from HackRead.com Read the original post: Latitude Financial Data Breach: 14 Million Customers Affected

****The Australian consumer lender, Latitude Financial, has suffered a major cyber attack, leading to a data breach of passport and driver license numbers, impacting 14 million customers in Australia and New Zealand.****

Latitude Financial, a consumer lender that provides personal loans and credit to its customers, has disclosed that it suffered a data breach in mid-March, which resulted in the theft of 14 million customer records.

The data that was stolen includes driver’s licenses, passports, and financial statements. Initially, the lender downplayed the impact of the cyber attack, but it has now emerged that the scale of the breach is much greater than previously reported.

According to a forensic review conducted by the company, approximately 7.9 million Australian and New Zealand driver license numbers were stolen, of which around 3.2 million were provided in the last decade.

In addition, according to ABC Australia, approximately 53,000 passport numbers and 100 monthly statements were also stolen. The breach also included 6.1 million records dating back to at least 2005, of which around 5.7 million were provided before 2013.

While the stolen records do not contain all personal information, they do include some of the following: name, address, telephone, and date of birth. The CEO of Latitude Financial, Ahmed Fahour, has expressed disappointment in the incident and apologized unreservedly to customers.

The latest news should not come as a surprise, as Australia has been making headlines for all the wrong reasons in the field of cybersecurity. From data breaches on financial institutions to defence organizations, the country has recently been rattled by cyber attacks.

**MORE CONTEXT**

*   Hackers stole 738GB of Australian govt agency data
*   Australian Navy’s Vessels and Fighter Jets data stolen
*   Australian trading giant ACY Securities leaks user data
*   Australia’s largest telecom firm Optus suffers data breach

The company is working with impacted customers and applicants to minimize the risk and disruption to them, including reimbursing the cost of replacing their ID documents. Latitude Financial is also committed to conducting a full review of the incident.

The company had to take some of its systems offline when the breach was discovered and is still unable to help customers with specific account inquiries. Fahour says the company’s employees are working tirelessly to get its systems back online.

The incident has once again highlighted the importance of cybersecurity measures and the need for companies to take all necessary steps to protect their customers’ data.

1.  Acer data breach: hacker sells trove of stolen data
2.  LockBit ransomware claims to hack SpaceX contractor
3.  20m Instant Checkmate & TruthFinder accounts leaked
4.  PayPal sued over data breach that impacted 35k users
5.  DNA testing service to pay $400k for breach it ignored

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Latitude Financial Data Breach: 14 Million Customers Affected

By Deeba Ahmed
According to CISA, this new initiative will be helpful for organizations/institutions in the public health, education, and government sectors. 
This is a post from HackRead.com Read the original post: CISA to Start Issuing Early-Stage Ransomware Alerts

****With timely ransomware alerts, organizations can mitigate the threat and prevent their data from being encrypted/exfiltrated.****

The US Cybersecurity and Infrastructure Security Agency (CISA) has decided to address the growing threat of ransomware attacks, which have been on the rise across the globe. As a result, the agency has taken the initiative to notify organizations about ransomware threats in advance to ensure the protection of critical infrastructure and networks.

**CISA Announces the Issuance of Advance Ransomware Alerts**

According to America’s premier cybersecurity agency, CISA, this new initiative will be helpful for organizations/institutions in public health, education, and government sectors.

Since the beginning of 2023, the agency has notified over sixty organizations from the education, energy, healthcare, and wastewater/water sectors, and the results have been valuable. With timely alerts, these organizations could mitigate the threat and prevent their data from being encrypted/exfiltrated.

It is worth noting that over the years, CISA has been quite active in tackling the growing ransomware threat. In February 2023, the agency started offering a free recovery tool to ESXiArgs ransomware victims, while its guidelines and advisories are taken quite seriously worldwide.

**More Context**

*   NSA, CISA Release Guidelines to Secure VPNs
*   CISA: Use ad blockers to fend off malvertising
*   CISA warns of ransomware attacks on US hospitals
*   CISA warns of attacks on SATCOM Network Providers
*   Hackers exploited Telerik flaw in Govt IIS Server – CISA

**What are Pre-Ransomware Alerts?**

In a press release, Clayton Romans, CISA’s Joint Cyber Defense Collaborative (JCDC) associate director, stated that this is a proactive cybersecurity measure in which notifications are sent to at-risk organizations, warning them about ransomware in advance. This alert helps the entity remove the attackers from their networks and avoid file encryption.

**How Does CISA Issue Notifications?**

Pre-Ransomware notifications rely on tips received by the Joint Cyber Defense Collaborative from researchers, infrastructure providers, and threat intelligence firms. After receiving the tip, CISA’s field personnel informs the targeted organization and helps mitigate the attack. In case the network is compromised, victims are offered help to mitigate the impact and understand the attackers’ tactics, techniques, and procedures.

**How Do Pre-Ransomware Alerts Protect Organizations?**

These alerts work because CISA noticed that ransomware attackers usually wait after gaining initial access to their targets before stealing/encrypting data. This period can last from several hours to a few days. If an organization is alerted during this time, the company can evict the invaders and prevent data encryption.

Therefore, when an entity receives an early warning, it can reduce the amount of data loss and financial losses while preventing any impact on its ongoing operations. CISA officials claim that their initiative has already yielded favourable results.

“Continuing to enhance our collective cyber defence is contingent upon persistent collaboration and information sharing between partners across government and the private sector,” Romans noted.

1.  Free Decryptor to LockerGoga Ransomware Victims
2.  CISA Offers Recovery Tool for ESXiArgs Ransomware
3.  Bitdefender offers MortalKombat ransomware decryptor
4.  Avast Releases Free Decryptor for BianLian Ransomware
5.  Universal decryptor key for Sodinokibi, REvil ransomware

CISA to Start Issuing Early-Stage Ransomware Alerts

By Deeba Ahmed
The backdoors used in this campaign are never-before-seen malware strains called CommonMagic and PowerMagic.
This is a post from HackRead.com Read the original post: New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

****The primary targets of this phishing campaign are located in the Ukrainian regions of Crimea, Donetsk, and Lugansk, which were annexed by Russia in 2014.****

Threat actors have launched a new spear phishing campaign in which they install a PowerShell-based PowerMagic backdoor and CommonMagic framework, according to a report by Kaspersky’s Global Research and Analysis Team.

The attackers send phishing emails containing malicious documents that lead to the installation of the backdoors. The primary targets of this campaign are located in the Ukrainian regions of Crimea, Donetsk, and Lugansk, which were annexed by Russia in 2014.

The emails are designed around the Russian-Ukrainian conflict, indicating that the attackers may have a specific interest in the regional geopolitical situation.

Example of the phishing email (Image credit: Kaspersky)

Kaspersky researcher Leonid Besverzhenko stated that the campaign is primarily an espionage operation targeting administrative, agricultural, and transportation organizations to steal sensitive data.

The phishing emails contain a URL that directs the victim to a ZIP archive containing a malicious LNK file disguised as a PDF. When the victim launches the file, their network is infiltrated, and PowerMagic establishes a connection with its C2 server using OneDrive and Dropbox folders, triggering infection through CommonMagic, a previously undiscovered “malicious framework.”

The CommonMagic framework includes separate modules for different tasks, such as encryption/decryption, screenshot capturing, and document stealing. It can also use plugins for stealing a wide range of files, including DOC, DOCX, XLS, XLSX, RTF, ODT, ODS, ZIP, RAR, TXT, and PDF from USB devices.

Additionally, it can take screenshots every three seconds by abusing the Windows Graphics Device Interface (GDI) API. Both malware have been in active use since September 2021, and Kaspersky discovered the campaign in October.

However, researchers have not yet been able to associate this campaign with a previously known actor. They do believe that an advanced threat actor is behind this campaign.

1.  Ukraine thwart Russian Industroyer 2 malware attack
2.  34 Russian hacking gangs stole 50m user passwords
3.  DDoS app meant to hit Russia infected Ukrainian phones
4.  CryWiper disguised as ransomware to hit Russian courts
5.  Data of Millions of Russians & Ukrainians Exposed Online

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

By Habiba Rashid
OpenAI has apologized and reached out to affected users about the potential data breach.
This is a post from HackRead.com Read the original post: ChatGPT Bug Exposed Payment Details of Paid Users

****Earlier, a ChatGPT bug exposed conversation histories to other users, but now reports indicate that the bug also exposed the payment details of paid users (ChatGPT Plus subscribers).****

OpenAI has confirmed that a software bug on Monday caused ChatGPT to expose conversation histories from random users and payment details for some paid users. As a result, the company has reached out to affected users and implemented measures to prevent similar incidents in the future.

The glitch was first reported on Monday when users attempting to subscribe to the paid ChatGPT Plus service noticed email addresses from random users appearing in the payment form.

Upon further investigation, OpenAI discovered that the glitch also exposed payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window.

The exposed payment details included the first and last name, email address, payment address, last four digits of a credit card number, and credit card expiration date of another active user. However, OpenAI has emphasized that full credit card numbers were not exposed at any time.

OpenAI believes that the chances of a stranger viewing this payment information are extremely low because the exposed details partly arrived through emails confirming the subscription of new ChatGPT Plus users on Monday morning between 1 a.m. and 10 a.m. Pacific Standard Time (PST). Certain subscription confirmation emails created within that time frame were delivered to incorrect recipients as a result of the glitch.

If a user accessed the “My Account” function on ChatGPT’s website and clicked on the “Manage my subscription” feature between 1 a.m. and 10 a.m., other payment details would have been visible to them.

In a blog post, OpenAI apologized to its users and reached out to affected users about the potential data breach. The company has also identified the cause of the leak, blaming it on a bug in an open-source library used to run a Redis database.

To prevent similar incidents from occurring, OpenAI has patched the ChatGPT bug and added safeguards to ensure requests to the Redis caches match the requesting user. OpenAI is confident that there is no ongoing risk to users’ data. In addition, the chat history sidebar appears to be restored on ChatGPT.

If you are currently a paid subscriber and believe that your payment information has been exposed, it is recommended that you monitor your account for any unauthorized activity and contact your bank if you suspect any fraudulent charges.

1.  OpenAI’s ChatGPT exploited to deploy malware
2.  Blackmamba malware developed with ChatGPT
3.  ARMO integrates ChatGPT to secure Kubernetes
4.  ChatGPT bug exposes conversation history titles
5.  Crooks pose as ChatGPT in a new phishing scam
6.  Fake ChatGPT Extension Hacks Facebook Accounts

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

ChatGPT Bug Exposed Payment Details of Paid Users

By Waqas
The National Crime Agency (NCA) has conducted a sting operation to infiltrate the cybercrime market with fake DDoS sites for Operation Power Off.
This is a post from HackRead.com Read the original post: UK’s NCA infiltrates cybercrime market with fake DDoS sites

****The agency set up several fake DDoS sites offering DDoS-for-hire services to infiltrate the online criminal marketplace**.**

Remember when the Dutch police sent letters to those who bought “booters” from DDoS sites? The National Crime Agency (NCA) of the United Kingdom is doing something similar but in a tricky way.

The agency has launched a sting operation as part of Operation Power Off, a collaboration between international law enforcement agencies to take down DDoS (distributed denial of service) infrastructure.

The operation involved the NCA setting up several fake DDoS sites and offering DDoS-for-hire or booter services to infiltrate the online criminal marketplace. It is important to note that DDoS attacks are illegal in the UK under the Computer Misuse Act 1990.

The NCA designed all these sites to appear authentic, giving the visitor the impression that the tools and services offered would allow them to launch DDoS attacks.

The agency claims that several thousand people have visited these sites, but upon registering on the site, instead of getting the services, users are shown a splash page informing them that their data has been collected, and law enforcement agencies will contact them.

This is what is shown once a user registers an account (Image: NCA)

For foreign visitors (users outside the United Kingdom), their data is transferred to international agencies. For instance, if a user from the United States has registered on one of the fake DDoS sites, their details would be forwarded to the FBI.

According to the NCA‘s National Cyber Crime Unit’s Alan Merrett, booter services are currently under the agency’s radar because they serve as a potent enabler of cybercrime in the country and elsewhere.

Merrett noted that the perceived anonymity and ease of use provided by these services make DDoS an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.

> The perceived anonymity and ease of use afforded by these services mean that DDoS has become an attractive entry-level crime, allowing individuals with little technical ability to commit cyber offences with ease.”
> 
> Alan Merrett -NCA

Merrett added that the agency would not reveal the number of fake DDoS sites it is currently operating or how long the sting operation will last. Therefore, people looking for these services should be cautious as they might not know who is operating them.

1.  Admin of DDoS-For-Hire Service jailed for 2 Years
2.  Teen arrested for 8 DDoS attacks on school classes
3.  Tor Network Hit By a Series of Ongoing DDoS Attacks

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

UK’s NCA infiltrates cybercrime market with fake DDoS sites

By Deeba Ahmed
According to the attorney general of Ecuador, a terrorism investigation has been launched after the incident took place in the country.
This is a post from HackRead.com Read the original post: Journalist Targeted in USB Drive Bombing Attack

****The USB drive was found to contain RDX, a military-grade explosive substance that was inside a capsule attached to the drive.****

We’ve heard about the Killer USB, which could fry a targeted laptop, but have you heard about a USB that can be used to donate money and physically harm victims? Lenin Artieda, a journalist and presenter at Ecuador’s national television network Ecuavisa, was injured in a pre-planned attack earlier this week.

In a report published by the local TV network Ecuavisa, Artieda received a package containing a USB drive, which exploded when he connected it to his computer to check its contents.

The package

The explosion injured him on his hands and face, indicating that the USB drive was designed to detonate after getting connected to a computer. The incident took place at Ecuavisa’s TV network’s newsroom, where Artieda received the package via mail.

In another report, Ecuavisa revealed that the USB drive was found to contain RDX, a military-grade explosive substance that was inside a capsule attached to the drive. The explosion did not cause any damage inside the newsroom, but Artieda suffered injuries.

Investigation into the incident revealed that only half of the RDX exploded because it was not fully activated, and it is speculated that the device pulled just enough voltage from the USB connector on the PC to make it detonate.

Two other journalists from different media outlets in Ecuador also received similar explosive USB drives, but the drives did not detonate when they were connected to their computers.

Furthermore, reportedly, four more letters containing similar devices were sent to other media outlets across Ecuador, but the targets remained unharmed because they did not open the packages or the devices did not explode.

> — FUNDAMEDIOS (@FUNDAMEDIOS) March 20, 2023

The police revealed that the device did not explode because it was inserted into an adapter that did not provide the same electrical charge as a computer.

The country’s attorney general has launched a terrorism investigation, as the use of military-grade explosives suggests a possible attempt to intimidate journalists. The attacker’s possible objectives and identity are still unclear, but the government has called it an aggressive act.

“Any attempt to intimidate journalism and freedom of expression is a loathsome action that should be punished with all the rigour of justice,” the government responded.

The incident highlights the danger journalists face when reporting the news and the need for adequate security measures to protect them.

1.  Hackers mailing USB drives to spread ransomware
2.  ‘BadPower’ attack on fast chargers burn smartphone
3.  BusKill USB cable switches off laptop in event of theft

Journalist Targeted in USB Drive Bombing Attack

By Habiba Rashid
Reportedly, Do Kwon was caught using falsified documents at an airport in the capital city of Montenegro.
This is a post from HackRead.com Read the original post: Do Kwon, Founder of Terraform Labs, Arrested in Montenegro

****According to Montenegro’s minister of interior Filip Adzic, Do Kwon was suspected of being “one of the most wanted fugitives.”****

Do Kwon, the co-founder and CEO of Terraform Labs, has been reportedly arrested. Kwon had been on the run for several months before being caught using falsified documents at an airport in Podgorica, the capital city of Montenegro.

Filip Adzic, Montenegro’s minister of interior, announced the arrest in a tweet, saying that Do Kwon was suspected of being “one of the most wanted fugitives” and that authorities were awaiting official confirmation of his identity.

Do Kwon

Kwon’s arrest came after he was accused of playing a major role in the $40 billion Terra/LUNA collapse, which had a significant impact on the cryptocurrency markets.

“Montenegrin police have detained a person suspected of being one of the most wanted fugitives, South Korean citizen Do Kwon, co-founder and CEO of Singapore-based Terraform Labs,” Adzic tweeted.

Kwon had been under investigation for the past 11 months since the collapse of the platform, and in September 2022, Interpol issued a red notice requesting law enforcement agencies worldwide to search for and arrest him.

In mid-February, the U.S. Securities and Exchange Commission also charged Terraform Labs and Kwon with defrauding U.S. investors who purchased its crypto assets, LUNA and the stablecoin Terra.

Kwon had denied claims that he was hiding from authorities, but prosecutors refuted those claims. The fact that he was caught using falsified documents at the airport suggests that he was indeed trying to evade authorities.

According to reports, Kwon had fled Singapore, where he had been living, and had made stops in Dubai and Serbia before being arrested in Montenegro. The Korean National Police Agency has confirmed that the suspect appears to be Kwon based on checking his age, name, and nationality on his ID card.

The collapse of the Terra stablecoin had a significant impact on the cryptocurrency markets, with about $40 billion being wiped out. Kwon has been accused of financial fraud, tax evasion, and violating South Korean capital market rules. He has denied these charges and claimed that they are politically motivated.

Kwon’s arrest has been welcomed by many who were affected by the collapse of the Terra platform. As more information about the arrest becomes available, it will be interesting to see how it affects the ongoing investigations and legal proceedings against Kwon and Terraform Labs.

The arrest of his alleged aide, Han Mo, is also a significant development in the case. It is likely that more information will come to light as the investigation progresses, shedding further light on the collapse of the Terra platform and the role played by Kwon and Terraform Labs.

This news is a reminder that the cryptocurrency industry is still largely unregulated and that investors need to be cautious when investing in digital assets. It is essential to conduct thorough research and due diligence before investing in any cryptocurrency to avoid significant losses.

The collapse of the Terra platform is just one example of the potential risks involved in the industry, and investors should be aware of these risks before investing.

1.  $3.6B worth of BTC seized from 2016’s Bitfinex hack
2.  Japanese boy arrested for developing crypto malware
3.  DoJ seizes $1B in BTC linked to Silk Road marketplace

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Do Kwon, Founder of Terraform Labs, Arrested in Montenegro

By Deeba Ahmed
At the time of reporting this scam to Google, the fake ChatGPT extension had over 7,000 installations.
This is a post from HackRead.com Read the original post: Fake ChatGPT Extension Hijacks Facebook Accounts

****In this campaign, attackers have used the legitimate ChatGPT for Google extension and added malicious code to it in order to steal Facebook session cookies.****

The cybersecurity researchers at Guardio have found a new info-stealing campaign exploiting ChatGPT, the popular AI chatbot from OpenAI. In this campaign, attackers are distributing fake ChatGPT extensions that promise to integrate the chatbot with your Google search results. In reality, it can steal your Facebook account.

The latest ChatGPT scam should not come as a surprise, as cybercriminals have been attempting to exploit the popularity of the AI chatbot since its launch last year. In January 2023, it was reported that several fake ChatGPT clone apps on the iOS and Play Stores were collecting user data and sending it to remote servers.

The fake ChatGPT extension (Guardio)

**Fake ChatGPT Extension Discovered**

In the newly discovered campaign, Guardio researchers noted that it is based on an open-source extension containing malicious code to force the product to function as per the attacker’s demands and make it difficult to detect it.

The fake extension is leveraged by the Chrome Extension API to obtain active Facebook cookies and send the data to the attacker’s server. Hackers can easily log into the victim’s Facebook account, change account credentials and create zombie accounts by converting profiles into a false persona “Lily Collins.” The accounts are then used to distribute malicious ads and propaganda campaigns.

**How Does the Attack Work?**

Attackers have used the legitimate ChatGPT for Google extension and added malicious code to it in order to steal Facebook session cookies. Users are lured to download the extension via fake sponsored search results.

When the user search for ChatGPT 4, you will click on a sponsored search result that will redirect you to a landing page offering to embed the chatbot inside your search results. After you have installed the extension from the official Chrome Web Store, it allows you access to ChatGPT in search results along with compromising your Facebook account.

Attack flow (Guardio)

“Looking at the “OnInstalled” handler function that is triggered once the extension is installed, we see the genuine extension just using it to make sure you see the options screen (to log in to your OpenAI account). On the other hand, the forked, turned malicious, code is exploiting this exact moment to snatch your session cookies,” the report read.

**How to Identify Fake Extension?**

Researchers explained that the fake add-on was most probably downloaded via a sponsored ad in Google search results for Chat GPT 4, just like Bitwarden and Radeon users were targeted earlier in 2023. This extension was downloaded from the Chrome Store between Feb 14 and Mar 22.

It has now been removed from the store. You can check if the ChatGPT for Google installed on your computer is fake or legit by clicking on the puzzle icon on the Chrome address bar’s right side. then click on Manage Extension> Details> View in Chrome Web Store.

If the official extension shows chatgpt4googlecom as its verified developer and boasts more than a million users then it is original else it is fake.

1.  OpenAI’s ChatGPT exploited to deploy malware
2.  Blackmamba malware developed with ChatGPT
3.  ARMO integrates ChatGPT to secure Kubernetes
4.  ChatGPT bug exposes conversation history titles
5.  Crooks pose as ChatGPT in a new phishing scam