Get A Quote
Written by Hitachi Systems Security on 24 March 2023

NBA Fan Data hacked via Third-Party Vendor

The National Basketball Association (NBA) admitted over the weekend that "an unauthorized third party" hacked a database filled with fans' names and email addresses, but the systems remain uncompromised.

NBA programming and games are broadcast worldwide, in 215 countries and over 50 languages.

Unfortunately, with the basketball playoffs, upcoming social engineering, and related email phishing, attacks on fans using NBA-themed lures are likely.

As a reminder, the NBA manages a media organization and five professional sports leagues:

  • NBA
  • WNBA
  • Basketball Africa League
  • NBA G League
  • NBA 2K League

NBA says the investigation is ongoing to audit the extent of the impact and resolve the issue as soon as possible.

BreachForums Pompompurin Unmasked and arrested in New York

The man ran the infamous BreachForums hacking forum under the online alias Pompompurin. U.S. law enforcement authorities arrested Conor Brian Fitzpatrick in Peekskill, a town about 35 miles north of Manhattan, New York. Fitzpatrick was the owner and administrator of 'BreachForums,'" and has been charged with one count of conspiracy to solicit individuals to sell unauthorized access devices.

Conor Brian Fitzpatrick was released on a $300,000 bond signed by his parents and is summoned to appear before the District Court for the Eastern District of Virginia on March 24.

CISA, FBI, MS-ISAC Warn Critical Infrastructure of LockBit 3.0 Ransomware Attacks

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) issued a joint cybersecurity advisory over growing concerns about LockBit ransomware against multiple strategic sectors. The advisory details LockBit 3.0 ransomware tactics: indicators of compromise and tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the latest variant, as well as advising on improving cyber defenses.

LockBit 3.0 is a sophisticated version of its predecessors, LockBit and LockBit 2.0. This model works as an affiliate-based Ransomware-as-a-Service (RaaS) model, qualified as "more modular and evasive." LockBit has been used by affiliates, per the advisory. Affiliates who didn't develop it themselves collect extortion from victims and then pay the core developer team a fee.

Lockbit 3.0 is highly effective, with tactics hindering the effectiveness of computer network defenses and mitigation; the reason why authorities urged organizations to implement a robust recovery plan, align password standards with those of the National Institute for Standards and Technology (NIST), and employ network segmentation.

Also known as "LockBit Black," the latest variant "shares similarities with Black Matter and Black Cat ransomware. Its code is password protected to help evade detection and analysis, as the "code is un-executable and unreadable in its encrypted form." Finally, the variant can determine the behavior of the ransomware on the targeted device, gaining access through remote desktop protocols (RDPs), drive-by compromise, phishing attacks, abuse of valid accounts, and exploits of public-facing applications.

Bug revealing titles of user conversations forces OpenAI to shut down ChatGPT temporarily.

OpenAI temporarily disabled its popular chatbot on Monday after a severe malfunction occurred regarding some users' conversation history shared with other chatbot users.

The artificial intelligence keeps a history of all requests and responses on the left side of the interface. Users can thus find the information or texts generated by the AI at any time. Until the incident, it was possible to delete the conversation history. Users could not see questions asked by others in ChatGPT.

Users were quick to react on social networks, with screenshots, to the extent of the bug. However, only the titles of each exchange appeared in the interface, and it was impossible to find the identity of the users. Therefore, the leak did not reveal the user's identity and interests. The titles chosen automatically by ChatGPT are generally not very evocative. In short, this malfunction did not jeopardize Internet users' privacy.

On his Twitter account, Sam Altman, CEO and co-founder of OpenAI, confirmed the existence of a "significant problem" caused by "a bug in an open source library" on March 22, 2023. The executive said that only a "small percentage of users" could read the titles of other users' conversations.

Despite this, OpenAI chose to play it safe by taking ChatGPT offline for several hours, even for subscribers to the paid ChatGPT Plus offering, as soon as the malfunction was spotted.

In the process, the startup disabled the conversation history option. While access to ChatGPT was quickly restored, the history remained inaccessible for several days. It was no longer possible to view previous conversations or record new ones. Thus, paid subscribers and users of the free version were treated the same.

The issue of personal data.

This incident, although not very serious and a little bug, raises concerns about the privacy of ChatGPT users. The incident is a reminder that Open-AI has access to all your exchanges with artificial intelligence. On its website, in the Privacy section, the firm explains straightforwardly that the information transmitted to ChatGPT is collected. This bug has highlighted the importance of not disclosing sensitive information to ChatGPT. Indeed, if some people provided personal information to the generative AI, others could quickly know the identity of the users to whom these conversations belonged. OpenAI has repeatedly warned users of the dangers of using ChatGPT.

Be aware.





Related Posts