Check Point analysts have noticed that Russian-speaking hacker forums are actively discussing access to bypass geo-blocking, due to which the OpenAI ChatGPT language model is not available in Russia.

We also wrote that Microsoft’s VALL-E AI Is Able to Imitate a Human Voice in a Three-Second Pattern, and also that Google Is Trying to Get Rid of the Engineer Who Suggested that AI Gained Consciousness.

It was also reported that UN calls for a moratorium on the use of AI that threatens human rights.

Let me remind you that the topic of creating malware using ChatGPT is already being closely studied by the information security community, and experiments conducted by specialists show that such a use of the tool is really possible.

For example, a recent report by CyberArk details how to create polymorphic malware using ChatGPT, and the researchers plan to soon publish part of their work “for educational purposes.”

Scheme interactions between ChatGPT and malware

In fact, CyberArk managed to bypass ChatGPT content filters and demonstrated how “with very little effort and investment on the part of an attacker, you can continuously query ChatGPT, each time receiving a unique, functional and verified piece of code.”

Basic DLL injection in explorer.exe where the code is not fully completed yet

In turn, Check Point researchers warn of the rapidly growing interest of hackers in ChatGPT, as it can help them scale malicious activity. This time, it turned out that Russian-speaking attackers are trying to bypass restrictions on access to the OpenAI API. Hack forums are already sharing tips on how to bypass IP blocking, solve the problem with bank cards and phone numbers, that is, everything that is needed to gain access to ChatGPT.

To prove their words, the researchers provide several screenshots. On one of them, the criminal wants to get access to the OpenAI API and asks his “colleagues” for advice on how best to use a stolen bank card to verify an OpenAI account.

Other screenshots discuss geo-blocking bypass, as ChatGPT is not currently available in Russia, China, Afghanistan, Belarus, Venezuela, Iran, and Ukraine.

Artificial intelligence company OpenAI has restricted access to its products for Ukrainians so as not to violate global sanctions due to the annexation of ORDLO and Crimea in 2014.

This is stated in the text of Forbes with reference to a letter that the company sent to the Ministry of Digital Transformation.

The report also notes that many semi-legal online SMS services have already compiled guides on how to use them to register with ChatGPT.

The post Russian Cybercriminals Seek Access to OpenAI ChatGPT appeared first on Gridinsoft Blog.

The RCE vulnerability CVE-2022-21893 was fixed on January 2022 Patch Tuesday, but the attack vector was not fixed. In April 2022, Microsoft already fixed the new bug CVE-2022-24533.

Let me remind you that we wrote that Sarwent malware opens RDP ports on infected machines, and also that Information Security Specialists Discovered a 0-day Vulnerability in Windows Search.

CVE-2022-21893 is a Windows Remote Desktop Services (RDS) vulnerability that could allow an unprivileged user via RDP to access the file system of connected users’ devices.

The vulnerability allows an attacker to view and modify the contents of the clipboard, sent files, and smart card PINs. An attacker can impersonate a logged in user and gain access to the victim’s connected devices (USB devices, hard drives, etc.).

According to the researchers, the vulnerability exists due to improper handling of RDS named pipe permissions, which allows a user with normal privileges to “hijack RDP virtual channels in other connected sessions.”

Microsoft changed the permissions on pipes and prevented the regular user from creating named pipe servers. However, this did not remove the user’s ability to set permissions for subsequent instances. After the April fix, a new Globally Unique Identifier (GUID) is generated for new channels that prevents an attacker from predicting the name of the next channel.

At the moment, there are no vulnerabilities, and users are safe. Experts recommended updating the service to the latest version to ensure data protection.

The post Microsoft Has Already Patched a Vulnerability in Windows RDP Twice appeared first on Gridinsoft Blog.

To conduct the experiment, Horwich walked around town with sniffing equipment and collected data from 5,000 network hashes. Next, he exploited a vulnerability to obtain the PMKID hash normally generated for roaming. The PMKID hash consists of the network SSID, passphrase, MAC address, and a static integer.

To get the PMKID hashes, he used a $ 50 AWUS036ACH ALFA NIC, which could act as both a monitor and a packet injection tool, and then analyzed them using WireShark in Ubuntu.

Using the method of Jens “atom” Steub (lead developer of Hashcat), Horwich collected PMKIDs, which were then cracked to obtain passwords.

So Horwich started with mask attacks to identify people using their mobile phone number as a password for Wi-Fi (a common occurrence in Israel). To crack such passwords, it is necessary to calculate all variants of Israeli phone numbers, and these are ten digits, always starting with 05, which leaves only eight digits.

Using a regular laptop and this technique, the researcher successfully compromised 2,200 passwords at an average rate of nine minutes per password. In the next step, he switched to a dictionary attack using Rockyou.txt. This led to the rapid cracking of an additional 1,359 passwords, most of which used only lowercase characters.

As a result, Horwich successfully compromised about 70% of the passwords for the selected Wi-Fi networks and confirmed all his guesses about the poor security of Wi-Fi networks.

The specialist summarizes that users should not enable the roaming function on routers intended for personal use (WPA2-personal), because there is no need for roaming in such networks. He also notes that passwords longer than 10 letters/numbers are more resistant to cracking.

Let me remind you that Any Wi-Fi enabled devices are vulnerable to Frag Attacks issues.

The post Expert hacked 70% of Wi-Fi networks in Tel Aviv for research appeared first on Gridinsoft Blog.