OpenAI Fights DDoS Attacks

Nov 10 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s celebrating its 200th edition! ๐ŸŽ‰ Woop woop! Hereโ€™s to a thousand more ๐Ÿป

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉน

Check out these freshly hatched patches!! ๐Ÿฃ๐Ÿฃ๐Ÿฃ

Android rage ๐Ÿ’ช๐Ÿ™ƒ๐Ÿ˜‚

๐Ÿ“ข Google dropped a security update for Android! In November 2023, 37 vulnerabilities got patched, and extra fixes for Pixel devices were included. ๐Ÿ“ฑ

Part 1: 2023-11-01 patch tackles 15 issues, including a critical one (CVE-2023-40113) affecting Android 11, 12, 12L, and 13. ๐Ÿ˜ฑ

Part 2: 2023-11-05 patch covers 22 security defects in Arm, MediaTek, and Qualcomm components.

If you have the 2023-10-05 patch, donโ€™t sweat it because you’re already protected, baby. ๐Ÿ˜Ž Pixel users get eight patches, and Wear OS and Automotive OS are also secured. No known attacks yet! ๐Ÿ”’๐Ÿ˜…๐Ÿš€

Now, on to todayโ€™s hottest cybersecurity stories:

  • ๐Ÿค– Itโ€™s open season on OpenAIโ€™s ChatGPT with DDoS attacks galore

  • ๐Ÿ“ฐ Windowsโ€™ news portal impersonated by RedLine malvertising scam ๐Ÿ‘พ

  • ๐Ÿฆƒ U.S. urges critical infrastructure to embrace โ€˜Shields Readyโ€™ campaign ๐Ÿ›ก๏ธ

Hackers: Can we hack it? DDoS we can!

 

imgflip.com

 

Defending ChatGPT: OpenAI Fights DDoS Attacks ๐Ÿ›ก๏ธ

OpenAI, the developer behind ChatGPT, recently faced a relentless storm of distributed denial of service (DDoS) attacks, causing intermittent outages. Here’s the scoop on what happened and why it matters. ๐Ÿš€

๐Ÿ”Œ Attack Alert: ChatGPT in Peril ๐Ÿšจ

On November 8, ChatGPT and its API experienced “periodic outages” due to an abnormal traffic pattern, indicative of a DDoS onslaught. OpenAI worked tirelessly to mitigate the situation and get ChatGPT back on track. ๐Ÿ“†

๐Ÿค– Hacktivist Havoc ๐ŸŒ

Anonymous Sudan, a hacktivist group, declared itself the culprit behind these DDoS attacks. Their motives? Allegations of OpenAI’s support for Israel and concerns about ChatGPT’s potential role in oppressive actions. ๐ŸŒ

๐Ÿš€ AI in Conflict and Espionage ๐ŸŒ

Anonymous Sudan raised questions about AI’s use in weaponry and intelligence, emphasising the impact on global conflicts. ๐ŸŒ

๐Ÿ” Strengthening Cyber Defences ๐Ÿ›ก๏ธ

Security experts advise continuous enhancement of DDoS mitigation services to adapt to the evolving tactics of threat actors. OpenAI remains a notable target for cyberattacks due to its prominence in the tech industry. ๐Ÿš€

In a world filled with uncertainties, safeguarding network integrity remains paramount. Stay tuned for updates as OpenAI’s battle against DDoS attacks unfolds. ๐Ÿ”’๐ŸŒ๐Ÿ˜ฎ

 

Clean your Mac or PC

 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

Windows: I heard the news today, oh boyย ๐ŸŽถ

 

imgflip.com

 

๐Ÿฆ  Malvertising Alert: Cybercriminals Mimic Windows News Portal to Spread Malware ๐Ÿฆ 

A concerning malvertising campaign has emerged, where cybercriminals are imitating a legitimate Windows news portal to disseminate malware. This portal typically attracts software enthusiasts and system administrators seeking computer reviews and software utilities. ๐Ÿ–ฅ๏ธ

๐Ÿ‘€ What’s Going On? ๐Ÿ‘€

Threat actors are capitalising on the Windows news portal’s credibility to promote a malicious installer for the widely-used CPU-Z processor tool.

They employ a cloaking technique that redirects victims to a seemingly innocent blog page, which, in reality, leads to a download page housing a digitally signed MSIX installer designed to avoid detection.

When users click the installer, a malicious PowerShell script called FakeBat is triggered, downloading Redline Stealer onto the victim’s system.

๐ŸŒ A Broader Campaign Unveiled ๐ŸŒ

Based on their investigation, researchers suspect this incident is part of a larger malvertising campaign targeting other utilities like Notepad++, Citrix, and VNC Viewer. ๐Ÿ•ต๏ธ

๐Ÿ”ฎ Recent Trickery Trends ๐Ÿ“ˆ

In addition to this, a surge in fake browser update campaigns has been observed, facilitating the spread of Cobalt Strike, loaders, and stealers. These campaigns have tricked users into unknowingly downloading malware onto their systems through visual deception and watering hole techniques. ๐ŸŒŠ

๐Ÿ•ต๏ธ Stay Vigilant ๐Ÿ”Ž

Impersonating popular software remains a favoured tactic of cybercriminals. To stay safe, organisations can verify software files using SHA256 hash sums from the vendor’s website and keep an eye on Indicators of Compromise (IoCs), including malicious domains and payload URLs, to understand attack patterns. ๐Ÿ›ก๏ธ๐Ÿ’ก

Vigilance and cautiousness remain key in the ongoing battle against cyber threats. Stay informed and stay secure! ๐Ÿ”’๐Ÿ‘€๐Ÿ”

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can’t get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

US: Tonight, we dine in hell ๐Ÿ›ก๏ธโš”๏ธ๐Ÿน

US Government Launches “Shields Ready” Campaign for Cyber Resilience ๐Ÿ›ก๏ธ

The US government is stepping up its game in the realm of critical infrastructure (CNI) cyber-resilience with the launch of the “Shields Ready” campaign, designed to complement the highly successful “Shields Up” initiative.

๐Ÿ›ก๏ธ Shields Up or Shields Ready? ๐Ÿ˜‚

While “Shields Up” aimed to prepare everyone for cyber-attacks, “Shields Ready” has a laser focus on enhancing CNI processes and fortifying systems in anticipation of potential incidents. ๐Ÿ”’

๐Ÿ”‘ Key Messages for CNI Providers

Jointly launched by the US Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security (DHS), and the Federal Emergency Management Agency (FEMA), “Shields Ready” conveys four pivotal messages to CNI providers:

Understand Infrastructure & Dependencies ๐Ÿ‘ทโ€โ™‚๏ธ: Identify critical operational systems and potential interdependencies with other infrastructure.

Comprehensive Risk Assessments ๐Ÿšจ: Evaluate a broad spectrum of threats that could disrupt CNI and assess specific vulnerabilities.

Make Actionable Plans ๐Ÿ“‹: Develop strategic risk management plans to reduce risks and vulnerabilities. Create incident response and recovery plans to minimise downtime.

Measure Progress & Improve ๐Ÿ“ˆ: Continuously enhance readiness by testing incident response plans under real conditions. Regularly update and evaluate strategic plans.

Jen Easterly, CISA director, stressed the need to equip CNI entities, including hospitals, schools, and water facilities, with the resources necessary to respond to disruptions. This campaign aims to enhance the resilience of the infrastructure that Americans rely on daily. ๐Ÿ’ช๐ŸŒ

Preparation today ensures readiness for tomorrow’s threats. Stay vigilant and resilient! ๐Ÿ—๏ธ๐Ÿ‘€๐Ÿ” Cheers cyber squad and thanks for reading our 200th edition. Enjoy the weekend and stay cyber safe โœŒ๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles