InfoSec Dot - Issue #21. 🧠 False Memories in AI, 📧 Phishing Tactics, 🛢️ Critical Vulnerabilities, 🔓 Data Breaches & More

Hi there,

Welcome to this Thursday's quick update edition of InfoSec Dot!

In this issue, we’re spotlighting some of the latest cybersecurity developments you should know about. From new phishing scams targeting employees with HR-related lures to vulnerabilities in critical infrastructure like water plants and fuel systems, the threats are real and evolving. We also explore key updates, such as Telegram's handling of legal data requests and Arc Browser’s recent vulnerability patch.

Stay informed and learn how to protect yourself and your organization in this fast-moving digital landscape!

Want SOC 2 compliance without the Security Theater?

Tired of SOC 2 Security Theater? 🤔 

Oneleet is the all-in-one platform for building a real-world Security Program, getting a Penetration Test, integrating with a 3rd Party Auditor, and providing the Compliance Automation Software.

Schedule a demo for pricing!

🗓️ What’s New

Telegram Discloses User Data Following Legal Requests Tied to Criminal Activity

Telegram has begun disclosing user data to authorities in response to legal requests linked to criminal investigations. While the platform is known for prioritizing user privacy, it is now complying with requests when there's evidence of serious criminal activity. This marks a significant shift in how Telegram handles privacy versus legal obligations, raising concerns among its user base. Read More (3 Mins Read)

Threat Actors Continue to Utilize HR-Related Phishing Tactics

Cybercriminals are increasingly using HR-related phishing tactics to trick employees into divulging sensitive information. These phishing campaigns often pose as job offers, payroll updates, or benefits notifications to lure unsuspecting victims. The article highlights the growing sophistication of these attacks and emphasizes the importance of employee training and awareness to mitigate such threats. Read More (6 Mins Read)

Kansas Water Plant Cyberattack Forces Switch to Manual Operations

A cyberattack on a Kansas water treatment plant forced operators to switch to manual operations after the system was compromised. The attack disrupted automated processes and raised concerns about the vulnerability of critical infrastructure to cyber threats. Authorities are investigating the incident, which highlights the ongoing risk to essential services from malicious actors. Read More (3 Mins Read)

Dell Investigates Data Breach Claims After Hacker Leaks Employee Info

Dell is investigating claims of a data breach after a hacker leaked sensitive employee information online. The breach, which allegedly exposed names, emails, and job details, has raised concerns about internal security. Dell is currently assessing the situation and working to determine the scope of the incident, while reassuring employees that they are addressing the matter. Read More (2 Mins Read)

False Memories Planted in ChatGPT Give Hackers Persistent Exfiltration Channel

Researchers have discovered a novel attack where hackers plant false memories in ChatGPT to create a persistent data exfiltration channel. By injecting manipulated prompts, attackers can make ChatGPT retain and recall sensitive information long after a conversation ends. This technique bypasses traditional cybersecurity measures, raising concerns about the security implications of AI systems in sensitive environments. Read More (4 Mins Read)

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems

Researchers have uncovered critical vulnerabilities in Automated Tank Gauge (ATG) systems, which are widely used to monitor fuel levels in gas stations and industrial settings. These vulnerabilities could allow attackers to manipulate fuel readings, cause leaks, or disrupt operations entirely. The discovery underscores the importance of securing industrial control systems from cyber threats. Read More (20 Mins Read)

Arc Browser Boost Patch Fixes Firebase Vulnerability

Arc Browser has patched a critical Firebase vulnerability that could have allowed attackers to gain unauthorized access to users' data. The vulnerability affected Arc’s Boost feature, which integrates Firebase for syncing user content. The issue has since been resolved, and users are encouraged to update to the latest version to ensure their data remains secure. Read More (3 Mins Read)

US to Ban Connected Vehicle Tech from China and Russia Due to National Security Risks

The U.S. government is moving to ban the use of connected vehicle technology from China and Russia, citing significant national security risks. These technologies, used in modern vehicles for connectivity and automation, could potentially be exploited for espionage or cyberattacks. The decision reflects growing concerns over foreign control of critical technology in the automotive sector. Read More (3 Mins Read)

🔗 Quick Links

• How the Necro Trojan infiltrated Google Play, again

• Practical Incident Response - Active Directory

• Expert Tips on How to Spot a Phishing Link

• If you're a gamer - your country needs you, says Healey as he seeks more cyber recruits

If you like this issue, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

If you have specific feedback or anything interesting you’d like to share, please let me know by replying to this email.

Regards,

Dot