Week of January 24th, 2025
Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.
Here are this week’s top takeaways:
Have You Heard of GhostAI? Here's Your Recap of the Latest Crime AI
Cybercriminals are using GhostGPT, a newly discovered and completely uncensored AI chatbot, for malware creation, phishing scams, and more, according to a Jan. 23rd report.
“By eliminating the ethical and safety restrictions typically built into AI models,” the report cautions, “GhostGPT can provide direct, unfiltered answers to sensitive or harmful queries that would be blocked or flagged by traditional AI systems.”
Some of the features pushed as helpful in this regard included:
What Organizations Can Learn From the Recent IntelBroker Attack
IntelBroker, a regular figure on the platform BreachForums, made significant waves in 2024 with a series of high-profile attacks. This week, the threat actor has claimed to have breached IT giant Hewlett Packard Enterprise (HPE). This hacker has targeted various organizations in the past, such as General Electric and Europol, with earlier breaches including Home Depot, Facebook Marketplace, and Space-Eyes.
In June 2024, IntelBroker escalated its activities by leaking or selling data from companies like T-Mobile, AMD, and Apple.
Hear from our Director of Research and Development on how proactive Infrastructure Penetration Testing is key to safeguard against mounting cyber threats:
Hackers Make $129,500 In One Day of Attacking Tesla Targets
For the second year running, Pwn2Own, organized by the Trend Micro Zero-Day Initiative, has seen an automotive exclusive event. Last year, Pwn2Own Automotive earned the hackers taking part an incredible $1,323,750 in rewards over the three-day competition. This year’s event, running from Jan. 22 to Jan. 24 in Tokyo, is being co-sponsored by Tesla and has brought the Tesla wall charger to the hacking table.
Hackers targeted the Tesla wall charger on day two of the event, and the results are in: a total of $129,500 in zero-day bounties has been awarded to the successful teams.
领英推荐
Back in 2023, the first Pwn2Own Tesla exploit involved leveraging a time-of-check-to-time-of-use (TOCTTOU) vulnerability in Tesla's Model 3 Gateway energy management system (EMS). To demonstrate the power of the exploit the team showed opened the trunk of the car while it was in operation, they also claimed the exploit gave them virtually unlimited ability to compromise all functions of the automobile.?
TOCTTOU are flaws in the way software or hardware is designed. They occur when an attacker can change the state of a variable between the time that a logic flow checks its state, and when a sensitive action happens based on that state.
One common place that attackers try to exploit them is to double-spend funds in e-commerce web applications. Another way they can have a particularly destructive impact is when they can be used to circumvent access controls and privilege escalation, which was the case in the Tesla Model 3 Bluetooth hack.?
The Synacktiv team was rewarded with a new Tesla Model 3 and $100,000 in cash for this particular exploit.
Recent Posts From Our Ethical Hackers
Every month, our ethical hackers work to provide free resources so that your team can continue improving your organization's security posture.
Here are just some of our recent posts: