Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

March 24, 2023

Friday

Chrome Browser Plugin for Fake ChatGPT Caught Hacking Facebook Accounts

A fake Chrome browser extension that used OpenAI’s ChatGPT service to gather Facebook session cookies and take over user accounts has been removed by Google from the official Web Store.


Prior to being removed, the “ChatGPT For Google” extension had amassed over 9,000 installations since March 14, 2023.


It was a trojanized version of an authentic open-source browser add-on. On February 14, 2023, it was initially posted on the Chrome Web Store.


Installing the extension activates the covert capability to secretly enable the ability to harvest Facebook-related cookies and exfiltrate them to a remote server in an encrypted way in addition to adding the functionality that was promised, i.e., augmenting search engines with ChatGPT.


Once the threat actor has the victim’s cookies, they proceed to take over the victim’s Facebook account, change the password, change the name and photo of the profile, and even use it to spread extremist propaganda.


It is now the second bogus ChatGPT Chrome browser extension to be found in the wild as a result of the development.


Sent through sponsored posts on the social media site, the other extension likewise served as a Facebook account thief.

NEWS 1
Chrome Browser Plugin for Fake ChatGPT Caught Hacking Facebook Accounts

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Pwn2Own exploits zero-day vulnerabilities in Microsoft Teams, Virtualbox, and Tesla

Competitors were given $475,000 on the second day of Pwn2Own Vancouver 2023 for successfully exploiting 10 zero-day vulnerabilities in various products.

The Tesla Model 3, the Microsoft Teams communication platform, Oracle VirtualBox, and the Ubuntu Desktop operating system were all on the list of targets that were breached.

The second day’s highlight was David Berard (@ p0ly_) and Vincent Dehors’ successful attack on the Tesla – Infotainment Unconfined Root for Synacktiv.

Thomas Imbert (@masthoon) and Thomas Bouzerar (@MajorTomSec) of Synacktiv also made $80,000 by exploiting a three-bug chain to elevate their privileges on an Oracle VirtualBox host.

Tanguy Dubroca (@SidewayRE) received $30,000 after a third try from Synacktiv for demonstrating a flawed pointer scaling zero-day that resulted in a privilege escalation on Ubuntu Desktop.

Microsoft Teams was also compromised by Team Viettel (@vcslab) using a two-bug chain to win $78,000, while Oracle’s VirtualBox was compromised using a Use-After-Free (UAF) issue and an uninitialized variable to gain $40,000.

After successfully demonstrating 12 z on the first day, Pwn2Own contestants received $375,000 and a Tesla Model 3.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

March 24, 2023 /

Friday

Hackerzhome News

2

have you heard?
Windows 11 And MacOS Crashes Are Fixed With Mozilla Firefox 111.0.1. Know more!

WordPress enforcing a 500K install WooCommerce plugin patch

WordPress enforcing a 500K install WooCommerce plugin patch

Thousands of websites using the incredibly popular WooCommerce Payments for online stores are being forced to apply a security upgrade by Automattic, the organization that created the WordPress content management system.

The patch fixes a serious flaw that might allow unauthenticated attackers to take control of vulnerable stores.

Michael Mazzolini of GoldNetwork discovered this bug, which affects WooCommerce Payments 4.8.0 and newer.

Without user interaction or the use of social engineering, unauthenticated attackers can use this bug, according to WordFence, to assume the identity of an administrator and take complete control of a website, while Patchstack cautions that because this vulnerability does not require authentication, it is very likely to be widely used in the near future.

The WooCommerce Team said it hasn’t discovered any proof that this serious fault is being targeted or actively exploited in the wild and corrected it in security upgrades released earlier today.

NEWS 3

Unicode is used by malware written in Python to avoid detection.

Unicode is used by malware written in Python to avoid detection.
NEWS 4

A malicious Python program on PyPI conceals its identity using the Unicode obfuscation technique while stealing and exfiltrating sensitive data from infected machines, including developer account passwords.

To get around automatic scans and defenses that identify potentially dangerous operations based on string matching, the malicious package known as “onyx-proxy” uses a combination of various Unicode fonts in the source code.

The package was taken down from PyPI yesterday, thus it is no longer accessible there. But, since the malicious program was posted on the platform on March 15, it has received 183 downloads.

Unicode is a comprehensive character encoding standard that unifies several sets and schemes under a single standard that encompasses over 100,000 characters.

It supports a wide range of scripts and languages.

It was developed to help prevent encoding conflicts and data corruption problems while preserving interoperability and uniform text representation across many languages and systems.

A “setup.py” package with thousands of dubious code strings that mix Unicode characters is part of the “only proxy” package.

GitHub.com rotates its public SSH key that is exposed.

Since the secret was unintentionally made public in a public GitHub repository, GitHub changed its private SSH key to GitHub.com.

The secret RSA key was only “temporarily exposed,” according to the software development and version control provider, but it nonetheless took precautions.

The RSA SSH private key for GitHub.com was ephemerally exposed in a public GitHub repository, according to a brief blog post released today by GitHub.

Mike Hanley, GitHub’s Chief Security Officer and SVP of Engineering said, “We quickly took action to restrict the vulnerability and started researching to identify the core cause and impact.”

It’s noteworthy how the discovery was made soon after GitHub launched secrets scanning for all public repos.

Here are the most recent public key fingerprints for GitHub.com. These can be used to verify that the SSH connection you are using to access GitHub’s servers is secure.

Some people may have noticed that only GitHub.com’s RSA SSH key was affected and changed. Users of ECDSA or Ed25519 do not need to make any changes.

GitHub.com rotates its public SSH key that is exposed.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: