Microsoft's Bing Chat Ads Gone Rogue: Watch Out for Malware

Microsoft's Bing Chat Ads, powered by AI, have transformed from an interactive search experience into a dangerous avenue for malware distribution. 

Malwarebytes has unveiled a disturbing trend within Bing Chat Ads. Malicious ads strategically planted within the chat conversations are able to distribute malware. Users innocently searching for popular tools might find themselves on deceptive sites, inadvertently installing malware right from their Bing Chat interactions.

Ads seamlessly inserted into Bing Chat conversations can take various forms, including displaying an ad before an organic search result when a user hovers over a link. This deceptive manoeuvre guides users to malicious sites, exposing them to the risk of unintentional malware installation.

An illustrative example brought to light by Malwarebytes involves a seemingly innocuous Bing Chat query to download a legitimate software, Advanced IP Scanner. However, the link, when hovered, exposes a malicious ad leading to a fraudulent site before the official tool's site. Clicking on this seemingly harmless link initiates a complex chain, redirecting users through a traffic direction system (TDS) to a decoy page housing a rogue installer. The installer, configured to run a Visual Basic Script, establishes communication with an external server, signalling a potential yet unknown malware delivery.

A noteworthy element of this campaign is the threat actor's ability to compromise the ad account of a legitimate Australian business, elevating the sophistication of the attackers.

This revelation underscores the perpetual evolution of cyber threats. Even seemingly secure platforms like Bing Chat can be manipulated for malicious purposes, demanding heightened vigilance and awareness among users.

Google Releases Security Update for Chrome

Chrome Stable channel has been updated to version 117.0.5938.132 for Windows, Mac, and Linux. This update, set to roll out, carries significant security fixes aimed at addressing vulnerabilities that could compromise user safety.

Security Fixes and Rewards:

This update boasts a total of 10 security fixes, including crucial contributions from external researchers. Here are the key security fixes highlighted in this release:

Heap Buffer Overflow in vp8 Encoding (CVE-2023-5217):

• Severity: High
• Bug Report: [1486441]
• Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25

Use After Free in Passwords (CVE-2023-5186):

• Severity: High
• Bug Report: [1478889]
• Reported by [pwn2car] on 2023-09-05

Use After Free in Extensions (CVE-2023-5187):

• Severity: High
• Bug Report: [1475798]
• Reported by Thomas Orlita on 2023-08-25

‍

Google has raised a red flag, acknowledging the existence of an exploit for CVE-2023-5217 in the wild. This particular vulnerability poses a serious threat, emphasising the urgency of applying the latest Chrome update.

Users and administrators are strongly advised to update their Chrome browsers to version 117.0.5938.132 at the earliest opportunity. The provided security fixes address critical vulnerabilities, with the potential for exploitation in the wild. Failure to update promptly could expose users to significant security risks.

Cisco Exposes Remote Code Execution Risk in IOS and IOS XE

Cisco, a leading networking solutions provider, has issued a stark warning about a security flaw in IOS Software and IOS XE Software. This vulnerability, tracked as CVE-2023-20109, poses a significant risk, as Cisco reveals ongoing attempts at exploitation. The flaw could grant a remote attacker with authenticated access the ability to execute remote code, potentially leading to a compromise of affected systems.

Key Details:

• Vulnerability Identifier: CVE-2023-20109
• CVSS Score: 6.6 (Medium Severity)
• Affected Versions: All versions with GDOI or G-IKEv2 protocol enabled
• Exploitation Vector: Authenticated remote attacker with administrative control

The identified vulnerability stems from insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. In a concerning scenario, an attacker could exploit this weakness by gaining control of a group member or a key server, leading to arbitrary code execution or causing the device to crash.

The threat becomes even more ominous as Cisco highlights that the flaw was discovered in the aftermath of an attempted exploitation of the GET VPN feature. The company underscores the urgency for users to address this vulnerability promptly.

Exploited Protocols:

• Group Domain of Interpretation (GDOI)
• G-IKEv2

Attack Scenarios:

• Compromising an installed key server
• Modifying the configuration of a group member to point to a key server controlled by the attacker

In a related development, Cisco has disclosed a set of five vulnerabilities in Catalyst SD-WAN Manager, with severity scores ranging from 5.3 to 9.8. These flaws could lead to unauthorised access, configuration rollback, information disclosure, authorization bypass, and denial-of-service conditions. Users of affected systems are strongly advised to upgrade to fixed software releases promptly.

Cisco urges users to apply necessary patches and updates to mitigate the identified vulnerabilities. In the case of CVE-2023-20109, vigilance in monitoring and securing systems with the impacted protocols is crucial. Stay ahead of potential threats by staying current with the latest Cisco security advisories and promptly implementing recommended security measures.