Craig Pepper
July 8, 2024

Threat Report 08.07.24

Breach at OpenAI: Internal Details Compromised in 2023

In 2023, a hacker accessed OpenAI's internal messaging systems and stole design information about their AI technologies. However, the hacker did not breach systems housing AI models like ChatGPT. OpenAI, backed by Microsoft, chose not to publicly disclose the incident, as no sensitive customer or partner information was compromised. The attack was attributed to an individual hacker with no foreign government ties, and thus was not reported to federal law enforcement.

OpenAI has been addressing security concerns and potential misuse of its AI technologies. In May, the company disrupted five covert operations attempting to exploit its AI models for deceptive activities. This incident highlights the ongoing security challenges in the rapidly evolving AI field.

The Biden administration is considering new measures to protect U.S. AI technology from threats posed by countries like China and Russia. In May, 16 AI-developing companies, including OpenAI, pledged to prioritise safety in their innovations. This underscores the need for robust security frameworks and vigilant oversight as AI technology advances.

Hackers Extort Ticketmaster, Leak Taylor Swift Tickets

Hackers leaked barcode data for 166,000 Taylor Swift Eras Tour tickets in an extortion attempt against Ticketmaster. The group, ShinyHunters, had previously offered data from 560 million Ticketmaster customers for $500,000. The data breach was traced to Ticketmaster's account on Snowflake, a cloud-based data warehousing service.

Using stolen credentials, hackers accessed Snowflake databases of at least 165 organisations in April. They demanded ransom to prevent data leaks, affecting organisations like Neiman Marcus and Los Angeles Unified School District.

Today, Sp1d3rHunters, linked to ShinyHunters, leaked barcode data for Taylor Swift's concerts in Miami, New Orleans, and Indianapolis, demanding $2 million to stop further releases. Ticketmaster emphasised the security of their SafeTix technology, which refreshes ticket barcodes every few seconds, making the stolen barcodes unusable. The company denied engaging in ransom negotiations and refuted claims of offering $1 million to prevent the data leak.

Twilio's Authy App Breach Exposes Millions of Phone Numbers

Twilio disclosed that threat actors exploited an unauthenticated endpoint in Authy, compromising data associated with Authy accounts, including users' phone numbers. Twilio secured the endpoint to block unauthenticated requests.

This incident follows a data leak on BreachForums by ShinyHunters, involving 33 million phone numbers from Authy accounts. Twilio assured that no other sensitive data was accessed but advised users to update their Authy apps and remain vigilant against potential phishing and smishing attacks targeting their phone numbers.

New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data

Researchers have identified a new side-channel attack, 'Indirector,' affecting Intel CPUs like Raptor Lake and Alder Lake. This attack exploits weaknesses in the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) to leak sensitive information.

The attack uses a custom tool called iBranch Locator for precision-targeted injections, creating high-resolution branch target injection attacks. Intel acknowledged the findings and stated that existing mitigations like IBRS, eIBRS, and BHI are effective against Indirector. The company recommended more aggressive use of the Indirect Branch Predictor Barrier (IBPB) and hardening the Branch Prediction Unit (BPU) design.

Meanwhile, Arm CPUs are vulnerable to a speculative execution attack, 'TIKTAG,' targeting the Memory Tagging Extension (MTE) to leak data. Arm noted that MTE provides limited defences and is not a full solution against interactive adversaries.

Read similar blogs