By John Weiler 

Microsoft patches the “aCropalypse” vulnerability, ChatGPT leaks users’ billing information and the Latitude Financial breach expands to 14 million records. Here are the latest threats and advisories for the week of March 31, 2023.

Threat Advisories and Alerts 

FBI Alerts U.S. Companies of Email Scam Targeting Commercial Goods  

The U.S. Federal Bureau of Investigation (FBI) has warned companies of a new type of business email compromise (BEC) fraud. Threat actors are impersonating known and reputable U.S.-based companies by spoofing email domains and display names of employees to place large orders for material goods without paying upfront. When vendors try to collect payment, they find that the purchaser was an impersonator using fake credentials or credit references.  

Windows Users Urged to Update Snipping Tool to Avoid “aCropalypse”  

An emergency update from Microsoft addresses a vulnerability in its Windows 10 app Snip & Sketch and its Windows 11 Snipping Tool. Referred to as ‘aCropalypse’, the vulnerability allows bad actors to potentially view sensitive information contained within sections of a screenshot that have been cropped out. Although the attack requires several variables outside of the control of a cybercriminal to align, it puts screenshots of bank statements, login credentials and health records at significant risk. 

U.K. Authorities Use Decoy Sites to Gather Data on Cybercriminals  

The U.K.’s National Crime Agency (NCA) announced that it has been running several fake websites purporting to sell Distributed Denial-of-Service (DDoS) services. When visitors to the site attempt to sign up for the service and provide details of their request, their submissions actually go to the NCA for analysis. Data is shared with international law enforcement and has led to several arrests. 

Emerging Threats and Research 

Billing Information and Chat History Revealed in ChatGPT Breach  

For approximately nine hours, 1.2% of all ChatGPT users were shown someone else’s billing information on the ‘Manage Subscription’ page. Breached data fields included chat histories, first and last names, billing addresses, credit card types, credit card expiration dates and the last four digits of credit cards. OpenAI confirmed that a vulnerability in one of its open-source libraries was responsible for the breach and has fixed the issue.  

FBI Gains Access to Breachforums Database  

Baphomet’s hunch was right. The fears of the remaining Breached hacking forum admin, who shut down the notorious cybercrime meeting ground last week, have come true. The U.S. Federal Bureau of Investigation (FBI) announced it has complete access to a SQL database that tracked user histories on the site. Experts believe that details contained within the database will bolster efforts to bring down other forums and dark web marketplaces. The forum’s founder, Conor Brian Fitzpatrick, has been arrested and charged with the theft and sale of sensitive personal data belonging to U.S. citizens, as well as foreign companies, organizations and government agencies. 

Latitude Financial Data Breach Affects 14 Million Customer Records  

As predicted, the recent breach of Australia’s Latitude Financial just got a whole lot worse. The consumer lending company has now confirmed the theft of 14 million records containing personal data on Australian and New Zealander loan applicants. Malicious actors breached systems containing customers’ driver’s license information, passport numbers, addresses, phone numbers and dates of birth. Latitude Financial promises to pay document replacement fees and credit monitoring for those affected by the breach.  

Emotet Malware: Stealing Tax Data with Phishing Emails  

A new phishing campaign employing the Emotet malware is masquerading as U.S. W-9 tax forms attached to emails claiming to come from the Internal Revenue Service (IRS) and business partners. When opened, the Microsoft OneNote document initiates a VBScript that installs the Emotet malware to remain open without the user’s knowledge. The program steals victims’ email records to target friends and colleagues and may eventually act as a back door for other malware campaigns. 

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.