SWN #298 – ChatGPT, PentestGPT, BurpGPT, Cyber Resilience Act’s Poison Pill & Malicious Actors

Aaran Leyland

1. ChatGPT is about to revolutionize cybersecurity

   ChatGPT is about to revolutionize cybersecurity Unless you purposely avoid social media or the internet completely, you’ve likely heard about a new AI model called ChatGPT, which is currently open to the public for testing. This allows cybersecurity professionals like me to see how it might be useful to our industry.

   The widely available use of machine learning/artificial intelligence (ML/AI) for cybersecurity practitioners is relatively new. One of the most common use cases has been endpoint detection and response (EDR), where ML/AI uses behavior analytics to pinpoint anomalous activities. It can use known good behavior to discern outliers, then identify and kill processes, lock accounts, trigger alerts and more.

2. PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

   GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesitng operations.

   PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore.

   It is constructed on top of ChatGPT and works in an interactive way to direct penetration testers during general and particular procedures.

3. BurpGPT – ChatGPT Powered Automated Vulnerability Detection Tool

   Cyber Security News came across a new ChatGPT-powered Vulnerability detection Tool called “BurpGPT,” which helps security researchers to detect the vulnerabilities that traditional scanners might miss. Like PentestGPT, a ChatGPT Powered Automated Penetration Testing Tool, BurpGPT was developed with deep vulnerability scanning features.

   BurpGPT combines Burp Suite with OpenAI’s GPT to perform a passive scan to detect vulnerabilities and traffic-based analysis.

4. EU’s Cyber Resilience Act contains a poison pill for open source developers

   OPINION We can all agree that securing our software is a good thing. Thanks to one security fiasco after another – the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong – we know we must secure our code. But the European Union's proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security.

   At the top level, it looks good. Brussels states that before "products with digital elements" are allowed on the EU market, manufacturers must follow best practices in four areas. Secure the product over its whole life; follow a coherent cybersecurity framework; show cybersecurity transparency; and ensure customers can use products securely.

   Sounds great, doesn't it? But the road to hell is paved with good intentions. The devil, as always, is in the details. Some of this has nothing to do with open source software. Good luck creating any program in any way that a clueless user can't screw up.

5. Exploitation of a critical vulnerability in the Essential Addons for Elementor WordPress plugin began immediately after a patch was released, WordPress security firm Defiant warns.

   Exploitation of a critical vulnerability in the Essential Addons for Elementor WordPress plugin began immediately after a patch was released, WordPress security firm Defiant warns.

   With over one million installations, the Essential Addons for Elementor plugin provides additional elements and extensions for the Elementor website building platform.

   Tracked as CVE-2023-32243 (CVSS score of 9.8), the critical-severity vulnerability is described as an unauthenticated privilege escalation that can be exploited to take over any user account.

6. EU Weighs Cyber Plan Aimed at Keeping Cloud Data in Europe

   The European Union is weighing a plan that would require cloud providers to store all of their data within the bloc in order to qualify for its highest cybersecurity certification.

   ENISA, the EU’s cybersecurity regulator, is drawing up the new, stricter requirements to ensure that no foreign government can interfere with EU data, according to a draft of the proposal seen by Bloomberg.

7. Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign

   Government, aviation, education, and telecom sectors located in South and Southeast Asia have come under the radar of a new hacking group as part of a highly-targeted campaign that commenced in mid-2022 and continued into the first quarter of 2023.

   Symantec, by Broadcom Software, is tracking the activity under its insect-themed moniker Lancefly, with the attacks making use of a "powerful" backdoor called Merdoor.

   Evidence gathered so far points to the custom implant being utilized as far back as 2018. The ultimate goal of the campaign, based on the tools and the victimology pattern, is assessed to be intelligence gathering.

8. MITRE publishes policy checklist for healthcare cybersecurity

   The 17-step road map is meant to help sort out shared healthcare cyber hygiene responsibilities, giving policymakers and providers direction toward protecting patient safety in the face of cyber threats. MITRE has developed a new report in response to the policy paper, Cybersecurity is Patient Safety: Policy Options in the Health Care Sector, put forth by Sen. Mark Warner, D-Va. The new MITRE whitepaper collects insights and recommendations for improving cybersecurity – and thus patient safety – across the healthcare sector.

9. Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG

   The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. PaperCut released a patch in March 2023.

   According to FBI observed information, malicious actors exploited CVE-2023-27350 beginning in mid-April 2023 and continuing through the present. In early May 2023, also according to FBI information, a group self-identifying as the Bl00dy Ransomware Gang attempted to exploit vulnerable PaperCut servers against the Education Facilities Subsector.

10. Nearly half of all internet traffic is now bots, study reveals

    Nearly half of all internet traffic came from bots last year, according to new research.

    Figures from cyber security firm Imperva revealed a significant increase in automated and malicious web activity in 2022, with the proportion of human traffic falling to its lowest level in eight years.

    The company noted that so-called “bad bots” were at their highest level since it started tracking the trend in 2013. Bot activity is expected to increase even further this year, the researchers claimed, due to the arrival of generative AI tools like OpenAI’s ChatGPT and Google’s Bard.

Jason Wood

1. Many believe it’s time for an independent uniformed cyber service. Here’s what it could look like