OpenAI is in the headlines again, however, this time it’s sensitive. A research group has detected a security hole in OpenAI's account validation process that permitted anyone to acquire an almost infinite amount of free credits for the company's services. In fact, that could be pulled off just by registering new accounts via the same phone number. In other news, Siemens’ ICS products meant for the energy sector were affected by a critical bug that could potentially be exploited to gain complete root access to the targeted device without any prior authentication. Such attacks may lead to catastrophic outcomes, including the disruption of power grids.

Sentinel Labs has issued a warning regarding a North Korean cybercriminal group that is infecting research centers, universities, think tanks, and government organizations in Europe, Asia, and the U.S., via its enhanced reconnaissance malware - ReconShark.

Top Breaches Reported in the Last 24 Hours

Thousands of patients impacted at UU

University Urology (UU) of New York announced suffering a breach earlier this month after discovering suspicious activity in its network. The incident affected the protected health information of 56,816 patients that includes personal details (such as full names, addresses, birthdates, credentials) and medical information such as diagnosis, tests, treatment, prescriptions, insurance policy details, subscriber identification, and health plan beneficiary.

Top Malware Reported in the Last 24 Hours

ReconShark gets an upgrade

North Korean hacking group Kimsuky is distributing a new version of its reconnaissance malware called ReconShark. The cyberespionage campaign involves sending emails containing a link to a password-protected doc hosted on Microsoft OneDrive. The malware utilizes Windows Management Instrumentation (WMI) to gather a range of data from infected machines, including but not limited to running processes and battery information. Additionally, the malware can detect the presence of security software on the target system.

Major fraud via web inject kit

Experts at Cleafy disclosed nearly a four-year-long online fraud campaign that infected Windows systems in organizations using drIBAN, a web inject kit. Criminals attempted to alter legitimate banking transfers by changing the beneficiary details and redirecting the funds to their accounts. The web inject kit allows fraudsters to bypass identity verification mechanisms, such as MFA and SCA, adopted by banks.

Top Vulnerabilities Reported in the Last 24 Hours

ICS vulnerability in Siemens products

A high-severity flaw was reported in Siemens’ ICS devices deployed in the energy sector. The flaw, identified as CVE-2023-28489, affects the CPCI85 firmware of Sicam A8000 CP-8031 and CP-8050 products. If abused, a remote attacker could run arbitrary code on compromised systems. These vulnerable products are Remote Terminal Units (RTUs) essentially created for telecontrol and automation in the energy supply sector, with a focus on substations.

OpenAI unlimited credit flaw

The account validation process for artificial intelligence company OpenAI contained a vulnerability that could be bypassed for free, unlimited credits for the company's services. It could be made possible through a catch-all email account on a private domain and by exploiting the vulnerability present in the phone number verification process. To mitigate the risk, the company simply mandated the email and phone number validation mechanism.

**Multiple bugs in Azure API Management **

Cloud security firm Ermetic uncovered three security issues in the Microsoft Azure API Management service: two server-side request forgery (SSRF) bugs and one file upload path traversal flaw. Successful abuse of the flaws could allow an adversary to potentially gain access to internal Azure assets, evade web application firewalls, initiate a DoS attack, and upload malevolent files to internal servers.