Binance Passwords Exposed on GitHub, ChatGPT Glitch, and Other Cybersecurity Events

We have compiled the most important cybersecurity news of the week.

Internal Binance Passwords Exposed on GitHub for Months

For several months, confidential source code and internal passwords of the cryptocurrency exchange Binance were stored in a public GitHub repository, reports 404 Media.

Some of the published code was related to the implementation of password policies and multi-factor authentication on the exchange.

Several files contained obvious passwords for systems marked “prod,” likely referring to the live site rather than development or demonstration environments. At least two of them corresponded to Amazon Web Services servers used by Binance.

The exchange managed to have the data removed from GitHub only last week. In a request, it cited “copyright infringement, significant risks, and serious financial damage to the company.”

There is currently no public evidence of these data being used by any malicious actors to attack Binance’s systems.

A spokesperson for the exchange emphasized that the information leak poses a minimal risk to the security of users, their assets, and the platform as a whole.

Runet Experienced a Major Outage

On January 30, hundreds of services and websites in the .RU domain zone became inaccessible due to a major outage.

According to the DNSViz website, the incident occurred due to incorrect configuration of DNSSEC. This is a set of DNS protocol extensions that help minimize attacks related to IP address spoofing during domain name resolution.

Three organizations are responsible for the .RU domains:

• The Coordination Center for TLD RU/RF — the zone administrator;
• MSK-IX — maintains the infrastructure and DNS servers;
• “Technical Center of the Internet” — manages the .RU domain registry.

The actions of one of them led to the problem during the verification of information received by providers from the top-level domain .RU DNS servers, writes Kommersant.

The outage was resolved within a few hours.

The National Domain Name System — an alternative DNS infrastructure provided by the “Sovereign Runet” law — recovered faster because it is easier to make changes to it.

ChatGPT User Found Third-Party Data in Chat History

New York resident Chase Whiteside discovered private conversations of third-party users, containing their account credentials and other personal information, in his chat history with the ChatGPT bot, reports Ars Technica.

One screenshot showed a correspondence with the support service of a pharmacy portal, including several pairs of login and password details for system access.

The list also included other people’s presentations, research proposals, and a PHP script. The senders of all these requests were unrelated to each other.

OpenAI explained this output as a result of a user’s account being hacked. They stated that unauthorized logins occurred from Sri Lanka. However, Whiteside claims he only logged in from Brooklyn and generally doubts his account was compromised.

There is currently no evidence that ChatGPT is sharing chat history with unrelated users. However, experts suggest that developers should strengthen account protection mechanisms, including 2FA and tracking recent logins.

Seventeen Vulnerabilities Found in Tor Browser

The non-profit consulting organization Radically Open Security identified 17 vulnerabilities following a comprehensive security audit of the Tor browser.

Penetration testing was conducted from April to August 2023. Most of the identified issues were of medium and low risk, including insecure permissions and insufficient validation of incoming data. They could be used for DoS attacks, downgrade or protection bypass, as well as for accessing information.

The most serious vulnerability found was a CSRF issue affecting the Onion Bandwidth Scanner. It allows an attacker to inject their own bridges into the database.

Following the audit, experts provided Tor developers with recommendations to address the identified issues.

Malware PurpleFox Attacks Computers in Ukraine

Experts from the CERT-UA reported a mass infection of computers at an unnamed state enterprise with the PurpleFox (DirtyMoe) malware.

This modular Windows botnet, known since 2018, can carry additional payloads, provide backdoor access to compromised systems, and be used for DDoS attacks.

Since January 2022, PurpleFox has been spreading under the guise of a Telegram app for PCs.

After studying the current campaign, CERT-UA identified 486 IP addresses of intermediate control servers, most of which are located in China.

In total, the malware infected over 2000 computers in Ukraine. It is not specified whether ordinary citizens were among the victims or what consequences the incident had.

Experts shared a detailed guide on how to detect and remove the botnet.

Avast Antivirus Developer Exits Russian Market

Czech company Avast has completely left the Russian market — as of January 29, its free antivirus software for PCs and mobile devices, as well as the CCleaner utility, are unavailable to users, reports Comss.ru.

When attempting to use the software, the following message is displayed:

The company’s websites from Russia are also inaccessible. However, users reported being able to bypass the restrictions using a VPN.

Previously, in March 2022, Avast announced the cessation of all product deliveries and sales in Russia and Belarus.

Also on ForkLog:

• Cybertrace warned of deepfakes of billionaire Andrew Forrest.
• US authorities charged three suspects with hacking FTX.
• The US proposed banning AI-based call bots.
• An expert suspected a $112 million theft from Ripple due to a hack.
• The crypto industry suffered over $126 million in losses from scams and hacks in January.
• The Abracadabra project lost $6.5 million in an attack.
• US authorities seized $150 million in cryptocurrencies from a Silk Road 2 and AlphaBay vendor.
• The CFTC warned of AI-based fraud.
• The karaoke blockchain platform SOMESING was hacked for $11 million.
• Finnish authorities tracked a hacker using Monero.
• A Russian linked to REvil was sanctioned by three countries.
• The Stellar team called for a protocol update delay due to a bug.

What to Read Over the Weekend?

We explain how to prepare your Bitcoin wallet for a bull market and why controlling UTXO is important for maintaining privacy on the network.