Hacked robotic vacuum cleaners in the US have begun to curse

Robotic vacuum cleaners in various US cities have been attacked by hackers, with the attacker physically controlling the vacuum cleaners and swearing through their integrated speakers.

The affected vacuum cleaners have always been the Chinese brand Ecovacs Deebot X2.

The attacks took place over several consecutive days. An example is the case of 24 May, when Deebot X2 started chasing a dog while swearing was coming from the loudspeakers. Five days later, another device was attacked. In El Paso, a vacuum cleaner began emitting racial slurs.

Researchers last year demonstrated a flaw that allowed them to bypass entering the PIN code for the Deebot X2 device and gain access to the vacuum cleaner. Ecovacs said in a statement that it has fixed the bug and that it also plans to further enhance security with an update in November.

Cloud-connected smart home devices have been leading to similar stories for several years. Sometimes they are the result of hacker attacks, other times compromised login credentials.

GitHub fixes critical vulnerability in their Enterprise Server

GitHub has released security updates for Enterprise Server (GHES) that address several issues, including a critical vulnerability that could allow unauthorized access to an instance.

This vulnerability, tracked as CVE-2024-9487 with a CVSS score of 9.5, could be exploited to bypass SAML single sign-on (SSO) authentication allowing an unauthorized user to access the instance.

Organizations running a vulnerable version of GHES on their own server are strongly advised to upgrade to the latest version to protect against potential security threats.


Critical vulnerability in Kubernetes may allow unauthorized access to VMs

A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with Kubernetes Image Builder.

The issue is currently tracked under CVE-2024-9486 and involves the use of default login credentials introduced during the image creation process. An attacker could connect via SSH and use these credentials to gain root access to vulnerable VMs.

The solution is to rebuild the compromised image using Kubernetes Image Builder v0.1.38 or later, which sets a randomly generated password during the build process and disables the default “builder” account when the process is complete.

If it is not possible to upgrade at the moment, a temporary solution is to disable the builder account with the command: usermod -L builder.


OpenAI confirmed that attackers are using ChatGPT to write malware

OpenAI has admitted that ChatGPT has been misused by cyber criminals to generate malware, spread misinformation and spear-phishing attacks. This report is the first official confirmation that generative AI tools are being used to bolster offensive cyber operations.

It was reported that a Chinese group known as SweetSpecter abused ChatGPT to send phishing emails with malicious ZIP attachments to the personal email addresses of OpenAI employees.

Another case was the Iranian group CyberAv3ngers, who used ChatGPT to develop their own shell scripts and obfuscate code.

The third case concerns the Iranian Storm-0817 attackers. This group used ChatGPT to debug malware, create an Instagram scraper, and develop custom malware for the Android platform along with C2 server support.

The cases described demonstrate that AI tools can streamline offensive operations for less skilled attackers.


SolarWinds Web Help Desk vulnerability is being exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its list of ‘Known Exploited Vulnerabilities’, including a critical hard-coded login vulnerability in SolarWinds Web Help Desk (WHD) IT support software that SolarWinds patched in late August 2024. This vulnerability, tracked by the code CVE-2024-28987, allows remote unauthenticated attackers to access WHD endpoints and manipulate data.

SolarWinds released the patch just four days after receiving a report from Horizon3.ai researcher Zach Hanley, who discovered the bug. The manufacturer urges system administrators to track down an updated version of WHD 12.8.3 Hotfix 2 or later.