AI-Powered Photo and Video Editing Service Leaks User Images and Email Addresses Online - 1

AI-Powered Photo and Video Editing Service Leaks User Images and Email Addresses Online

  • Written by Ari Denial Cybersecurity & Tech Writer

A widely-used AI image editing tool, Cutout, experienced a data breach that resulted in the exposure of usernames, user images, and email addresses. This highlights the potential hazards of leveraging cloud-based AI solutions to handle sensitive data.

Cutout offers users the ability to modify photos or produce images using an AI-based Application Programming Interface (API), which can be integrated into third-party applications.

The research team informed that “the exposed instance also had around 22 million log entries referencing usernames, including individual users and business accounts. However, this does not imply that an equal number of users was exposed, as some log entries were duplicates.”

“Cutout.pro self-reported having over 300 million API requests, peaking at 4,000 requests per second from over 5,000 applications and websites used worldwide. Cutout.pro boasts of working with over 25k businesses,” they added.

The data of some applications that employed Cutout.pro’s API were also compromised. The team identified that user accounts from the Vivid App and AYAYA App, both of which were listed as customers on Cutout’s website, were among those included in the public database.

The data breach that led to the exposure of user data may compromise their privacy, as hackers could have obtained access to media uploaded by Cutout’s customers for AI-based editing, including personal photos meant for private use.

Cybernews researchers said, “if Cutout.pro’s developers previously didn’t back up the data, the open instance could have led not only to the temporary denial of service but a permanent data loss that was stored on the open instance. Attackers could have wiped it out.”

Business clients who utilized Cutout.pro’s API are encouraged to inspect the endpoints that were linked with the service. Similarly, users are advised to update their platform usernames as a precautionary measure.

India-Linked Threat Actors Utilized Telegram for Coordinating Cyberattacks in Asia - 2

India-Linked Threat Actors Utilized Telegram for Coordinating Cyberattacks in Asia

  • Written by Ari Denial Cybersecurity & Tech Writer

The cyber intelligence firm Group-IB has revealed a series of phishing attacks carried out by a suspected threat group with ties to Indian nationalists. The attacks targeted a range of government, military, and legal organizations throughout Asia, as reported by Group-IB.

The group behind the attacks, SideWinder aka Hardcore Nationalist (HN2), reportedly targeted more than 60 organizations in countries such as Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka. Government agencies were the primary targets, with 44 being singled out, while only four attacks were aimed at military organizations. Almost half of the attacks were directed at targets in Nepal, which shares a border with India.

“The group has been carrying out cyber espionage attacks against government organizations in the Asia-Pacific region since at least 2012. In June 2022, Group-IB discovered the group’s newest custom tool, SideWinder.AntiBot.Script, which was used in previously documented phishing attacks against Pakistani organizations. SideWinder is notable for its ability to conduct hundreds of espionage operations within a short span of time,” said Group-IB researchers .

According to the cyber analysts, SideWinder utilized Telegram, a widely-used messaging app, to process data from the targeted systems. Telegram has gained popularity among Advanced Persistent Threat (APT) groups and financially-motivated cybercriminals as a command-and-control center or a base of operations, due to its user-friendly interface.

Group-IB reported that SideWinder has updated its toolkit and is now using two new tools:

  • SideWinder.RAT.b — a remote access Trojan
  • SideWinder.StealerPy — a custom information stealer designed to extract data from the victim’s computer.

The tool is capable of extracting a range of sensitive information from the victim’s computer. This includes Google Chrome browsing history, details of saved directories and folders, credentials saved in the browser, metadata, and contents of .txt, .docx, and .pdf files.

It remains unclear whether any of the phishing campaigns were successful. Notably, Group-IB analysts identified two phishing projects that imitated cryptocurrency companies. The increasing interest of SideWinder in cryptocurrency could be related to recent efforts to regulate the crypto market in India.