Security News > 2023 > April

OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "Safe and secure." Other prohibited categories are denial-of-service attacks, brute-forcing OpenAI APIs, and demonstrations that aim to destroy data or gain unauthorized access to sensitive information.

Attackers capitalized on that fact and targeted employees directly to gain access to an organization. Leveraging highly automated methods, attackers must only fool one employee to start a catastrophic attack against the entire organization.

Access control has become a main concern when it comes to developing secure web applications, and the NSA has a lot to say about it. In this article, we will focus and elaborate on the best practices offered by the NSA for building secure access management, and how they can be implemented at the application level.

For the fifth consecutive month, IDC has lowered its 2023 forecast for worldwide IT spending as technology investments continue to show the impact of a weakening economy. "Tech spending remains resilient compared to historical economic downturns and other types of business spending, but rising interest rates are now impacting capital spending."

With over one billion websites worldwide, HTTP/HTTPS application-layer attacks have increased by 487% since 2019, with the most significant surge in the second half of 2022, according to NETSCOUT. The dynamic nature of the DDoS threat landscape. "DDoS attacks threaten organizations worldwide and challenge their ability to deliver critical services," said Richard Hummel, threat intelligence lead, NETSCOUT. "With multi-terabit-per-second attacks now commonplace, and bad actors' arsenals continuing to grow in sophistication and complexity, organizations need a strategy that can quickly adapt to the dynamic nature of the DDoS threat landscape."

AT&T is "Concealing vital cybersecurity reporting" about its FirstNet phone network for first responders and the US military, according to US Senator Ron Wyden, who said the network had been dubbed unsafe by CISA. In a letter [PDF] sent to the US government's Cybersecurity and Infrastructure Security Agency and NSA, the senator called for an annual cybersecurity audit of FirstNet, citing a nearly half-decade old phone signalling protocol that miscreants and spies can exploit to track mobile devices and intercept their calls and texts. It's a nationwide network intended to allow police, firefighters, and paramedics to transmit data and communications across multiple regions and jurisdictions without worrying about the transmissions being lost to overcrowded networks, particularly during disasters.

Syncro has launched a new agreement with Proofpoint to enable Syncro's MSP partners to offer their customers access to Proofpoint's email security and security awareness training solutions. "This reseller agreement not only allows our MSPs to give their customers superior security in a world where safeguarding users is critical, it also provides an opportunity to increase revenue with existing and prospective customers," said Emily Glass, CEO at Syncro.

Criminals posing as law enforcement agents of the Chinese government are shaking down Chinese nationals living the United States by accusing them of financial crimes and threatening to arrest or hurt them if they don't pay, according to the FBI. The miscreants involved in this financial fraud contact victims by spoofed phone or email messages, the bureau said in an advisory this week. Popular fake identities for the crooks include agents at the People's Republic of China Ministry of Public Security or US-based Chinese consulates.

Concentric AI has launched its new channel partner program which is aimed at enabling partners' growth and success delivering the leading solution in the rapidly expanding AI-powered data risk management market to improve customers' security posture. With Concentric AI's partner ecosystem in place, end users are better-positioned to realize the full value of its Semantic Intelligence AI-powered data risk management platform.

Open source software and software supply chain security risks continue to be a primary concern for developers and organizations. According to a 2022 study by electronic design and automation company Synopsys, 84% of open source software codebases contained at least one known vulnerability - a nearly 4% increase from last year - and 48% contained a high-risk vulnerability.