Security News > 2023 > May

Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used to steal users' Facebook account credentials with an aim to run unauthorized ads from hijacked business accounts.

BSidesLjubljana 0x7E7, a non-profit conference organized by the information security community, will take place on June 16, 2023, at the C111 Computer Museum. If you have a talk you want to present to an audience of security professionals and enthusiasts, the time to submit it is running out.

The success of ChatGPT, a text-generation chatbot, has sparked widespread interest in generative AI among millions of people worldwide. According to Jumio's research, 67% of consumers globally are aware of generative AI technologies, and in certain markets, such as Singapore, 45% have utilized an application that employs such technologies.

Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization. Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud instances, container images in Amazon Elastic Container Registry, and AWS Lambda functions on a large scale.

75% of organizations typically change or update their APIs on a daily or weekly basis, creating a significant challenge for protecting the changing API attack surface, according to Data Theorem and ESG. Insecure APIs plague organizations. In a related finding, study results also revealed the majority of organizations have experienced at least one security incident related to insecure APIs in the last 12 months, while the majority of organizations have experienced multiple security incidents related to insecure APIs during the past year.

"Since almost all organizations rely heavily on open source in their applications, this new data demonstrates the increasing need to compensate and support the maintainers responsible for the health and security of the critical open source components we all depend on," said Donald Fischer, CEO, Tidelift. "Maintainers are being held accountable for keeping their projects secure and adhering to new standards, but are often not being recognized or paid for the additional work they are being asked to do. By addressing this inconsistency, we can ensure maintainers will continue their important work improving the security and long-term resilience of the open source software supply chain powering government and industry," Fischer continued.

Google wants to take us further into a passwordless future by allowing personal account holders to login using passkeys rather than using passphrases and multifactor authentication. Passkeys are being adopted by the likes of Apple and Microsoft, which, like Google, have long been vocal about the need to do away with passwords entirely, replacing them and MFA with passkeys.

Meta says it has shut down over 1,000 links related to ChatGPT that lead its users to malware, as criminals seek to profit from the current craze for generative AI. ChatGPT has quickly bagged more than 100 million users, encouraging many organizations to explore how generative AI might help them increase productivity and profit. Scammers are thinking along the same lines, offering links and other stuff related to the chat bot to draw people into malicious websites that steal their info or offer downloads laced with malware.

The City of Dallas, Texas, has suffered a Royal ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread. Dallas is the ninth largest city in the United States, with a population of approximately 2.6 million people, according to US census data.Today, the City of Dallas confirmed that a ransomware attack caused the disruption.

To be fair to Apple, the company has introduced various tricks and techniques to make AirTags harder for stalkers and criminals to exploit, given how given how easily the devices can be hidden in luggage, stuffed into the upholstery of a car, or squeezed into the gap under a bicycle saddle. With lots of similar devices already on the market, and Google said to be working on a product of its own to take advantage of the zillions of Bluetooth-enabled phones that are out and about running Google Android.