Security News > 2023 > November
During its inaugural developer conference, OpenAI unveiled GPTs, short for Generative Pre-trained Transformers. In a recent blog post, OpenAI shed light on the ability to extend the built-in features of GPTs by incorporating custom actions through API integration.
As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID to increase the use of multifactor authentication for enterprise accounts. Microsoft Entra Conditional Access policies are built with the current threat landscape in mind and with the objective to "Automatically protect tenants based on risk signals, licensing, and usage."
Months of work reveals how this tricky malware family targets... the financial services sector A brand-new macOS malware strain from North Korean state-sponsored hackers has been spotted in the wild.…
The Australian government is moving towards regulating cryptocurrency, with a focus on those involved in developing and maintaining crypto platforms. Cryptocurrency is known for its vulnerability, with Australia experiencing several incidents, including a AUD$40 million hack on the crypto betting platform, Stake, and the theft of over one million from an Australian Bitcoin bank in 2013.
The Marina Bay Sands (MBS) luxury resort and casino in Singapore has disclosed a data breach that impacts personal data of 665,000 customers. [...]
The North Korea-linked nation-state group called BlueNoroff has been attributed to a previously undocumented macOS malware strain dubbed ObjCShellz. Jamf Threat Labs, which disclosed details of the malware, said it's used as part of the RustBucket malware campaign, which came to light earlier this year.
A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as CobaltStrike or RDP," IBM X-Force researchers Golo Mühr and Ole Villadsen said.
About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.
This gap is especially visible in file upload security. Misconfiguration and increased updates required for microservices open the door for file upload attacks leveraging vulnerable and outdated components.
ChatGPT: Productivity tool, great for writing poems, and a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game. Finding Vulnerabilities - Attackers can prompt ChatGPT about potential vulnerabilities in websites, systems, APIs, and other network components.