Security News

Threat actors are already engaging in rigorous discussions of how language models can be used for everything from identifying 0-day exploits to craft spear-phishing emails. Threat exposure management firm Flare has identified more than 200,000 OpenAI credentials currently being sold on the dark web in the form of stealer logs.

Seven US artificial intelligence giants - Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI - have publicly committed to "Help move toward safe, secure, and transparent development of AI technology." Test the security of their AI systems before launch Share knowledge about AI risk management best practices among themselves and with the government.

"BundleBot is abusing the dotnet bundle, self-contained format that results in very low or no static detection at all," Check Point said in a report published this week, adding it is "Commonly distributed via Facebook Ads and compromised accounts leading to websites masquerading as regular program utilities, AI tools, and games." NET single-file, self-contained application that, in turn, incorporates a DLL file, whose responsibility is to fetch a password-protected ZIP archive from Google Drive.

AI is about to make this issue much more complicated, and could drastically expand the types of laws that can be enforced in this manner. Some legal scholars predict that computationally personalized law and its automated enforcement are the future of law.

A new research report explores emerging trends that software organizations need to consider as part of their security strategy, and risks associated with the use of existing open source software in application development. In particular, as modern software development increasingly adopts distributed architectures and microservices alongside third party and open source components, the report tracks the astonishing popularity of ChatGPT's API, how current large language model-based AI platforms are unable to accurately classify malware risk in most cases, and how almost half of all applications make no calls at all to security-sensitive APIs in their code base.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

In this Help Net Security interview, Arthur Hu, SVP, Global CIO and Services & Solutions Group CTO at Lenovo, discusses how AI/ML is optimizing tech stacks, the hurdles anticipated in its integration, the role of AI in enterprise resilience and agility, and strategic approaches to innovation despite budget constraints. We'll touch on the evolving role of CIOs and the potential for 'as-a-service' offerings to ease tech stack management.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been advertised on underground forums as a way for adversaries to launch sophisticated phishing and business email compromise attacks.In the hands of a bad actor, tools like WormGPT could be a powerful weapon, especially as OpenAI ChatGPT and Google Bard are increasingly taking steps to combat the abuse of large language models to fabricate convincing phishing emails and generate malicious code.

72% of hackers are confident that AI cannot replace human creativity in security research and vulnerability management, according to Bugcrowd. Generative AI was a major theme in the 2023 report, with 55% of respondents saying that it can already outperform hackers or will be able to do so within the next five years.