Security News

According to internal Slack messages that were leaked to Insider, an Amazon lawyer told workers that they had "Already seen instances" of text generated by ChatGPT that "Closely" resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a "Coding assistant" of sorts to help them write or improve strings of code, the report notes.

Thousands of unpatched VMware ESXi servers hit by ransomware via old bugLate last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows them to run exploit code remotely, without prior authentication. Reddit breached: Internal docs, dashboards, systems accessedPopular social news website and forum Reddit has been breached and the attacker "Gained access to some internal docs, code, as well as some internal dashboards and business systems," but apparently not to primary production systems and user data.

The survey of 1,500 IT decision makers across North America, UK, and Australia exposed a perception that, although respondents in all countries see ChatGPT as generally being put to use for 'good' purposes, 74% acknowledge its potential cybersecurity threat and are concerned. Though there are differing views around the world on how that threat might manifest, ChatGPT's ability to help hackers craft more believable and legitimate sounding phishing emails is the top global concern, along with enabling less experienced hackers to improve their technical knowledge and develop more specialized skills and its use for spreading misinformation.

How to tackle the cybersecurity skills shortage in the EUIn this Help Net Security Dritan Saliovski, Director - Nordic Head of Cyber M&A, Transaction Advisory Services at Aon, offers some pointers, as well as advice to organizations on how to attract and retain the best cybersecurity talent. ENISA gives out toolbox for creating security awareness programsThe European Union Agency for Cybersecurity has made available Awareness Raising in a Box, a "Do it yourself" toolbox to help organizations in their quest to create and implement a custom security awareness raising program.

Currently, the value of generative AI, like ChatGPT and DALL-E, is lopsided in favor of threat actors. Threat actors using generative AI in their attack arsenal is an eventuality, and now we need to focus on how we will defend against this new threat.

ChatGPT - the Large Language Model developed by OpenAI and based on the GPT-3 natural language generator - is generating ethical chatter. Like CRISPR's impact on biomedical engineering, ChatGPT slices and dices, creating something new from scraps of information and injecting fresh life into the fields of philosophy, ethics and religion.

ChatGPT from OpenAI is a conversational chatbot recently released in preview mode for research purposes. It takes natural language as input and aims to solve problems, provide follow-up questions or even challenge assertions depending on your question.

The security shop's research team said it has already seen Russian cybercriminals on underground forums discussing OpenAI workarounds so that they can bring ChatGPT to the dark side. We'd have thought ChatGPT would be most useful for coming up with emails and other messages to send people to trick them into handing over their usernames and passwords, but what do we know? Some crooks may find the AI model helpful in offering malicious code and techniques to deploy.

Google is calling EU cybersecurity foundersGoogle announced that the Google for Startups Growth Academy: Cybersecurity program now accepts applications from EU companies. Rackspace ransomware attack was executed by using previously unknown security exploitThe MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week.

You can ask ChatGPT to write code, but the results can be mixed. A common task of any SecOps analyst is sometimes having to process specific log files, grep for certain patterns and export them to gain meaningful insight into an incident or issue.