Security News

Apple starts delivering smaller security updatesThe security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems. Fake ChatGPT desktop client steals Chrome login dataResearchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that's capable of copying saved credentials from the Google Chrome login data folder.

"Since the beginning of 2023 until the end of April, out of 13,296 new domains created related to ChatGPT or OpenAI, 1 out of every 25 new domains were either malicious or potentially malicious," Check Point researchers have shared on Tuesday.On Wednesday, Meta said that, since March 2023, they've blocked 1,000+ malicious links leveraging ChatGPT as a lure from being shared across their technologies.

Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used to steal users' Facebook account credentials with an aim to run unauthorized ads from hijacked business accounts.

Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that's capable of copying saved credentials from the Google Chrome login data folder. ChatGPT has not released an official desktop client, but this bogus version looks remarkably similar to what one would expect.

OpenAI, the company behind ChatGPT, has officially made a return to Italy after the company met the data protection authority's demands ahead of April 30, 2023, deadline. The reinstatement comes following Garante's decision to temporarily block access to the popular AI chatbot service in Italy on March 31, 2023, over concerns that its practices are in violation of data protection laws in the region.

This vulnerability introduces a demanding challenge for security stakeholders, since none of the existing data protection tools can ensure no sensitive data is exposed to ChatGPT. In this article we'll explore this security challenge in detail and show how browser security solutions can provide a solution. The ChatGPT data protection blind spot: How can you govern text insertion in the browser?#.

Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get them in front of unsuspecting employees, according to Armorblox. Language remains the main attack vector in BEC attacks.

OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "Safe and secure." Other prohibited categories are denial-of-service attacks, brute-forcing OpenAI APIs, and demonstrations that aim to destroy data or gain unauthorized access to sensitive information.

Microsoft has introduced a new update to Bing.com that includes a significant change in its search results - the addition of ChatGPT responses to search queries. Instead of featured snippets, in some cases, users will now see Bing AI answers to their queries, with prompts to continue conversations with the chatbot.

A Forcepoint staffer has blogged about how he used ChatGPT to craft some code that exfiltrates data from an infected machine. Mulgrew says producing the tool took "Only a few hours." His write-up on Tuesday of his experimentation can be found here, though ignore the stuff about zero days and how the bot could write code that would take normal programmers days to do.