Security News
Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get them in front of unsuspecting employees, according to Armorblox. Language remains the main attack vector in BEC attacks.
OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "Safe and secure." Other prohibited categories are denial-of-service attacks, brute-forcing OpenAI APIs, and demonstrations that aim to destroy data or gain unauthorized access to sensitive information.
Microsoft has introduced a new update to Bing.com that includes a significant change in its search results - the addition of ChatGPT responses to search queries. Instead of featured snippets, in some cases, users will now see Bing AI answers to their queries, with prompts to continue conversations with the chatbot.
A Forcepoint staffer has blogged about how he used ChatGPT to craft some code that exfiltrates data from an infected machine. Mulgrew says producing the tool took "Only a few hours." His write-up on Tuesday of his experimentation can be found here, though ignore the stuff about zero days and how the bot could write code that would take normal programmers days to do.
The Italian data protection watchdog, Garante per la Protezione dei Dati Personali, has imposed a temporary ban of OpenAI's ChatGPT service in the country, citing data protection concerns. To that end, it has ordered the company to stop processing users' data with immediate effect, stating it intends to investigate the company over whether it's unlawfully processing such data in violation of the E.U. General Data Protection Regulation laws.
Microsoft unveils AI-powered Security Copilot analysis toolMicrosoft has unveiled Security Copilot, an AI-powered analysis tool that aims to simplify, augment and accelerate security operations professionals' work. Prioritizing data security amid workforce disruptionsIn this Help Net Security video, Chris Wey, President of Data Modernization at Rocket Software, discusses the risks organizations face and the steps they can take to mitigate disruption.
With the increased public interest in ChatGPT, the Europol Innovation Lab took the matter seriously and conducted a series of workshops involving subject matter experts from various departments of Europol. These workshops aimed to investigate potential ways in which large language models like ChatGPT can be exploited by criminals and how they can be utilized to aid investigators in their day-to-day tasks.
Not only were some ChatGPT users able to see what other users have been using the AI chatbot for, but limited personal and billing information ended up getting revealed, as well.ChatGPT suffered an outage on March 20 and then problems with making conversation history accessible to users.
Threat actors are experimenting with QR codesHackers are diversifying attack methods, including a surge in QR code phishing campaigns, according to HP. A common user mistake can lead to compromised Okta login credentialsLogged failed logins into a company's Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. How to best allocate IT and cybersecurity budgets in 2023As 48% of organizations rank ransomware and targeted threats as their number one concern for 2023, how can they allocate that increased cybersecurity budget effectively? In this Help Net Security video, Ian McShane, VP of Strategy at Arctic Wolf, explains.
OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company to temporarily shut down the chatbot.