Security News

Although OpenAI is an established organization with many years of experience promoting and developing AI systems, the relative immaturity of the ChatGPT application, combined with the lack of security assurance available for OpenAI, can put organizations at risk. In this Help Net Security video, Meghan Maneval, Director of Technical Product Management, Reciprocity, discusses why companies considering the utilization of ChatGPT internally must ensure the tool and the provider undergo the same third-party risk management process as any other application.

The cybersecurity industry can leverage GPT-3 potential as a co-pilot to help defeat attackers, according to Sophos. The latest report details projects developed by Sophos X-Ops using GPT-3's large language models to simplify the search for malicious activity in datasets from security software, more accurately filter spam, and speed up analysis of "Living off the land" binary attacks.

However the technology sophistication raises inevitable question: what are the drawbacks of ChatGPT and similar technologies? With capabilities to generate a multitude of realistic responses, ChatGPT could be used to create a host of responses capable of tricking an unassuming reader into thinking a real human is behind the content. ChatGPT takes a complex prompt and generates a full response, potentially spanning multiple paragraphs.

Skyhigh Security has seen firsthand how 33,000 enterprise users have accessed ChatGPT through corporate infrastructures. Almost 7 TB of data has been transacted with ChatGPT through corporate web and cloud assets between Nov 2022 - Feb 2023.

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio Labs researcher Nati Tal said in a technical report.

From malvertising, extension installation, hijacking Facebook accounts, and back again to propagation. The fake ChatGPT extension discovered by Guardio is the latest security concern, affecting thousands daily.

Interview It's a tough economy to ask for a bigger security team or larger budget to buy technology to protect against cyberattacks. Organizations moving to the cloud and shifting to a decentralized IT environment requires security teams adapt and change these processes.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Google Protected Computing: Ensuring privacy and safety of data regardless of locationIn this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general. Researchers find hidden vulnerabilities in hundreds of Docker containersRezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.

The fake OpenAI pages serving malware have been set up on a variety of domains, and we can expect others still to pop up. Users wanting to try out ChatGPT are advised to go directly to the source, i.e., to look for relevant information on OpenAI's official page.