Security News

Week in review: Manage the risk of ChatGPT use, know the danger of failed Okta logins
2023-03-26 08:30

Threat actors are experimenting with QR codesHackers are diversifying attack methods, including a surge in QR code phishing campaigns, according to HP. A common user mistake can lead to compromised Okta login credentialsLogged failed logins into a company's Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. How to best allocate IT and cybersecurity budgets in 2023As 48% of organizations rank ransomware and targeted threats as their number one concern for 2023, how can they allocate that increased cybersecurity budget effectively? In this Help Net Security video, Ian McShane, VP of Strategy at Arctic Wolf, explains.

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
2023-03-25 05:51

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company to temporarily shut down the chatbot.

OpenAI: ChatGPT payment data leak caused by open-source bug
2023-03-24 18:39

OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other users' personal information and chat queries.OpenAI took ChatGPT offline to investigate an issue but did not provide details as to what caused the outage.

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts
2023-03-23 16:29

Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI's ChatGPT service to harvest Facebook session cookies and hijack the accounts. The "ChatGPT For Google" extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal.

Fake ChatGPT for Google extension hijacks Facebook accounts
2023-03-23 14:29

A new Chrome extension promising to augment users' Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found. In this case, when searching for ChatGPT via Google Search, users are served with a malicious sponsored ad that first redirects them to a fake ChatGPT for Google landing page, and then to the malicious extension on the official Chrome Store.

Bogus ChatGPT extension steals Facebook cookies
2023-03-23 07:29

Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies - but not before more than 9,000 users installed the account-compromising bot. The malicious extension - Chat GPT For Google - is very similar in name and code to the real ChatGPT For Google extension.

Facebook accounts hijacked by new malicious ChatGPT Chrome extension
2023-03-22 16:44

A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts. The extension is a copy of the legitimate popular add-on for Chrome named "ChatGPT for Google" that offers ChatGPT integration on search results.

ChatGPT Privacy Flaw
2023-03-22 11:14

OpenAI has disabled ChatGPT’s privacy history, almost certainly because they had a security flaw where users were seeing each others’ histories.

Why you should treat ChatGPT like any other vendor service
2023-03-22 05:00

Although OpenAI is an established organization with many years of experience promoting and developing AI systems, the relative immaturity of the ChatGPT application, combined with the lack of security assurance available for OpenAI, can put organizations at risk. In this Help Net Security video, Meghan Maneval, Director of Technical Product Management, Reciprocity, discusses why companies considering the utilization of ChatGPT internally must ensure the tool and the provider undergo the same third-party risk management process as any other application.

How ChatGPT is changing the cybersecurity game
2023-03-17 05:00

The cybersecurity industry can leverage GPT-3 potential as a co-pilot to help defeat attackers, according to Sophos. The latest report details projects developed by Sophos X-Ops using GPT-3's large language models to simplify the search for malicious activity in datasets from security software, more accurately filter spam, and speed up analysis of "Living off the land" binary attacks.