Security News
Google Protected Computing: Ensuring privacy and safety of data regardless of locationIn this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general. Researchers find hidden vulnerabilities in hundreds of Docker containersRezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.
The fake OpenAI pages serving malware have been set up on a variety of domains, and we can expect others still to pop up. Users wanting to try out ChatGPT are advised to go directly to the source, i.e., to look for relevant information on OpenAI's official page.
Threat actors are exploiting the popularity of OpenAI's ChatGPT chatbot to distribute malware for Windows and Android, or direct unsuspecting vitims to phishing pages. Security researcher Dominic Alvieri was among the first to notice one such example using the domain "Chat-gpt-pc.online" to infect visitors with the Redline info-stealing malware under the guise of a download for a ChatGPT Windows desktop client.
Leveraging these mechanics and 5 large language models, ChatGPT can translate the human language into dynamic and useful machine results. As with any new technology, ChatGPT can be used for both good and bad - and this has major implications for the world of cybersecurity.
According to internal Slack messages that were leaked to Insider, an Amazon lawyer told workers that they had "Already seen instances" of text generated by ChatGPT that "Closely" resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a "Coding assistant" of sorts to help them write or improve strings of code, the report notes.
Thousands of unpatched VMware ESXi servers hit by ransomware via old bugLate last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows them to run exploit code remotely, without prior authentication. Reddit breached: Internal docs, dashboards, systems accessedPopular social news website and forum Reddit has been breached and the attacker "Gained access to some internal docs, code, as well as some internal dashboards and business systems," but apparently not to primary production systems and user data.
The survey of 1,500 IT decision makers across North America, UK, and Australia exposed a perception that, although respondents in all countries see ChatGPT as generally being put to use for 'good' purposes, 74% acknowledge its potential cybersecurity threat and are concerned. Though there are differing views around the world on how that threat might manifest, ChatGPT's ability to help hackers craft more believable and legitimate sounding phishing emails is the top global concern, along with enabling less experienced hackers to improve their technical knowledge and develop more specialized skills and its use for spreading misinformation.
How to tackle the cybersecurity skills shortage in the EUIn this Help Net Security Dritan Saliovski, Director - Nordic Head of Cyber M&A, Transaction Advisory Services at Aon, offers some pointers, as well as advice to organizations on how to attract and retain the best cybersecurity talent. ENISA gives out toolbox for creating security awareness programsThe European Union Agency for Cybersecurity has made available Awareness Raising in a Box, a "Do it yourself" toolbox to help organizations in their quest to create and implement a custom security awareness raising program.
Currently, the value of generative AI, like ChatGPT and DALL-E, is lopsided in favor of threat actors. Threat actors using generative AI in their attack arsenal is an eventuality, and now we need to focus on how we will defend against this new threat.
ChatGPT - the Large Language Model developed by OpenAI and based on the GPT-3 natural language generator - is generating ethical chatter. Like CRISPR's impact on biomedical engineering, ChatGPT slices and dices, creating something new from scraps of information and injecting fresh life into the fields of philosophy, ethics and religion.