Security News

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio Labs researcher Nati Tal said in a technical report.

From malvertising, extension installation, hijacking Facebook accounts, and back again to propagation. The fake ChatGPT extension discovered by Guardio is the latest security concern, affecting thousands daily.

Interview It's a tough economy to ask for a bigger security team or larger budget to buy technology to protect against cyberattacks. Organizations moving to the cloud and shifting to a decentralized IT environment requires security teams adapt and change these processes.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Google Protected Computing: Ensuring privacy and safety of data regardless of locationIn this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general. Researchers find hidden vulnerabilities in hundreds of Docker containersRezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.

The fake OpenAI pages serving malware have been set up on a variety of domains, and we can expect others still to pop up. Users wanting to try out ChatGPT are advised to go directly to the source, i.e., to look for relevant information on OpenAI's official page.

Threat actors are exploiting the popularity of OpenAI's ChatGPT chatbot to distribute malware for Windows and Android, or direct unsuspecting vitims to phishing pages. Security researcher Dominic Alvieri was among the first to notice one such example using the domain "Chat-gpt-pc.online" to infect visitors with the Redline info-stealing malware under the guise of a download for a ChatGPT Windows desktop client.

Leveraging these mechanics and 5 large language models, ChatGPT can translate the human language into dynamic and useful machine results. As with any new technology, ChatGPT can be used for both good and bad - and this has major implications for the world of cybersecurity.

According to internal Slack messages that were leaked to Insider, an Amazon lawyer told workers that they had "Already seen instances" of text generated by ChatGPT that "Closely" resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a "Coding assistant" of sorts to help them write or improve strings of code, the report notes.

Thousands of unpatched VMware ESXi servers hit by ransomware via old bugLate last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows them to run exploit code remotely, without prior authentication. Reddit breached: Internal docs, dashboards, systems accessedPopular social news website and forum Reddit has been breached and the attacker "Gained access to some internal docs, code, as well as some internal dashboards and business systems," but apparently not to primary production systems and user data.