Security News

In the wake of WormGPT, a ChatGPT clone trained on malware-focused data, a new generative artificial intelligence hacking tool called FraudGPT has emerged, and at least another one is under development that is allegedly based on Google's AI experiment, Bard. Both AI-powered bots are the work of the same individual, who appears to be deep in the game of providing chatbots trained specifically for malicious purposes ranging from phishing and social engineering, to exploiting vulnerabilities and creating malware.

Microsoft is further enhancing the Windows 11 Enhanced Phishing Protection by testing a new feature that warns users when they copy and paste their Windows password into websites and documents. With the release of Windows 11 22H2, Microsoft introduced a new security feature called Enhanced Phishing protection, designed to protect your Windows and Active Directory domain credentials from being obtained by threat actors.

A threat actor referred to as 'RomCom' has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit set to start tomorrow in Vilnius, Lithuania. BlackBerry's research and intelligence team recently discovered two malicious documents that impersonated the Ukranian World Congress organization and topics related to the NATO Summit to lure selected targets.

While the number of new ransomware variants continues to decline, ransomware attacks' severity remains significant. In the first half of 2023 alone, the number of email-based phishing attacks has surged 464% when compared to 2022.

I never click on it, because it's so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs. Tags: cybercrime, phishing, phones, SMS, spam.

ChatGPT can be used to generate phishing sites, but could it also be used to reliably detect them? Security researchers have tried to answer that question. What surprised the researchers was the fact that ChatGPT managed to detect potential phishing targets.

Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks. At first glance, the letters sent by UPS Canada, titled "Fighting phishing and smishing - an update from UPS," seem to be a warning to customers about the dangers of phishing.

The firm used its own AI models to determine that certain emails sent to its customers later identified as phishing attacks were probably AI-generated, according to Dan Shiebler, head of machine learning at Abnormal. "The danger of generative AI in email attacks is that it allows threat actors to write increasingly sophisticated content, making it more likely that their target will be deceived into clicking a link or following their instructions," he said, adding that AI can also be used to create greater personalization.

Attacks on commerce are booming, according to a new study by security firm Akamai. Bots raining on retail drive flood in commerce attacks.

A report from the Microsoft Defender Experts reveals a new multi-staged adversary in the middle phishing attack combined with a business email compromise attack targeting banking and financial institutions. The phishing email impersonates one of the target's trusted vendors to appear more legitimate and blend with legitimate email traffic and bypass detections, especially when an organization has policies to automatically allow emails from trusted vendors.