ChatGPT: Productivity tool, great for writing poems, and… a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game.
ChatGPT is the most swiftly growing consumer application to date. The extremely popular generative AI chatbot has the ability to generate human-like, coherent and contextually relevant responses.
With AI and publicly available data, cybercriminals have the resources they need to fake a real-life kidnapping and make you believe it. Read More
Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure.
The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023.
"The script creates a 'Covert Channel' by exploiting the event
Here is what matters most when it comes to artificial intelligence (AI) in cybersecurity: Outcomes.
As the threat landscape evolves and generative AI is added to the toolsets available to defenders and attackers alike, evaluating the relative effectiveness of various AI-based security offerings is increasingly important — and difficult. Asking the right questions can help you spot solutions
FIRST, the Forum of Incident Response and Security Teams has recently unveiled the latest version of their Common Vulnerability Scoring System (CVSS). The new CVSS 4.0 is the replacement of CVSS 3.0 and provides security experts with a powerful tool…
This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique “freemium” model
Securing employees' SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches and technologies, leading to unnecessary confusion and complexity. Enter
The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from N-able called Advanced Monitoring Agent.
Cybersecurity firm Deep Instinct, which disclosed details of the attacks, said the campaign "exhibits updated TTPs to previously reported MuddyWater activity,"
The parties within the International Counter Ransomware Initiative intend to use information-sharing tools and AI to achieve their goals of cutting off the financial resources of threat actors. Read More
The Kopeechka service, which refers to “penny” in Russian, is a new tool criminals use to quickly and easily generate hundreds of fake social media accounts. The service, operational since the start of 2019, offers simple account registration services for…
The campaign uses automated tools to clone public GitHub code repositories, scanning for exposed AWS IAM credentials. Read More
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new version of Logging Made Easy (LME), a free and simple log management solution for Windows-based devices. LME is based on a technology developed by the United Kingdom’s National Cyber…
The Cloud Access Security Broker serves as a gatekeeper for organizations, assisting them in keeping track of and safely utilizing cloud services while ensuring that network traffic complies with their security guidelines and standards. Customers can see the use of…
The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software.
The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for
The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner. The post Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools appeared first on SecurityWeek. Read More
Generative artificial intelligence tools have unleashed a new era of terror to CISOs still battling longstanding shadow IT security risks. Read More
