-
![]()
Researcher Crafts Stealthy Zero-Day Malware with ChatGPT’s Help
In a groundbreaking experiment that has raised concerns in the cybersecurity community, Forcepoint researcher Aaron Mulgrew demonstrated how he built a sophisticated zero-day exploit using only prompts from ChatGPT, an artificial intelligence language model developedd by OpenAI. ChatGPT is capable of generating human-like text and code and is often used for various natural language processing…
-
![]()
Samsung Grapples with Unintended Leaks via ChatGPT
Samsung Semiconductor is grappling with a data leakage incident after its fab engineers began using OpenAI’s ChatGPT, for assistance. While ChatGPT proved useful in quickly resolving errors in source code, it also inadvertently exposed confidential information, including internal meeting notes and data on fab performance and yields. Concerns have arisen following three instances of data…
-
![]()
Microsoft Enhances Security for OneNote Users by Blocking Dangerous File Extensions
Microsoft has announced an update to its popular note-taking application, OneNote, to improve security measures for users by automatically blocking embedded files with extensions that are considered dangerous. The change comes as a response to an increase in malicious campaigns exploiting OneNote’s ability to attach files that could be executed with limited warnings to users.…
-
![]()
Millions of WordPress Sites at Risk from Active Exploitation of Elementor Pro Vulnerability
Cybercriminals are taking advantage of a critical vulnerability in the Elementor Pro plugin used with WordPress, granting them the ability to seize control of sites that utilize WooCommerce. The security flaw, identified by cybersecurity experts Jerome Bruandet from NinTechNet, permits assailants to run any code they choose on the affected system. According to Jerome’s blog,…
-
![]()
President Biden bans US government use of risky commercial spyware
The President of the United States, Joe Biden, signed an Executive Order that forbids the operational use of commercial spyware by the US government. Commercial spyware is a tool that allows access to electronic devices remotely, extracts their content, and manipulates their components without the user’s knowledge or consent. This type of tool has been…
-
![]()
Microsoft launches AI-powered Security Copilot to assist cybersecurity professionals
Microsoft has launched a new AI-powered assistant, called Security Copilot, designed to help cybersecurity professionals better identify breaches and understand the huge amounts of data available to them. Security Copilot, which is powered by Microsoft’s own security-specific model and OpenAI’s GPT-4 generative AI, can assist with incident investigations and reporting. Security professionals can use it…
-
![]()
New Malicious Chrome Extension Exploits ChatGPT to Access Facebook Accounts
A second damaging ChatGPT extension for Google Chrome has been uncovered, permitting cybercriminals to infiltrate users’ Facebook accounts by acquiring cookies. The extension was found by Guardio Labs and was downloaded over 9,000 times before being removed from the Chrome store. It was advertised through Google-sponsored search results targeting individuals interested in OpenAI’s Chat GPT4…
-
![]()
VCSLAB Team, VietTel Cyber Security, Achieves Successful Hack against Microsoft Teams
VCSLAB is the research team of Viettel Cyber Security, and they have proven their expertise in the field of cybersecurity through their successful exploits. During the annual Pwn2Own software exploitation contest, VCSLAB demonstrated a two-bug chain in their attempt against Microsoft Team and were successful in their endeavor. This achievement earned them a cash prize…
-
![]()
French Researchers Win Big at Pwn2Own with Tesla Model 3 Hacks
At the annual Pwn2Own software exploitation contest, French hacking firm Synacktiv successfully demonstrated two exploit chains against Tesla’s newest electric car, the Model 3. The hacks exploited flaws in the car’s Tesla-Gateway and Tesla-Infotainment sub-systems, leading to the “full compromise” of the vehicle. The first hack earned the team $100,000 and the second, which used…
-
![]()
CISA Releases New Audit Tool for Microsoft Cloud Services Security
The US Cybersecurity and Infrastructure Security Agency (CISA) has released the “Untitled Goose Tool” to help detect malicious activity in Microsoft Azure, Azure Active Directory, and Microsoft 365 environments. The tool offers new authentication and data collection methods for network defenders to analyze their Microsoft cloud services. The tool allows users to export and review…
