What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-07 12:13:33 | Prompt Injection Attacks on Large Language Models (lien direct) | This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs). They are already being adopted in practice and integrated into many systems, including integrated development environments (IDEs) and search engines. The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unassessable. This property, which makes them adaptable to even unseen tasks, might also make them susceptible to targeted adversarial prompting. Recently, several ways to misalign LLMs using Prompt Injection (PI) attacks have been introduced. In such attacks, an adversary can prompt the LLM to produce malicious content or override the original instructions and the employed filtering schemes. Recent work showed that these attacks are hard to mitigate, as state-of-the-art LLMs are instruction-following. So far, these attacks assumed that the adversary is directly prompting the LLM... | ChatGPT | ★★★ | |
 |
2023-03-06 10:30:51 | Le nouveau rapport Pulse de Norton : Quand les progrès de l\'IA nourrissent les nouveaux outils des escrocs (lien direct) | Le nouveau rapport Pulse de Norton : Quand les progrès de l'IA nourrissent les nouveaux outils des escrocs • Selon le dernier rapport Pulse de Norton, les cybercriminels utilisent ChatGPT pour créer des chatbots deepfake, des campagnes de phishing et des logiciels malveillants. • Lors du dernier dernier trimestre 2022, Norton a bloqué plus de 27 millions de menaces en France, dont 639 219 tentatives d'hameçonnage. - Investigations | ChatGPT ChatGPT | ★★★ | |
 |
2023-03-03 14:07:38 | OpenAI ouvre l\'accès API à ChatGPT : petit aide-mémoire (lien direct) | L'API OpenAI donne désormais accès au modèle sous-jacent de ChatGPT. Dans quelles conditions ? | ChatGPT ChatGPT | ★★ | |
|
2023-03-02 17:17:00 | ChatGPT : les acteurs de la menace l\'utilisent aussi (lien direct) | Les acteurs de la menace cyber peuvent avoir un temps d'avance sur l'utilisation des capacités d'une IA générative comme ChatGPT. | ChatGPT ChatGPT | ★★★ | |
 |
2023-02-28 14:00:00 | CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe? (lien direct) |
CyberheistNews Vol 13 #09 | February 28th, 2023
[Eye Opener] Should You Click on Unsubscribe?
By Roger A. Grimes.
Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?"
The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action.
In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days.
Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use.
In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list.
[CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac |
Malware Hack Tool Vulnerability Threat Guideline Prediction | APT 38 ChatGPT | ★★★ |
 |
2023-02-26 08:00:00 | Quand ChatGPT vous écoute (et vous parle) (lien direct) | Si vous n’aimez pas taper au clavier ou que vous n’avez pas de bras, et bien vous allez quand même pouvoir kiffer ChatGPT avec cette extension Chrome qui permet à la fois de lui parler mais également de l’écouter nous répondre. Ainsi, Talk to GPT permet de rendre l’expérience de … Suite | ChatGPT | ★★ | |
|
2023-02-25 08:00:00 | Comment intégrer ChatGPT dans votre moteur de recherche préféré ? (lien direct) | Google est en alerte rouge depuis qu’OpenAI a sorti ChatGPT. En effet, c’est la première fois que je vois vraiment un service qui pourrait les " disrupter " pour parler comme Bruno Lemaire. Mais en attendant que les IA de Google soient au point, on peut quand même grâce à l’extension ChatGPT … Suite | ChatGPT | ★★ | |
 |
2023-02-23 21:01:29 | A Parent\'s Guide to ChatGPT (lien direct) | >
ChatGPT is, without doubt, the biggest tech story of the year. It's created debate in schools and universities, made history...
|
ChatGPT | ★★ | |
 |
2023-02-23 19:02:13 | Hackers use ChatGPT phishing websites to infect users with malware (lien direct) |  Cyble says cybercriminals are setting up phishing websites that mimic the branding of ChatGPT, an AI tool that has exploded in popularity |
Malware Tool | ChatGPT | ★★★ |
|
2023-02-23 09:27:10 | ChatGPT et recherche en ligne : quoi qu\'il en coûte ? (lien direct) | Les IA génératives " à la ChatGPT " gagnent l'univers de la recherche en ligne... avec un certain impact sur les modèles économiques. | ChatGPT | ★★ | |
 |
2023-02-23 09:25:51 | Une fausse app ChatGPT pour Windows menace de pirater vos comptes Facebook, TikTok et Google (lien direct) |  Une fausse application ChatGPT pour PC Windows se propage sur les réseaux sociaux. Elle cache un malware capable de voler les identifiants des comptes Facebook, TikTok et Google. |
Malware | ChatGPT | ★★ |
 |
2023-02-23 09:20:00 | Phishing Sites and Apps Use ChatGPT as Lure (lien direct) | Campaigns designed to steal card information and install malware | Malware | ChatGPT | ★★ |
 |
2023-02-23 09:07:44 | Fake ChatGPT apps spread Windows and Android malware (lien direct) | OpenAI's ChatGPT chatbot has been a phenomenon, taking the internet by storm. Whether it is composing poetry, writing essays for college students, or finding bugs in computer code, it has impressed millions of people and proven itself to be the most accessible form of artificial intelligence ever seen. Yes, there are plenty of fears about how the technology could be used and abused, questions to be answered about its ethical use and how regulators might police its use, and worries that some may not realise that ChatGPT is not as smart as it initially appears. But no-one can deny that it has... | Malware | ChatGPT | ★★ |
|
2023-02-23 08:00:00 | Pour sauvegarder et partager vos discussions avec l\'IA d\'OpenAI (lien direct) | Personne n’a échappé à la folie de ChatGPT. Evidemment, ce truc est foufou et si je vous en reparle aujourd’hui, c’est qu’il existe une extension pour Chrome qui s’appelle ShareGPT et qui permet tout simplement de sauvegarder / partager en 1 clic une conversation que vous avez eu avec l’IA … Suite | General Information | ChatGPT | ★★★ |
 |
2023-02-22 21:55:00 | Scammers Mimic ChatGPT to Steal Business Credentials (lien direct) | Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot. | ChatGPT | ★★★ | |
 |
2023-02-22 20:30:12 | No, ChatGPT didn\'t win a hacking competition prize…yet (lien direct) | $20k Pwn2Own prize for the humans, zero for the AI It was bound to happen sooner or later. For the first time ever, bug hunters used ChatGPT in a successful Pwn2Own exploit, helping the researchers to hack software used in industrial applications and win $20,000.… | Hack Industrial | ChatGPT | ★★★ |
 |
2023-02-22 16:58:19 | Hackers use fake ChatGPT apps to push Windows, Android malware (lien direct) | Threat actors are actively exploiting the popularity of OpenAI's ChatGPT AI tool to distribute Windows malware, infect Android devices with spyware, or direct unsuspecting victims to phishing pages. [...] | Malware Tool Threat | ChatGPT | ★★★ |
|
2023-02-22 16:25:56 | Un nouveau malware vole des identifiants de réseaux sociaux en se faisant passer pour une application ChatGPT (lien direct) | Un nouveau malware vole des identifiants de réseaux sociaux en se faisant passer pour une application ChatGPT - Malwares | Malware | ChatGPT | ★★★ |
 |
2023-02-22 13:02:01 | (Déjà vu) Detection Engineering Weekly #12 - Don\'t use ChatGPT to email your CEO (lien direct) | Last week's news and how-tos in the art and science of Detection Engineering | ChatGPT ChatGPT | ★★★ | |
 |
2023-02-22 10:30:16 | Writing like a boss with ChatGPT and how to get better at spotting phishing scams (lien direct) | >It's never been easier to write a convincing message that can trick you into handing over your money or personal data | General Information | ChatGPT | ★★★ |
|
2023-02-21 14:00:00 | CyberheistNews Vol 13 #08 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
CyberheistNews Vol 13 #08 | February 21st, 2023
[Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a "sophisticated and highly-targeted" spear phishing attack.
I spend a lot of time talking about phishing attacks and the specifics that closely surround that pivotal action taken by the user once they are duped into believing the phishing email was legitimate.
However, there are additional details about the attack we can analyze to see what kind of access the attacker was able to garner from this attack. But first, here are the basics:
According to Reddit, an attacker set up a website that impersonated the company's intranet gateway, then sent targeted phishing emails to Reddit employees. The site was designed to steal credentials and two-factor authentication tokens.
There are only a few details from the breach, but the notification does mention that the threat actor was able to access "some internal docs, code, as well as some internal dashboards and business systems."
Since the notice does imply that only a single employee fell victim, we have to make a few assumptions about this attack:
The attacker had some knowledge of Reddit's internal workings – The fact that the attacker can spoof an intranet gateway shows they had some familiarity with the gateway's look and feel, and its use by Reddit employees.
The targeting of victims was limited to users with specific desired access – Given the knowledge about the intranet, it's reasonable to believe that the attacker(s) targeted users with specific roles within Reddit. From the use of the term "code," I'm going to assume the target was developers or someone on the product side of Reddit.
The attacker may have been an initial access broker – Despite the access gained that Reddit is making out to be not a big deal, they do also mention that no production systems were accessed. This makes me believe that this attack may have been focused on gaining a foothold within Reddit versus penetrating more sensitive systems and data.
There are also a few takeaways from this attack that you can learn from:
2FA is an important security measure – Despite the fact that the threat actor collected and (I'm guessing) passed the credentials and 2FA details onto the legitimate Intranet gateway-a classic man-in-the |
Data Breach Hack Threat Guideline | ChatGPT | ★★ |
 |
2023-02-21 00:00:00 | In Review: What GPT-3 Taught ChatGPT in a Year (lien direct) | Amidst the uproar and opinions since November 2022, we look at the possibilities and implications of what OpenAI's ChatGPT presents to the cybersecurity industry using a comparison to earlier products, like its predecessor GPT-3. | ChatGPT | ★★ | |
|
2023-02-20 10:30:58 | Will ChatGPT start writing killer malware? (lien direct) | >AI-pocalypse soon? As stunning as ChatGPT's output can be, should we also expect the chatbot to spit out sophisticated malware? | ChatGPT | ★★ | |
|
2023-02-17 12:33:48 | Defending against AI Lobbyists (lien direct) | When is it time to start worrying about artificial intelligence interfering in our democracy? Maybe when an AI writes a letter to The New York Times opposing the regulation of its own technology. That happened last month. And because the letter was responding to an essay we wrote, we’re starting to get worried. And while the technology can be regulated, the real solution lies in recognizing that the problem is human actors—and those we can do something about. Our essay argued that the much heralded launch of the AI chatbot ChatGPT, a system that can generate text realistic enough to appear to be written by a human, poses significant threats to democratic processes. The ability to produce high quality political messaging quickly and at scale, if combined with AI-assisted capabilities to strategically target those messages to policymakers and the public, could become a powerful accelerant of an already sprawling and poorly constrained force in modern democratic life: lobbying... | ChatGPT | ★★★ | |
|
2023-02-16 13:06:36 | ChatGPT : quels sont les cyberrisques qui se cachent derrière cette nouvelle et impressionnante technologie ? (lien direct) | ChatGPT : quels sont les cyberrisques qui se cachent derrière cette nouvelle et impressionnante technologie ? (Par Anna Collard). Ce chatbot, qui s'appuie sur des techniques d'apprentissage profond, génère des textes et des conversations suffisamment convaincants pour laisser penser qu'ils ont été écrits par un être humain - Points de Vue | ChatGPT | ★★★ | |
|
2023-02-16 12:06:14 | ChatGPT Is Ingesting Corporate Secrets (lien direct) | Interesting: According to internal Slack messages that were leaked to Insider, an Amazon lawyer told workers that they had “already seen instances” of text generated by ChatGPT that “closely” resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a “coding assistant” of sorts to help them write or improve strings of code, the report notes. […] “This is important because your inputs may be used as training data for a further iteration of ChatGPT,” the lawyer wrote in the Slack messages viewed by Insider, “and we wouldn’t want its output to include or resemble our confidential information.”... | ChatGPT | ★★ | |
 |
2023-02-16 10:41:18 | Threat Actors Sheets: OpenAI Generated ! (lien direct) | Inroduction ChatGPT or more generally speaking OpenAI is an incredible tool. It is a spectacular instrument helping people in many different fields, it helps people to summarize text, to produce poem, to build images and music, to answer to difficult questions and to automatize complex processes. So I decided to dedicate an entire blog-post to […] | Threat | ChatGPT | ★★ |
|
2023-02-16 08:57:01 | ChatGPT et cybersécurité : quels risques pour les entreprises ? Analyse Proofpoint (lien direct) | ChatGPT et cybersécurité : quels risques pour les entreprises ? Analyse Proofpoint - Malwares | ChatGPT | ★★ | |
|
2023-02-15 22:50:00 | ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally (lien direct) | Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common. | Vulnerability | ChatGPT | ★★★ |
|
2023-02-15 16:54:18 | 3 Fragen rund um ChatGPT und seinen Nutzen für die Cybersicherheit (lien direct) | Der Chatbot ChatGPT von OpenAI ist ein leistungsstarkes System der künstlichen Intelligenz, das auf der Grundlage einer riesigen Datenmenge trainiert wurde, um geschriebenen Text mit bemerkenswerter Genauigkeit und Kontext zu erzeugen. Es handelt sich um ein Forschungsinstrument, das geschaffen wurde, um der Welt zu zeigen, was mit KI möglich ist. Veröffentlicht wurde es, um zu sehen, wie die Menschen es nutzen und um potenzielle kommerzielle Anwendungen zu erforschen. - Sonderberichte / primetime, Chat GPT | ChatGPT | ★ | |
 |
2023-02-15 10:00:53 | IoC detection experiments with ChatGPT (lien direct) | We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. | Threat | ChatGPT | ★★ |
|
2023-02-14 14:00:00 | CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake (lien direct) |
CyberheistNews Vol 13 #07 | February 14th, 2023
[Scam of the Week] The Turkey-Syria Earthquake
Just when you think they cannot sink any lower, criminal internet scum is now exploiting the recent earthquake in Turkey and Syria.
Less than 24 hours after two massive earthquakes claimed the lives of tens of thousands of people, cybercrooks are already piggybacking on the horrible humanitarian crisis. You need to alert your employees, friends and family... again.
Just one example are scammers that pose as representatives from a Ukrainian charity foundation that seeks money to help those affected by the natural disasters that struck in the early hours of Monday.
There are going to be a raft of scams varying from blood drives to pleas for charitable contributions for victims and their families. Unfortunately, this type of scam is the worst kind of phishbait, and it is a very good idea to inoculate people before they get suckered into falling for a scam like this.
I suggest you send the following short alert to as many people as you can. As usual, feel free to edit:
[ALERT] "Lowlife internet scum is trying to benefit from the Turkey-Syria earthquake. The first phishing campaigns have already been sent and more will be coming that try to trick you into clicking on a variety of links about blood drives, charitable donations, or "exclusive" videos.
"Don't let them shock you into clicking on anything, or open possibly dangerous attachments you did not ask for! Anything you receive about this recent earthquake, be very suspicious. With this topic, think three times before you click. It is very possible that it is a scam, even though it might look legit or was forwarded to you by a friend -- be especially careful when it seems to come from someone you know through email, a text or social media postings because their account may be hacked.
"In case you want to donate to charity, go to your usual charity by typing their name in the address bar of your browser and do not click on a link in any email. Remember, these precautions are just as important at the house as in the office, so tell your friends and family."
It is unfortunate that we continue to have to warn against the bad actors on the internet that use these tragedies for their own benefit. For KnowBe4 customers, we have a few templates with this topic in the Current Events. It's a good idea to send one to your users this week.
Blog post with links:https://blog.knowbe4.com/scam-of-the-week-the-turkey-syria-earthquake
|
Ransomware Spam Threat Guideline | ChatGPT | ★★ |
|
2023-02-14 10:30:06 | ChatGPT, will you be my Valentine? (lien direct) | >Spoiler alert: it turned me down. But that's far from the only thing I learned while playing around with the bot that the world has fallen in love with so badly. | ChatGPT | ★★ | |
|
2023-02-13 15:21:06 | Could ChatGPT Cause Heartbreak with Online Dating Scams? (lien direct) | >
Scammers now have new tools to lure people who are looking for love online, by reeling in potential victims with...
|
ChatGPT | ★★ | |
 |
2023-02-13 15:15:22 | CVE-2023-0405 (lien direct) | The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts. | ChatGPT | ||
|
2023-02-13 13:39:15 | ChatGPT peut-il sécuriser Kubernetes ? (lien direct) | Plusieurs plates-formes de monitoring pour Kubernetes ont établi des passerelles avec ChatGPT. | Uber ChatGPT | ★★ | |
|
2023-02-13 09:17:08 | ChatGPT, ses semblables et leurs secrets pas si bien gardés (lien direct) | Il arrive que ChatGPT et consorts dévoilent des éléments qu'ils sont censés garder pour eux. Y compris l'essence de leur " morale ". | ChatGPT | ★★★ | |
|
2023-02-10 16:32:58 | ChatGPT : une IA pour soutenir les travailleurs ? (lien direct) | ChatGPT, l'agent conversationnel d'OpenAI, peut contribuer à la productivité de travailleurs de la connaissance. Mais à quel prix ? | ChatGPT | ★★ | |
|
2023-02-10 15:23:53 | Face au phénomène ChatGPT, IBM sort (un peu) du bois (lien direct) | Dans l'effervescence autour des IA génératives, IBM vient occuper le terrain en parlant de son supercalculateur Vela. | ChatGPT | ★★ | |
|
2023-02-10 11:19:56 | ChatGPT pourrait déjà être utilisé par les États-nation dans le cadre de cyberattaques (lien direct) | ChatGPT pourrait déjà être utilisé par les États-nation dans le cadre de cyberattaques Une récente étude BlackBerry, montre que 63 % des décideurs IT français interrogés pensent que ChatGPT sera à l'origine d'une cyberattaque réussie d'ici 1 à 2 ans. 92 % estimeraient que la réglementation des technologies avancées - comme ChatGPT, et leurs usages est du ressort des gouvernements. - Malwares | Industrial | ChatGPT | ★★★ |
|
2023-02-09 18:52:00 | Phishing Surges Ahead, as ChatGPT & AI Loom (lien direct) | AI and phishing-as-a-service (PaaS) kits are making it easier for threat actors to create malicious email campaigns, which continue to target high-volume applications using popular brand names. | Threat | ChatGPT | ★★★ |
|
2023-02-09 17:05:17 | Hackers Bypass ChatGPT Restrictions Via Telegram Bots (lien direct) | Researchers revealed on Wednesday that hackers had found a means to get beyond ChatGPT’s limitations and are using it to market services that let users produce malware and phishing emails. ChatGPT is a chatbot that imitates human output by using artificial intelligence to respond to inquiries and carry out tasks. People can use it to […] | Malware | ChatGPT | ★★ |
|
2023-02-09 15:42:00 | ChatGPT is all the rave but what about security? (lien direct) | ChatGPT has taken the internet by storm with major tech companies like Google and Bing rolling out their own AI chatbots. Despite the promise of AI chatbots to increase efficiency, one crucial piece of the puzzle seems to have been overlooked by all these tech giants... security. Whilst we can all see the potential of these AI tools, they are still very much at the infancy stage. And it is vital this is remembered before businesses blindly embrace tools that have high likelihood of bringing in some serious security threats. In light of this, we wanted to share some commentary on the topic from Daniel Spicer, Chief Security Officer for Ivanti. - Opinion | ChatGPT | ★★ | |
|
2023-02-08 22:05:00 | Jailbreak Trick Breaks ChatGPT Content Safeguards (lien direct) | Jailbreak command creates ChatGPT alter ego DAN, willing to create content outside of its own content restriction controls. | ChatGPT | ★★★ | |
 |
2023-02-08 18:54:03 | Hackers are selling a service that bypasses ChatGPT restrictions on malware (lien direct) | ChatGPT restrictions on the creation of illicit content are easy to circumvent. | Malware | ChatGPT | ★★★ |
|
2023-02-08 17:42:36 | ChatGPT : après le show Microsoft, un Google à réaction (lien direct) | Google projette d'intégrer de l'IA générative dans son moteur de recherche, à l'instar de Microsoft... mais avec un temps de retard. | ChatGPT | ★★★ | |
|
2023-02-08 15:00:00 | Why ChatGPT Isn\'t a Death Sentence for Cyber Defenders (lien direct) | Generative AI combined with user awareness training creates a security alliance that can let organizations work protected from ChatGPT. | ChatGPT | ★★ | |
|
2023-02-08 10:45:31 | Logpoint makes ChatGPT SOAR integration available (lien direct) | Logpoint makes ChatGPT SOAR integration available Logpoint's ChatGPT integration for SOAR enables Logpoint customers to explore the new technology's potential in a cybersecurity context. - Product Reviews | ChatGPT | ★★ | |
|
2023-02-08 10:42:34 | ChatGPT : comment Microsoft a joué sa carte avec Bing (lien direct) | Microsoft commence à expérimenter un " nouveau " Bing doté d'un assistant de même ascendance que ChatGPT. | ChatGPT | ★★ | |
|
2023-02-08 10:34:41 | Les cybercriminels se tournent vers les bots Telegram pour déjouer les restrictions de ChatGPT (lien direct) | Les cybercriminels se tournent vers les bots Telegram pour déjouer les restrictions de ChatGPT Check Point Research (CPR) constate que les cybercriminels se servent de bots Telegram pour contourner les restrictions de ChatGPT dans les forums illégaux. - Malwares | ChatGPT ChatGPT | ★ |
To see everything:
Our RSS (filtrered)
