What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-22 20:30:12 | No, ChatGPT didn\'t win a hacking competition prize…yet (lien direct) | $20k Pwn2Own prize for the humans, zero for the AI It was bound to happen sooner or later. For the first time ever, bug hunters used ChatGPT in a successful Pwn2Own exploit, helping the researchers to hack software used in industrial applications and win $20,000.… | Hack Industrial | ChatGPT | ★★★ |
 |
2023-02-22 16:58:19 | Hackers use fake ChatGPT apps to push Windows, Android malware (lien direct) | Threat actors are actively exploiting the popularity of OpenAI's ChatGPT AI tool to distribute Windows malware, infect Android devices with spyware, or direct unsuspecting victims to phishing pages. [...] | Malware Tool Threat | ChatGPT | ★★★ |
 |
2023-02-22 16:25:56 | Un nouveau malware vole des identifiants de réseaux sociaux en se faisant passer pour une application ChatGPT (lien direct) | Un nouveau malware vole des identifiants de réseaux sociaux en se faisant passer pour une application ChatGPT - Malwares | Malware | ChatGPT | ★★★ |
 |
2023-02-22 13:02:01 | (Déjà vu) Detection Engineering Weekly #12 - Don\'t use ChatGPT to email your CEO (lien direct) | Last week's news and how-tos in the art and science of Detection Engineering | ChatGPT ChatGPT | ★★★ | |
 |
2023-02-22 10:30:16 | Writing like a boss with ChatGPT and how to get better at spotting phishing scams (lien direct) | >It's never been easier to write a convincing message that can trick you into handing over your money or personal data | General Information | ChatGPT | ★★★ |
 |
2023-02-21 14:00:00 | CyberheistNews Vol 13 #08 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
CyberheistNews Vol 13 #08 | February 21st, 2023
[Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a "sophisticated and highly-targeted" spear phishing attack.
I spend a lot of time talking about phishing attacks and the specifics that closely surround that pivotal action taken by the user once they are duped into believing the phishing email was legitimate.
However, there are additional details about the attack we can analyze to see what kind of access the attacker was able to garner from this attack. But first, here are the basics:
According to Reddit, an attacker set up a website that impersonated the company's intranet gateway, then sent targeted phishing emails to Reddit employees. The site was designed to steal credentials and two-factor authentication tokens.
There are only a few details from the breach, but the notification does mention that the threat actor was able to access "some internal docs, code, as well as some internal dashboards and business systems."
Since the notice does imply that only a single employee fell victim, we have to make a few assumptions about this attack:
The attacker had some knowledge of Reddit's internal workings – The fact that the attacker can spoof an intranet gateway shows they had some familiarity with the gateway's look and feel, and its use by Reddit employees.
The targeting of victims was limited to users with specific desired access – Given the knowledge about the intranet, it's reasonable to believe that the attacker(s) targeted users with specific roles within Reddit. From the use of the term "code," I'm going to assume the target was developers or someone on the product side of Reddit.
The attacker may have been an initial access broker – Despite the access gained that Reddit is making out to be not a big deal, they do also mention that no production systems were accessed. This makes me believe that this attack may have been focused on gaining a foothold within Reddit versus penetrating more sensitive systems and data.
There are also a few takeaways from this attack that you can learn from:
2FA is an important security measure – Despite the fact that the threat actor collected and (I'm guessing) passed the credentials and 2FA details onto the legitimate Intranet gateway-a classic man-in-the |
Data Breach Hack Threat Guideline | ChatGPT | ★★ |
 |
2023-02-21 00:00:00 | In Review: What GPT-3 Taught ChatGPT in a Year (lien direct) | Amidst the uproar and opinions since November 2022, we look at the possibilities and implications of what OpenAI's ChatGPT presents to the cybersecurity industry using a comparison to earlier products, like its predecessor GPT-3. | ChatGPT | ★★ | |
|
2023-02-20 10:30:58 | Will ChatGPT start writing killer malware? (lien direct) | >AI-pocalypse soon? As stunning as ChatGPT's output can be, should we also expect the chatbot to spit out sophisticated malware? | ChatGPT | ★★ | |
 |
2023-02-17 12:33:48 | Defending against AI Lobbyists (lien direct) | When is it time to start worrying about artificial intelligence interfering in our democracy? Maybe when an AI writes a letter to The New York Times opposing the regulation of its own technology. That happened last month. And because the letter was responding to an essay we wrote, we’re starting to get worried. And while the technology can be regulated, the real solution lies in recognizing that the problem is human actors—and those we can do something about. Our essay argued that the much heralded launch of the AI chatbot ChatGPT, a system that can generate text realistic enough to appear to be written by a human, poses significant threats to democratic processes. The ability to produce high quality political messaging quickly and at scale, if combined with AI-assisted capabilities to strategically target those messages to policymakers and the public, could become a powerful accelerant of an already sprawling and poorly constrained force in modern democratic life: lobbying... | ChatGPT | ★★★ | |
|
2023-02-16 13:06:36 | ChatGPT : quels sont les cyberrisques qui se cachent derrière cette nouvelle et impressionnante technologie ? (lien direct) | ChatGPT : quels sont les cyberrisques qui se cachent derrière cette nouvelle et impressionnante technologie ? (Par Anna Collard). Ce chatbot, qui s'appuie sur des techniques d'apprentissage profond, génère des textes et des conversations suffisamment convaincants pour laisser penser qu'ils ont été écrits par un être humain - Points de Vue | ChatGPT | ★★★ | |
|
2023-02-16 12:06:14 | ChatGPT Is Ingesting Corporate Secrets (lien direct) | Interesting: According to internal Slack messages that were leaked to Insider, an Amazon lawyer told workers that they had “already seen instances” of text generated by ChatGPT that “closely” resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a “coding assistant” of sorts to help them write or improve strings of code, the report notes. […] “This is important because your inputs may be used as training data for a further iteration of ChatGPT,” the lawyer wrote in the Slack messages viewed by Insider, “and we wouldn’t want its output to include or resemble our confidential information.”... | ChatGPT | ★★ | |
 |
2023-02-16 10:41:18 | Threat Actors Sheets: OpenAI Generated ! (lien direct) | Inroduction ChatGPT or more generally speaking OpenAI is an incredible tool. It is a spectacular instrument helping people in many different fields, it helps people to summarize text, to produce poem, to build images and music, to answer to difficult questions and to automatize complex processes. So I decided to dedicate an entire blog-post to […] | Threat | ChatGPT | ★★ |
|
2023-02-16 08:57:01 | ChatGPT et cybersécurité : quels risques pour les entreprises ? Analyse Proofpoint (lien direct) | ChatGPT et cybersécurité : quels risques pour les entreprises ? Analyse Proofpoint - Malwares | ChatGPT | ★★ | |
 |
2023-02-15 22:50:00 | ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally (lien direct) | Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common. | Vulnerability | ChatGPT | ★★★ |
|
2023-02-15 16:54:18 | 3 Fragen rund um ChatGPT und seinen Nutzen für die Cybersicherheit (lien direct) | Der Chatbot ChatGPT von OpenAI ist ein leistungsstarkes System der künstlichen Intelligenz, das auf der Grundlage einer riesigen Datenmenge trainiert wurde, um geschriebenen Text mit bemerkenswerter Genauigkeit und Kontext zu erzeugen. Es handelt sich um ein Forschungsinstrument, das geschaffen wurde, um der Welt zu zeigen, was mit KI möglich ist. Veröffentlicht wurde es, um zu sehen, wie die Menschen es nutzen und um potenzielle kommerzielle Anwendungen zu erforschen. - Sonderberichte / primetime, Chat GPT | ChatGPT | ★ | |
 |
2023-02-15 10:00:53 | IoC detection experiments with ChatGPT (lien direct) | We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. | Threat | ChatGPT | ★★ |
|
2023-02-14 14:00:00 | CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake (lien direct) |
CyberheistNews Vol 13 #07 | February 14th, 2023
[Scam of the Week] The Turkey-Syria Earthquake
Just when you think they cannot sink any lower, criminal internet scum is now exploiting the recent earthquake in Turkey and Syria.
Less than 24 hours after two massive earthquakes claimed the lives of tens of thousands of people, cybercrooks are already piggybacking on the horrible humanitarian crisis. You need to alert your employees, friends and family... again.
Just one example are scammers that pose as representatives from a Ukrainian charity foundation that seeks money to help those affected by the natural disasters that struck in the early hours of Monday.
There are going to be a raft of scams varying from blood drives to pleas for charitable contributions for victims and their families. Unfortunately, this type of scam is the worst kind of phishbait, and it is a very good idea to inoculate people before they get suckered into falling for a scam like this.
I suggest you send the following short alert to as many people as you can. As usual, feel free to edit:
[ALERT] "Lowlife internet scum is trying to benefit from the Turkey-Syria earthquake. The first phishing campaigns have already been sent and more will be coming that try to trick you into clicking on a variety of links about blood drives, charitable donations, or "exclusive" videos.
"Don't let them shock you into clicking on anything, or open possibly dangerous attachments you did not ask for! Anything you receive about this recent earthquake, be very suspicious. With this topic, think three times before you click. It is very possible that it is a scam, even though it might look legit or was forwarded to you by a friend -- be especially careful when it seems to come from someone you know through email, a text or social media postings because their account may be hacked.
"In case you want to donate to charity, go to your usual charity by typing their name in the address bar of your browser and do not click on a link in any email. Remember, these precautions are just as important at the house as in the office, so tell your friends and family."
It is unfortunate that we continue to have to warn against the bad actors on the internet that use these tragedies for their own benefit. For KnowBe4 customers, we have a few templates with this topic in the Current Events. It's a good idea to send one to your users this week.
Blog post with links:https://blog.knowbe4.com/scam-of-the-week-the-turkey-syria-earthquake
|
Ransomware Spam Threat Guideline | ChatGPT | ★★ |
|
2023-02-14 10:30:06 | ChatGPT, will you be my Valentine? (lien direct) | >Spoiler alert: it turned me down. But that's far from the only thing I learned while playing around with the bot that the world has fallen in love with so badly. | ChatGPT | ★★ | |
 |
2023-02-13 15:21:06 | Could ChatGPT Cause Heartbreak with Online Dating Scams? (lien direct) | >
Scammers now have new tools to lure people who are looking for love online, by reeling in potential victims with...
|
ChatGPT | ★★ | |
 |
2023-02-13 15:15:22 | CVE-2023-0405 (lien direct) | The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts. | ChatGPT | ||
 |
2023-02-13 13:39:15 | ChatGPT peut-il sécuriser Kubernetes ? (lien direct) | Plusieurs plates-formes de monitoring pour Kubernetes ont établi des passerelles avec ChatGPT. | Uber ChatGPT | ★★ | |
|
2023-02-13 09:17:08 | ChatGPT, ses semblables et leurs secrets pas si bien gardés (lien direct) | Il arrive que ChatGPT et consorts dévoilent des éléments qu'ils sont censés garder pour eux. Y compris l'essence de leur " morale ". | ChatGPT | ★★★ | |
|
2023-02-10 16:32:58 | ChatGPT : une IA pour soutenir les travailleurs ? (lien direct) | ChatGPT, l'agent conversationnel d'OpenAI, peut contribuer à la productivité de travailleurs de la connaissance. Mais à quel prix ? | ChatGPT | ★★ | |
|
2023-02-10 15:23:53 | Face au phénomène ChatGPT, IBM sort (un peu) du bois (lien direct) | Dans l'effervescence autour des IA génératives, IBM vient occuper le terrain en parlant de son supercalculateur Vela. | ChatGPT | ★★ | |
|
2023-02-10 11:19:56 | ChatGPT pourrait déjà être utilisé par les États-nation dans le cadre de cyberattaques (lien direct) | ChatGPT pourrait déjà être utilisé par les États-nation dans le cadre de cyberattaques Une récente étude BlackBerry, montre que 63 % des décideurs IT français interrogés pensent que ChatGPT sera à l'origine d'une cyberattaque réussie d'ici 1 à 2 ans. 92 % estimeraient que la réglementation des technologies avancées - comme ChatGPT, et leurs usages est du ressort des gouvernements. - Malwares | Industrial | ChatGPT | ★★★ |
|
2023-02-09 18:52:00 | Phishing Surges Ahead, as ChatGPT & AI Loom (lien direct) | AI and phishing-as-a-service (PaaS) kits are making it easier for threat actors to create malicious email campaigns, which continue to target high-volume applications using popular brand names. | Threat | ChatGPT | ★★★ |
|
2023-02-09 17:05:17 | Hackers Bypass ChatGPT Restrictions Via Telegram Bots (lien direct) | Researchers revealed on Wednesday that hackers had found a means to get beyond ChatGPT’s limitations and are using it to market services that let users produce malware and phishing emails. ChatGPT is a chatbot that imitates human output by using artificial intelligence to respond to inquiries and carry out tasks. People can use it to […] | Malware | ChatGPT | ★★ |
|
2023-02-09 15:42:00 | ChatGPT is all the rave but what about security? (lien direct) | ChatGPT has taken the internet by storm with major tech companies like Google and Bing rolling out their own AI chatbots. Despite the promise of AI chatbots to increase efficiency, one crucial piece of the puzzle seems to have been overlooked by all these tech giants... security. Whilst we can all see the potential of these AI tools, they are still very much at the infancy stage. And it is vital this is remembered before businesses blindly embrace tools that have high likelihood of bringing in some serious security threats. In light of this, we wanted to share some commentary on the topic from Daniel Spicer, Chief Security Officer for Ivanti. - Opinion | ChatGPT | ★★ | |
|
2023-02-08 22:05:00 | Jailbreak Trick Breaks ChatGPT Content Safeguards (lien direct) | Jailbreak command creates ChatGPT alter ego DAN, willing to create content outside of its own content restriction controls. | ChatGPT | ★★★ | |
 |
2023-02-08 18:54:03 | Hackers are selling a service that bypasses ChatGPT restrictions on malware (lien direct) | ChatGPT restrictions on the creation of illicit content are easy to circumvent. | Malware | ChatGPT | ★★★ |
|
2023-02-08 17:42:36 | ChatGPT : après le show Microsoft, un Google à réaction (lien direct) | Google projette d'intégrer de l'IA générative dans son moteur de recherche, à l'instar de Microsoft... mais avec un temps de retard. | ChatGPT | ★★★ | |
|
2023-02-08 15:00:00 | Why ChatGPT Isn\'t a Death Sentence for Cyber Defenders (lien direct) | Generative AI combined with user awareness training creates a security alliance that can let organizations work protected from ChatGPT. | ChatGPT | ★★ | |
|
2023-02-08 10:45:31 | Logpoint makes ChatGPT SOAR integration available (lien direct) | Logpoint makes ChatGPT SOAR integration available Logpoint's ChatGPT integration for SOAR enables Logpoint customers to explore the new technology's potential in a cybersecurity context. - Product Reviews | ChatGPT | ★★ | |
|
2023-02-08 10:42:34 | ChatGPT : comment Microsoft a joué sa carte avec Bing (lien direct) | Microsoft commence à expérimenter un " nouveau " Bing doté d'un assistant de même ascendance que ChatGPT. | ChatGPT | ★★ | |
|
2023-02-08 10:34:41 | Les cybercriminels se tournent vers les bots Telegram pour déjouer les restrictions de ChatGPT (lien direct) | Les cybercriminels se tournent vers les bots Telegram pour déjouer les restrictions de ChatGPT Check Point Research (CPR) constate que les cybercriminels se servent de bots Telegram pour contourner les restrictions de ChatGPT dans les forums illégaux. - Malwares | ChatGPT ChatGPT | ★ | |
|
2023-02-07 17:05:00 | ARMO Integrates ChatGPT to Help Users Secure Kubernetes (lien direct) | Les cybercriminels se tournent vers les bots Telegram pour déjouer les restrictions de ChatGPT Check Point Research (CPR) constate que les cybercriminels se servent de bots Telegram pour contourner les restrictions de ChatGPT dans les forums illégaux. - Malwares | Uber ChatGPT | ★★ | |
 |
2023-02-07 15:19:08 | Cybercriminals Bypass ChatGPT Restrictions to Generate Malicious Content (lien direct) | >There have been many discussions and research on how cybercriminals are leveraging the OpenAI platform, specifically ChatGPT, to generate malicious content such as phishing emails and malware. In Check Point Research's (CPR) previous blog, we described how ChatGPT successfully conducted a full infection flow, from creating a convincing spear-phishing email to running a reverse shell, which… | ChatGPT | ★★ | |
|
2023-02-07 08:09:44 | ChatGPT : la bataille de la recherche web a commencé (lien direct) | Google, Baidu et Microsoft lui-même élargissent leur communication sur leurs stratégies respectives " IA + recherche web ". | Prediction | ChatGPT | ★★★ |
|
2023-02-06 10:40:08 | Anthropic, réponse de Google à ChatGPT (lien direct) | Sur le même schéma que Microsoft avec OpenAI, Google s'associe à Anthropic. Que propose cette start-up américaine ? | ChatGPT | ★★ | |
|
2023-02-06 09:42:22 | ChatGPT pourrait déjà être utilisé dans des cyberattaques d\'États-nations : le commentaire de Tenable (lien direct) | Vendredi dernier, Blackberry a publié un rapport indiquant que ChatGPT pourrait déjà être utilisé dans des cyberattaques d'États-nations. Si jamais vous souhaitez traiter le sujet, j'ai le plaisir de vous partager un commentaire attribué à Scott Caveza, Senior Manager Research chez Tenable : - Malwares | ChatGPT | ★★ | |
|
2023-02-03 11:12:25 | ChatGPT capte 100 millions d\'utilisateurs en deux mois (lien direct) | ChatGPT, l'intelligence artificielle conversationnelle d'OpenAI, établit le record de croissance rapide du nombre d'adeptes pour une application. | ChatGPT | ★★ | |
 |
2023-02-03 09:00:00 | IT Leaders Reveal Cyber Fears Around ChatGPT (lien direct) | A BlackBerry survey reveals 51% of security leaders expect ChatGPT to be at the heart of a successful cyber-attack within a year | Guideline | ChatGPT | ★★★ |
|
2023-02-02 14:40:00 | ChatGPT May Already Be Used In Nation State Cyberattacks, Say IT Decision Makers in BlackBerry Global Research (lien direct) | A BlackBerry survey reveals 51% of security leaders expect ChatGPT to be at the heart of a successful cyber-attack within a year | ChatGPT | ★★ | |
|
2023-02-02 08:11:56 | ChatGPT : la version payante se dessine en attendant l\'API (lien direct) | OpenAI ouvre une liste d'attente pour ChatGPT Plus. Que nous promet-on avec cette offre annoncée à 20 $/mois ? | ChatGPT | ★★ | |
 |
2023-02-02 03:50:00 | Foreign states already using ChatGPT maliciously, UK IT leaders believe (lien direct) | Most UK IT leaders believe that foreign states are already using the ChatGPT chatbot for malicious purposes against other nations. That's according to a new study from BlackBerry, which surveyed 500 UK IT decision makers revealing that, while 60% of respondents see ChatGPT as generally being used for “good” purposes, 72% are concerned by its potential to be used for malicious purposes when it comes to cybersecurity. In fact, almost half (48%) predicted that a successful cyberattack will be credited to the technology within the next 12 months. The findings follow recent research which showed how attackers can use ChatGPT to significantly enhance phishing and business email compromise (BEC) scams.To read this article in full, please click here | Guideline | ChatGPT | ★★★ |
|
2023-02-01 16:41:51 | ChatGPT sème-t-il " le doute " chez AWS ? (lien direct) | Quel est l'impact de la cybercriminalité sur la croissance du cloud ? Le contenu livré par ChatGPT d'OpenAI a irrité le CTO d'Amazon, maison mère d'AWS. | ChatGPT | ★★★ | |
|
2023-02-01 14:24:06 | Artificial Intelligence, ChatGPT and Cybersecurity: A Match Made in Heaven or a Hack Waiting to Happen? (lien direct) |
|
Hack | ChatGPT | ★★ |
 |
2023-01-31 20:41:20 | Reality check: Is ChatGPT really the next big cybersecurity threat? (lien direct) | >ChatGPT isn't a malware-writing savant and much of the hype around it obscures just how much expertise is required to output quality code. | ChatGPT | ★★★ | |
|
2023-01-31 16:34:57 | ChatGPT dans l\'éducation : qui dit oui, qui dit non (lien direct) | Banni sans exception ou presque ? Source de réflexion sur les méthodes pédagogiques ? Les établissements d'enseignement accueillent diversement ChatGPT. | ChatGPT | ★ | |
|
2023-01-31 14:07:19 | OpenAI recrute (massivement) des développeurs (lien direct) | OpenAI, l'entreprise américaine de recherche en intelligence artificielle derrière ChatGPT, intensifie ses recrutements. | ChatGPT | ★★ |
To see everything:
Our RSS (filtrered)
