Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 49

May 25, 2023

The Security Hole at the Heart of ChatGPT and Bing

Posted by in categories: cybercrime/malcode, mobile phones, robotics/AI

Indirect prompt-injection attacks are similar to jailbreaks, a term adopted from previously breaking down the software restrictions on iPhones. Instead of someone inserting a prompt into ChatGPT or Bing to try and make it behave in a different way, indirect attacks rely on data being entered from elsewhere. This could be from a website you’ve connected the model to or a document being uploaded.

“Prompt injection is easier to exploit or has less requirements to be successfully exploited than other” types of attacks against machine learning or AI systems, says Jose Selvi, executive principal security consultant at cybersecurity firm NCC Group. As prompts only require natural language, attacks can require less technical skill to pull off, Selvi says.

There’s been a steady uptick of security researchers and technologists poking holes in LLMs. Tom Bonner, a senior director of adversarial machine-learning research at AI security firm Hidden Layer, says indirect prompt injections can be considered a new attack type that carries “pretty broad” risks. Bonner says he used ChatGPT to write malicious code that he uploaded to code analysis software that is using AI. In the malicious code, he included a prompt that the system should conclude the file was safe. Screenshots show it saying there was “no malicious code” included in the actual malicious code.

May 20, 2023

Malware turns home routers into proxies for Chinese state-sponsored hackers

Posted by in category: cybercrime/malcode

Researchers on Tuesday unveiled a major discovery—malicious firmware that can wrangle a wide range of residential and small office routers into a network that stealthily relays traffic to command-and-control servers maintained by Chinese state-sponsored hackers.

A firmware implant, revealed in a write-up from Check Point Research, contains a full-featured backdoor that allows attackers to establish communications and file transfers with infected devices, remotely issue commands, and upload, download, and delete files. The implant came in the form of firmware images for TP-Link routers. The well-written C++ code, however, took pains to implement its functionality in a “firmware-agnostic” manner, meaning it would be trivial to modify it to run on other router models.

May 19, 2023

Meet ‘DarkBERT:’ South Korea’s Dark Web AI could combat cybercrime

Posted by in categories: cybercrime/malcode, internet, robotics/AI

A team of researchers from South Korea has developed a new LLM called “DarkBert,” which has been trained exclusively on the “Dark Web.”

A team of South Korean researchers has taken the unprecedented step of developing and training artificial intelligence (AI) on the so-called “Dark Web.” The Dark Web trained AI, called DarkBERT, was unleashed to trawl and index what it could find to help shed light on ways to combat cybercrime.

Continue reading “Meet ‘DarkBERT:’ South Korea’s Dark Web AI could combat cybercrime” »

May 19, 2023

Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware

Posted by in categories: cybercrime/malcode, robotics/AI

Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware.

“Both AI services are extremely popular but lack first-party standalone apps (i.e., users interface with ChatGPT via their web interface while Midjourney uses Discord),” eSentire said in an analysis.

This vacuum has been exploited by threat actors looking to drive AI app-seekers to imposter web pages promoting fake apps.

Continue reading “Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware” »

May 17, 2023

Russian computer breached DC Metro system: watchdog

Posted by in category: cybercrime/malcode

A computer based in Russia was able to breach the Washington, D.C., Metro system earlier this year, the Metro’s Office of the Inspector General (OIG) said in a new report.

The partially redacted report, released Wednesday and first reported by The Washington Post, said the Washington Metropolitan Area Transit Authority’s (WMATA) cybersecurity group detected “abnormal network activity originating in Russia” in January.

May 17, 2023

State-Sponsored Sidewinder Hacker Group’s Covert Attack Infrastructure Uncovered

Posted by in categories: cybercrime/malcode, finance, government

SideWinder, a state-sponsored group, uses a network of phishing domains to target government and financial sectors in Pakistan and China.

May 16, 2023

CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules

Posted by in category: cybercrime/malcode

Water Orthrus group returns, leveraging pay-per-install networks to deploy the new CopperStealth & CopperPhish malware.

May 16, 2023

5 ways AI-driven patch management is driving the future of cybersecurity

Posted by in categories: cybercrime/malcode, robotics/AI

Join top executives in San Francisco on July 11–12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

Patch management approaches that aren’t data-driven are breaches waiting to happen. Attackers are weaponizing years-old CVEs because security teams are waiting until a breach happens before they prioritize patch management.

Cyberattackers’ growing tradecraft now includes greater contextual intelligence about which CVEs are most vulnerable. The result: Manual approaches to patch management — or overloading endpoints with too many agents — leaves attack surfaces unprotected, with exploitable memory conflicts.

May 15, 2023

Break the DDoS Attack Loop With Rate Limiting

Posted by in categories: cybercrime/malcode, engineering

Distributed denial-of-service (DDoS) attacks are growing in frequency and sophistication, thanks to the number of attack tools available for a couple of dollars on the Dark Web and criminal marketplaces. Numerous organizations became victims in 2022, from the Port of London Authority to Ukraine’s national postal service.

Security leaders are already combating DDoS attacks by monitoring network traffic patterns, implementing firewalls, and using content delivery networks (CDNs) to distribute traffic across multiple servers. But putting more security controls in place can also result in more DDoS false positives — legitimate traffic that’s not part of an attack but still requires analysts to take steps to mitigate before it causes service disruptions and brand damage.

Rate limiting is often considered the best method for efficient DDoS mitigation: URL-specific rate limiting prevents 47% of DDoS attacks, according to Indusface’s “State of Application Security Q4 2022” report. However, the reality is that few engineering leaders know how to use it effectively. Here’s how to employ rate limiting effectively while avoiding false positives.

May 15, 2023

CISA warns of critical Ruckus bug used to infect Wi-Fi access points

Posted by in categories: cybercrime/malcode, internet

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a critical remote code execution (RCE) flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet.

While this security bug (CVE-2023–25717) was addressed in early February, many owners are likely yet to patch their Wi-Fi access points. Furthermore, no patch is available for those who own end-of-life models affected by this issue.

Attackers are abusing the bug to infect vulnerable Wi-Fi APs with AndoryuBot malware (first spotted in February 2023) via unauthenticated HTTP GET requests.

Page 49 of 220First4647484950515253Last