The golden rule — if something is popular, criminals will exploit it — strikes once again. This time, were talking about the trending ChatGPT chatbot, developed by OpenAI, which has been all over the news of late. A word about the popularity of ChatGPT When OpenAI opened access to its AI chatbot (that is, a show more ...
chatbot based on neural networks trained on a vast corpus of text), the internet changed beyond recognition practically overnight. Users all over the planet rushed to see what the chatbot is capable of — and were not disappointed (and often positively astonished). ChatGPT can maintain a dialog in a way that feels like theres a real person at the other end. And, more groundbreakingly, its great at writing short texts on a given topic in a particular style, including poetry, and can adapt to a specified format and basically create texts no worse than a rookie copywriter, since its loaded with exabytes of knowledge on every topic under the sun. You can also ask ChatGPT for advice on unfamiliar topics — and in most cases it delivers sound tips. True, ChatGPT is equally good at lying and propagating errors, but these are finer points. ChatGPT use is becoming mainstream, and not just for fun (to chat or, say, to ask for The Hobbit in the form of a Shakespearean sonnet — why not?), but also for business. With the help of chatbots, you can quickly fill websites with content, create product descriptions, generate quests for games, and do many other things to help people of various professions in their everyday work. Unsurprisingly, the ChatGPT servers were quickly overloaded, so Open AI had to increase their capacity. The company soon attracted investment from Microsoft, and now ChatGPT has been integrated into Bing, albeit with restrictions. In response, Google rushed to roll out its own neural network, Bard, which has similar capabilities but was not considered by the company to be fully ready for market launch. Weve already written about how ChatGPT will change the world of cybersecurity, but for now at least the use of chatbots in phishing attacks or malware development remains at the theoretical stage. In practice, however, ChatGPT is already being used as bait to spread malware. What attracts scammers to ChatGPT Why are scammers suddenly using ChatGPT as bait? Simply because the service is hugely popular. Although ChatGPT is technically free, its not always easy to access it. First, to register an account on the OpenAI website, you need to enter your e-mail address and phone number. But not all country codes are accepted: ChatGPT registration is currently unavailable in Russia, China, Egypt, Iran and some other countries. So not everyone can get an account easily. Second, even if you managed to create an account on the OpenAI website, its not a given that youll be able to actually use ChatGPT: the service is almost always overloaded with users wanting to try out the AI, ask it to write a marketing blurb, or give it some other tasks. The inflow of users was so great that OpenAI introduced a subscription plan with priority access and faster text generation for US$20 a month. High demand and low availability. Thats enough for scammers. The desktop client that never was Kaspersky experts have uncovered a malicious campaign exploiting the growing popularity of ChatGPT. Fraudsters create groups on social networks that convincingly mimic, if not official OpenAI accounts, then at least communities of enthusiasts. These groups publish equally persuasive posts: say, that ChatGPT hit one million users faster than any other service. At the bottom of the post is a link for supposedly downloading a ChatGPT desktop client. Impressive stats and a handy link — just how we like it Also posted in these groups are fake credentials for the precreated accounts that are said to provide access to ChatGPT. To motivate potential users even further, the attackers say that each account already has US$50 on its balance, which can be spent on using the chatbot. It all feels like a genuine opportunity to use ChatGPT without the trouble of creating an account, and even to get premium features for free: just download the desktop client and sit back for the ride. Roll up, roll up, get your desktop chatbot while you can! You can probably guess what happens next, but well tell you anyway. Clicking the link with a very plausible URL opens a well-made site inviting you to download ChatGPT for Windows. Its not the official site, of course, but very like the original. If you click on the download button, an archive with an executable file is indeed downloaded. The scam site is a carbon copy of the original, only instead of the Try ChatGPT button there is a Download for Windows button If this archive is unpacked and the executable file run, then, depending on the version of Windows, the user sees either a message saying installation failed for some reason, or no message at all — at which point the process seems to end. Shame I didnt get to use a precreated account with premium features, the user will think, and forget about the incident — probably resorting to creating a regular account on the real ChatGPT site. If you see this message (or no message at all), the Trojan installed successfully In fact, installation did not fail: a stealer Trojan is installed on the users computer, from where it pinches account credentials stored in Chrome, Edge, Firefox, Brave, CôcCôc (popular in Vietnam), and other browsers. Weve dubbed it Trojan-PSW.Win64.Fobo. The Trojans creators are interested in Facebook, TikTok, and Google cookies and accounts — in particular business accounts. The virus steals usernames and passwords, then, on finding a business account in one of these services, it tries to get additional information, such as how much money was spent on advertising from the account and what its current balance is. According to our data, the attackers target the international market — the ChatGPT desktop client has already been spotted in Asia, Africa, Europe and America. How to use ChatGPT safely For starters, note that theres no official desktop, mobile, or other client for ChatGPT — only the web version. Amusingly, the chatbot itself makes this very point when asked to write a blog post about this scam campaign. What ChatGPT itself thinks of this scam campaign Theres also no need to use precreated accounts, of course. Currently, OpenAIs only paid feature is a monthly subscription with priority access, otherwise access to ChatGPT is completely free. So you can register a real ChatGPT account for free, no strings attached. Even if your phone number is no good due to restrictions on some countries, you can ask a friend abroad to buy you a disposable SIM card or use a temporary phone number — you only need it once, to activate the account. There are plenty of services that offer temporary phone numbers for receiving verification codes by text: just google one-time phone number. The main thing is to make sure you land on the official site (https://chat.openai.com). To do that, dont follow a link, rather enter the URL in the address bar yourself. And have a good security solution installed on your computer — ChatGPT is only gaining popularity, and attackers are bound to come up with more campaigns centered on this revolutionary new chatbot. Sure, vigilance is vital, but sometimes even the most attentive and super-prepared fall for phishing or well-faked sites, so its better to play it safe. All Kaspersky security solutions detect Trojan-PSW.Win64.Fobo and keep it off your computer. As for ChatGPT desktop clients, theyre bound to appear sooner or later — if not official, then third-party ones. But always think thrice before using any kind of third-party client, and here an antivirus is a no-brainer.
Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.
Open source software dependencies are affecting the software security of different industries in different ways, with mature industries becoming more selective in their open source usage.
It's a banner year for attacks coming through traditional email as well as newer collaboration technologies, such as Slack and Microsoft Teams. What's next?
Making the option available only to paid subscribers — while also claiming SMS authentication is broken — doesn't make sense, some say. Is it a cash grab?
Organizations are urged to update to the latest versions of FortiNAC to patch a flaw that allows unauthenticated attackers to write arbitrary files on the system.
The core-stab backdoor is closely linked with a malicious webshell titled task-controller, and both of them are both closely linked to the widespread and ongoing NDSW/NDSX malware infection.
The newly added vulnerabilities in the KEV Catalog affect a code execution vulnerability in IBM Aspera Faspex, and a code execution and command injection vulnerability in Mitel MiVoice Connect.
The state-run RIA Novosti news agency said the outage was the result of a distributed denial of service (DDoS) attack. Reuters was unable to independently verify the reason for the outages.
A critical-severity advisory from VMware tracks the vulnerability as CVE-2023-20858 and warns that hackers can launch injection exploits to gain full access to the underlying server operating system.
In a new report from Cyber Security Works (CSW), Ivanti, Cyware, and Securin, researchers identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022 – marking a 19% increase year-over-year.
The FortiGuard Labs team discovered another 0-day attack in the PyPI packages (Python Package Index) by the malware authors ‘Portugal’ and ‘Brazil’ who published the packages ‘xhttpsp’ and ‘httpssp’.
By providing insiders with solutions that make security and privacy easier for them, organizations reduce the likelihood that people will find workarounds that undermine data protection objectives.
On Sunday, the cybersecurity and malware research group vx-underground published screenshots of data purportedly stolen from Activision, including the schedule of planned content to be released for the popular first-person shooter Call of Duty.
The released PoC involves writing a cron job to /etc/cron.d/ that triggers every minute to initiate a root reverse shell to the attacker, giving them remote code execution capabilities.
Speaking at the 17th India Digital Summit, organized by the IAMAI in partnership with Google and MessageBird, Dr. Pant emphasized that cybersecurity must never be compromised and that companies must invest in it to meet the challenges of the future.
Crypto exchange Coinbase has confirmed that it was briefly compromised by the same attackers that targeted Twilio, Cloudflare, DoorDash, and more than a hundred other organizations last year.
Millions of UK adults have been victimized by digital scammers in the past, yet a quarter have no security controls to protect their online activity, according to F-Secure.
The Israeli security startup has attracted $15 million in early-stage venture capital funding from Glilot Capital Partners to build technology to address entitlement sprawl in the enterprise.
During a recent customer pilot, Praetorian researchers identified an interesting method to bypass the cross-site scripting (XSS) filtering functionality within the Akamai Web Application Firewall (WAF) solution.
The London-based company said the $20 million financing was led by Evolution Equity Partners. Venture capital firms Resonance and Connect Ventures also joined as investors.
The high-severity vulnerability has a CVSS base score of 7.1 and affects Windows 7, 10, and 11 OS versions. It was patched by Microsoft in its first Patch Tuesday of 2023.
The latest annual IBM X-Force Threat Intelligence Index released today reported that deployment of backdoor malware, which allows remote access to systems, emerged as the top action by cyberattackers last year.
The exposed server was part of an internal mailbox system storing about three terabytes of internal military emails, many pertaining to U.S. Special Operations Command (USSOCOM), the military unit tasked with conducting special military operations.
During a recent incident response case, Fox-IT found evidence that the R1Soft vulnerability was exploited to gain initial access to a server. The attackers then deployed a malicious database driver that gave them backdoor access.
Ransomware extortion tactics range from publishing data bit by bit in an attempt to increase pressure on targets through more aggressive measures, making these threats all the harder for organizations and individuals alike to protect against.
ETW is a high-speed tracing facility built into the Windows operating system. It enables the logging of events and system activities by applications, drivers, and the operating system.
A stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number and didn't delete the WhatsApp account linked to it.
The skimmer uses iframes that are loaded if the current page is the checkout and if the browser's local storage does not include a font item (this is equivalent to using cookies to detect returning visitors).
Google has started working to harden the security of Android at the firmware level, a component of the software stack that interacts directly with the various processors of a system on a chip (SoC).
Trend Micro reported about a new threat actor that would drop a new backdoor dubbed WhiskerSpy. The cybercriminal group, tracked as Earth Kitsune, is a relatively new threat group that conducts watering hole attacks. The malware is delivered to users when they attempt to watch videos on attacker-compromised websites.
Internet domain registrar GoDaddy revealed that it has been the victim of a three-year-long campaign that deployed malware on internal systems and pilfered source code. Experts detected that an unauthorized third party had gained access to the company's cPanel hosting servers and installed malware. This resulted in random customer websites being intermittently redirected to malicious sites.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged show more ...
the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, show more ...
the primary of which is on port 8000 and can not be used by external hosts. A secondary Click N Load service runs on port 9666 and can be used remotely without authentication.
Ubuntu Security Notice 5739-2 - USN-5739-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. MariaDB has been updated to 10.3.38 in Ubuntu 20.04 LTS and to 10.6.12 in Ubuntu 22.04 LTS and Ubuntu 22.10.
Red Hat Security Advisory 2023-0774-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.28. Issues addressed include denial of service and out of bounds read vulnerabilities.
Ubuntu Security Notice 5881-1 - It was discovered that Chromium did not properly manage memory. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code via a crafted HTML page. It was discovered that Chromium did not properly manage memory. A remote attacker who show more ...
convinced a user to install a malicious extension could possibly use this issue to corrupt memory via a Chrome web app.
Red Hat Security Advisory 2023-0833-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing show more ...
systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.
Red Hat Security Advisory 2023-0888-01 - A security update for 2.13.2-1 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.
With the fresh capital, Scrut aims to focus on simplifying risk management and infosec compliance for cloud-native SaaS, Fintech, and Healthtech companies
A combined team of UL Solutions safety science experts will address automotive cybersecurity, functional safety, automated driving and software development processes to help customers bring safer, more secure innovations to market.
Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation. The two other vulnerabilities,
In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report. "The attackers referred to retail
If you Google "third-party data breaches" you will find many recent reports of data breaches that were either caused by an attack at a third party or sensitive information stored at a third-party location was exposed. Third-party data breaches don't discriminate by industry because almost every company is operating with some sort of vendor relationship – whether it be a business partner,
Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-land tools," Symantec, by Broadcom Software, said in a report shared with The Hacker News. There is no
An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc. "While C2 frameworks are prolific, the
At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a peak volume of 650 Gbps. Attackers exploited over 2000 servers belonging to one of the top three cloud providers worldwide and targeted a client who was using a free CDN plan. However, due to Gcore’s distribution of infrastructure and a large number of peering partners, the attacks were mitigated,
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 (CVSS score: 9.8) - IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 (CVSS score: 6.8) - Mitel MiVoice Connect Code Injection
VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product. Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. The virtualization services provider describes the issue as an injection vulnerability. Security researcher Jari
A ransomware outfit is advising its victims to secretly tell them how much insurance they have, so their extortion demands will be met. Read more in my article on the Tripwire State of Security blog.
Russian media has blamed hackers after commercial radio stations in the country broadcast bogus warnings about air raids and missile strikes, telling listeners to head to shelters.