БЛОГ

Archive for the ‘cybercrime/malcode’ category: Page 37

May 4, 2023

Hugging Face and ServiceNow release a free code-generating model

Posted by in categories: cybercrime/malcode, law, robotics/AI

AI startup Hugging Face and ServiceNow Research, ServiceNow’s R&D division, have released StarCoder, a free alternative to code-generating AI systems along the lines of GitHub’s Copilot.

Code-generating systems like DeepMind’s AlphaCode; Amazon’s CodeWhisperer; and OpenAI’s Codex, which powers Copilot, provide a tantalizing glimpse at what’s possible with AI within the realm of computer programming. Assuming the ethical, technical and legal issues are someday ironed out (and AI-powered coding tools don’t cause more bugs and security exploits than they solve), they could cut development costs substantially while allowing coders to focus on more creative tasks.

According to a study from the University of Cambridge, at least half of developers’ efforts are spent debugging and not actively programming, which costs the software industry an estimated $312 billion per year. But so far, only a handful of code-generating AI systems have been made freely available to the public — reflecting the commercial incentives of the organizations building them (see: Replit).

May 4, 2023

Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts

Posted by in category: cybercrime/malcode

Facebook has taken action against a malware campaign leveraging popular topics like ChatGPT, Google BERT, and TikTok marketing tools as a lure.

May 4, 2023

CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units

Posted by in category: cybercrime/malcode

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an Industrial Control Systems (ICS) advisory about a critical flaw affecting ME RTU remote terminal units.

The security vulnerability, tracked as CVE-2023–2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity.

“Successful exploitation of this vulnerability could allow remote code execution,” CISA said, describing it as a case of command injection affecting versions of INEA ME RTU firmware prior to version 3.36.

May 4, 2023

Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software

Posted by in categories: cybercrime/malcode, internet

Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers.

The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It’s currently used by several vendors like NVIDIA Cumulus, DENT, and SONiC, posing supply chain risks.

The discovery is the result of an analysis of seven different implementations of BGP carried out by Forescout Vedere Labs: FRRouting, BIRD, OpenBGPd, Mikrotik RouterOS, Juniper JunOS, Cisco IOS, and Arista EOS.

May 3, 2023

“As an AI language model”: the phrase that reveals how AI is polluting the web

Posted by in categories: cybercrime/malcode, internet, robotics/AI

A shibboleth for machine learning spam.

May 2, 2023

5G Is A Network Security Threat Wake-Up Call For Operators And Regulators

Posted by in categories: cybercrime/malcode, internet

Jan Häglund is the President and CEO of Enea, a specialist in software for telecommunications and cybersecurity.

As mobile networks are increasingly embedded in daily life, they have become a more attractive target for criminals and malicious state actors alike. A new spate of regulations globally suggests a unified response is required.

To consumers, 5G means ultra-fast connectivity and a smoother, better user experience. Few would be aware of how the interconnection and interworking between networks that enables this user experience is itself vulnerable to attack, with more devastating consequences than in the past, as we all increase our reliance on mobile communications.

May 2, 2023

Hacking with ChatGPT: Five A.I. Based Attacks for Offensive Security

Posted by in categories: cybercrime/malcode, robotics/AI

ChatGPT may represent one of the biggest disruptions in modern history with it’s powerful A.I based chatbot. But within weeks of ChatGPT’s release, security researchers discovered several cases of people using ChatGPT for everything from malware development to exploit coding. In this video, take a look at the five ways attackers are utilizing ChatGPT for wrong doing.

0:14 Intro to ChatGPT / Natural Language Processing (NLP) & GPT
1:28 Using ChatGPT for Vulnerability Discovery.
1:56 Vulnerability Prompts to Utilize.
3:10 Writing Exploits.
3:35 Exploit Prompts to Utilize.
4:33 Malware Development.
5:00 Malware Examples (Stealers, Command & Control)
5:42 Polymorphic Malware Development Using ChatGPT
6:21 A.I. Based Phishing using NLP (Natural Language Processing)
7:20 ChatGPT Advantages over Traditional Phishing Messages.
7:41 Custom Messages Using GPT-3
8:04 Using Macros and LOLBINs.
9:33 GPT-3 vs GPT-4 (Coming Soon)
9:56 Cybersecurity Considerations and Predictions.

May 1, 2023

What is the true potential impact of artificial intelligence on cybersecurity?

Posted by in categories: cybercrime/malcode, encryption, information science, robotics/AI

Greater scale and symbolic models are necessary before AI and machine learning can meet big challenges like breaking the best encryption algorithms.

Apr 30, 2023

Chinese hackers outnumber FBI cyber staff 50 to 1, bureau director says

Posted by in categories: cybercrime/malcode, government

U.S. cyber intelligence staff is vastly outnumbered by Chinese hackers, Federal Bureau of Investigation Director Christopher Wray told Congress as he pleaded for more money for the agency.

“To give you a sense of what we’re up against, if each one of the FBI’s cyber agents and intel analysts focused exclusively on the China threat, Chinese hackers would still outnumber FBI Cyber personnel by at least 50 to 1,” Wray said in prepared remarks for a budget hearing before a House Appropriations subcommittee on Thursday.

The disclosure highlights the massive scale of cyber threats the U.S. is facing, particularly from China. Wray said the country has “a bigger hacking program than every other major nation combined and have stolen more of our personal and corporate data than all other nations—big or small—combined.”

Apr 29, 2023

Augmenting and accelerating humans

Posted by in categories: cybercrime/malcode, robotics/AI

Join top executives in San Francisco on July 11–12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

~“May you live in interesting times”~

Having the blessing and the curse of working in the field of cybersecurity, I often get asked about my thoughts on how that intersects with another popular topic — artificial intelligence (AI). Given the latest headline-grabbing developments in generative AI tools, such as OpenAI’s ChatGPT, Microsoft’s Sydney, and image generation tools like Dall-E and Midjourney, it is no surprise that AI has catapulted into the public’s awareness.

Page 37 of 206First3435363738394041Last