Tag Archive for: headaches

3 Ways Hackers Use ChatGPT to Cause Security Headaches

/in


With ChatGPT making headlines everywhere, it feels like the world has entered a Black Mirror episode. While some argue artificial intelligence will be the ultimate solution to our biggest cybersecurity issues, others say it will introduce a whole slew of new challenges.

I’m on the side of the latter. While I recognize that ChatGPT is an amazing piece of technology, it is also an enabler for hackers, commoditizing nation-state capabilities for the benefit of the “script kiddies” — aka unsophisticated hackers. In addition to writing text, the technology opens up a scary scenario where a computer can be guided to look for information within images that humans can’t immediately pick up but machines are sensitive enough to see. Examples would be reflections of passwords on glass, or people who appear in photos that would not appear in them without the help of AI.

As ChatGPT adoption grows, I believe the industry needs to proceed with caution, and here’s why. There are three types of capabilities hackers can use ChatGPT for: mass phishing, reverse engineering, and smart malware. Let’s take a look at each one of these in detail.

Mass Phishing

Because ChatGPT is so powerful, it can reduce the amount of time it takes to create handcrafted, personalized emails to a list of people from a few days to just minutes. And with just the click of a button, ChatGPT can answer very specific questions and use its knowledge to impersonate both security and non-security personnel experts. Because ChatGPT can also translate text into any style of writing or proofread at a very high level, once a list of employees and their details are attained, it’s easy to mass create emails where a hacker is pretending to be someone else to increase the chances of a successful attack.

Phishing is an essential part of hacking organizations, whether it be to gain access to the servers of an organization or to attempt to convince people to transfer money. To combat this, business leaders must educate employees on the security implications of ChatGPT and how to spot potential attacks. I think employees should be especially critical of text and never assume something is coming from an authentic source. Instead of just blindly…

Source…

Explore print server alternatives to avoid IT headaches

/in


While matters related to printing have always been a challenge for IT, the fallout from the 2021 PrintNightmare vulnerability has spurred more enterprises to find other ways to handle their print server infrastructure.

Window Server print servers are easy enough to spin up but difficult to maintain. Users can also find it mystifying to parse why a print job didn’t execute as expected, which leads to more help desk tickets and ties up valuable IT resources in a troubleshooting exercise. There are many print server alternatives on the market designed to give IT more insight into printing problems, hand users more control over their print jobs and offer enterprises the visibility into how much is spent on printing and where.

Why PrintNightmare made printing even more complicated

The PrintNightmare vulnerability (CVE-2021-34527) surfaced in July 2021 and gave attackers a way to remotely execute code on Windows desktop and server systems through a Windows print spooler bug. A threat actor who manages to exploit this vulnerability could perform privileged operations such as installing software, accessing data or creating user accounts.

Microsoft released patches to correct the vulnerability, but one major consequence is that print driver installation now requires administrator privileges. With users no longer able to install or update existing print drivers due to PrintNightmare mitigations, administrators have had to investigate different configuration options or attempt to circumvent the security measures through registry changes that are not sanctioned by Microsoft.

Where a third-party print server alternative can help

For enterprises with a mix of printers across multiple sites, the changes ushered in by the PrintNightmare patch made an already difficult management job even more troublesome. Administrators lost the flexibility to let users install print drivers unless they skirted security protocols and gave escalated privileges.

Many products offer more security options to give users more control over print jobs that are not available in Windows Server print server. For example, pull printing is a feature some vendors offer that only gives the authenticated user the ability…

Source…

Bored Ape thefts on Instagram are crypto’s latest hack headaches

/in


The breach of official crypto accounts has happened on Discord too. Prior to its official launch, NFT marketplace Fractal had its Discord channel infiltrated and used to spread a link to a fake token launch that stole about US$150,000 from users.

What to do?

Crypto scams put more pressure on social media companies to boost security measures and hash out clearer policies on how they plan to better protect users.

When asked about these issues, Twitter, Discord and Telegram told Bloomberg that they all take action to mitigate fraud on their platforms and allow users to report suspicious activity. Meta Platforms, the parent company of Facebook and Instagram, declined to comment on crypto scams on these social media networks and the recent BAYC hack.

Although cutting out scams is difficult, it is not impossible, according to Mr Curt Dukes, an executive vice-president at the non-profit Centre for Internet Security. Requiring users to employ multi-factor authentication to protect their accounts and introducing a patch management system that helps identify and fix security flaws can help decrease vulnerability.

Companies can also provide better education to both employees and users on social engineering and make greater use of tools to verify that a user is human, such as adding a “Captcha” challenge requiring users to solve a puzzle or type in hard-to-read text in order to use the platform.

Mr Musk’s plan to open-source Twitter’s algorithms “definitely gives credibility to the platform”, according to Mr Dukes. Allowing anyone to view Twitter’s code would increase the chances of a security issue being spotted, he said.

As for cleaning out bots, there are machine-learning tools available that could be a big help for social media companies, but there are trade-offs involved, said Mr Adam Meyers, senior vice-president of intelligence at the cyber-security firm Crowdstrike. Algorithms can identify posting patterns indicative of a malicious bot account, Mr Meyers said in an interview. Doing so, though, could sharply cut overall user counts, which would not be ideal for a social media platform.

“If you’re too good at stopping bots, then that’s going to drive that number down,” Mr Meyers…

Source…

Anonymity of cyber threats creates legal headaches for insurance – Federal News Network

/in

Anonymity of cyber threats creates legal headaches for insurance  Federal News Network
“cyber warfare news” – read more