Tag Archive for: kicks

GPT-4 kicks AI security risks into higher gear

/in


Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

As Arthur C. Clarke once put it, any sufficiently advanced technology is “indistinguishable from magic.”

Some might say this is true of ChatGPT, too — including, if you will, black magic. 

Immediately upon its launch in November, security teams, pen testers and developers began discovering exploits in the AI chatbot — and those continue to evolve with its newest iteration, GPT-4, released earlier this month. 

“GPT-4 won’t invent a new cyberthreat,” said Hector Ferran, VP of marketing at BlueWillow AI. “But just as it is being used by millions already to augment and simplify a myriad of mundane daily tasks, so too could it be used by a minority of bad actors to augment their criminal behavior.”

Event

Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

 


Register Now

Evolving technologies, threats

In January, just two months after launch, ChatGPT reached 100 million users — setting a record for the fastest user growth of an app. And as it has become a household name, it is also a shiny new tool for cybercriminals, enabling them to quickly create tools and deploy attacks. 

Most notably, the tool is being used to generate programs that can be used in malware, ransomware and phishing attacks. 

BlackFog, for instance, recently asked the tool to create a PowerShell attack in a “non-malicious” way. The script was generated quickly and was ready to use, according to researchers. 

CyberArk, meanwhile, was able to bypass filters to create polymorphic malware, which can repeatedly mutate. CyberArk also used ChatGPT to mutate code that became highly evasive and difficult to detect. 

And, Check Point Research was able to use ChatGPT to create a convincing spear-phishing attack. The company’s…

Source…

CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws

/in


Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers can cause too much damage. 

CISA says it will seek out affected systems using existing services, data sources, technologies, and authorities, including CISA’s Cyber Hygiene Vulnerability Scanning. CISA initiated the RVWP by notifying 93 organizations identified as running instances of Microsoft Exchange Service with a vulnerability called “ProxyNotShell,” widely exploited by ransomware actors. The agency said this round demonstrated “the effectiveness of this model in enabling timely risk reduction as we further scale the RVWP to additional vulnerabilities and organizations.”

Eric Goldstein, executive assistant director for cybersecurity at CISA, said, “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations. We encourage every organization to urgently mitigate vulnerabilities identified by this program and adopt strong security measures consistent with the U.S. government’s guidance on StopRansomware.gov.”

The pilot kicked off with ProxyNotShell

Beyond the official announcement, CISA offered few details about the RVWP program. One question is why CISA initiated the program with the ProxyNotShell vulnerability. ProxyNotShell is the latest in a series of flaws exploited by the Chinese state-sponsored hacker Hafnium targeting Microsoft Exchange Servers. In late September, two zero-day flaws (CVE-2022-41040, CVE-2022-41082) became known collectively as ProxyNotShell. Microsoft released patches for ProxyNotShell in November.

“I guarantee you that the most likely reason [CISA started with ProxyNotShell] is because they had some heads up or advanced notice that it was being used,” Andrew Morris, GreyNoise founder and CEO, tells…

Source…

India’s 5G auction kicks off today. These are the companies in the race

/in


The number of 5G subscribers in India is expected to grow to 500 million by 2027, according to a report. Mobile phones in the vast country have become almost indispensable even among rural Indians, with a farmer here seen taking a selfie during a protest in stock photo from 2019.

Vishal Bhatnagar | Afp | Getty Images

India’s 5G auction kicks off on Tuesday and four local companies will be in the race to bid for the country’s first 5G spectrum ahead of a planned rollout in 2023.

Bidders will include all the three major mobile operators in India: Reliance Jio, the market leader, Bharti Airtel and Vodafone Idea.

The surprise entry of Indian billionaire Gautam Adani as the fourth contender could still rock the boat.

5G refers to the fifth generation of high-speed mobile internet which promises super-fast download speeds that can support technologies like driverless cars and virtual reality.

A total of 72 gigahertz of 5G spectrum will be on the block, for which winning bids will retain the rights for 20 years.

In total, the four bidders have put up $2.7 billion (218 billion Indian rupees) in earnest money, the mandatory sum required to confirm a contract. The amount of earnest money deposited provides an indication of the amount of spectrum a company wishes to buy.

Companies bidding for India 5G spectrum

5G bidders Earnest money (in Indian rupees)
Reliance Jio 140 billion
Bharti Airtel 55 billion
Vodafone Idea 22 billion
Adani Data Networks 1 billion

The auction will see aggressive bidding by Reliance Industries’ Jio, which has deposited 140 billion rupees of earnest money with the government — the largest amount among the contenders.

Other major mobile operators include Bharti Airtel which put 55 billion rupees and Vodafone Idea which deposited 22 billion rupees of earnest money.

Adani enters the 5G race

The Adani Group conglomerate, which operates mainly in infrastructure, put in only 1 billion Indian rupees as earnest money, which entitles it to bid for only a limited amount of spectrum.

Before the fourth bidder’s identity was disclosed, there was speculation of a new competitor in the mobile network and data space, which drove up expectations of higher bidding. 

However, the company moved to…

Source…

nscs: India’s security coordinator kicks off new project to identify privacy, security issues in mobile phones, apps

/in


The government’s National Security Council Secretariat (NSCS) has kicked off a project to identify privacy and security issues in the mobile ecosystem in India and prevent cyber frauds due to application and device vulnerabilities and unsafe user habits.

Under the project, called ‘Indian Citizens Assistance for Mobile Privacy & Security (I-CAMPS)’, the NCSC will create a technology platform with a mobile application and desktop site to support Indian citizens and help them mitigate the vulnerabilities in their mobile handsets due to certain operating system versions, pre-installed apps or any other app available in app stores.

For this, the NSCS is collaborating with the ministries of information technology and communications, finance and home affairs, besides several government departments.

The Internet and Mobile Association of India (IAMAI) has been tasked with execution of the project by closely working with these departments along with the Indian internet industry and the security community.

India’s National Cyber Security coordinator Lt General (retd) Rajesh Pant told ET that the project has “just started and will take some time”.

The NCSC has sent letters to some ministries and is planning to reach out to some more shortly.

The project’s aim is to build an integrated system which can collate all mobile security related information and provide customised and actionable knowledge to citizens to secure their mobile devices.

The mobile ecosystem is vast and includes devices, manufacturers, mobile phone operators, OS companies, app providers as well as government departments dealing with mobile management, security and governance. While each plays an important role, they are disconnected with each other due to the nature of their objectives. Hence, I-CAMPS was conceptualised to form a single organisation allowing all stakeholders’ involvement.

“Work has started on multiple levels. The base framework is being developed for now. There will be a central database in the middle and the information will be available as an API,” Satyendra Verma, head of I-CAMPs and advisor — Cybersecurity & Mobile security at IAMAI, told ET. “In case users want specific…

Source…