Tag Archive for: vulnerabilities

GPT-4 can exploit zero-day security vulnerabilities all by itself, a new study finds

/in


A hot potato: GPT-4 stands as the newest multimodal large language model (LLM) crafted by OpenAI. This foundational model, currently accessible to customers as part of the paid ChatGPT Plus line, exhibits notable prowess in identifying security vulnerabilities without requiring external human assistance.

Researchers recently demonstrated the ability to manipulate (LLMs) and chatbot technology for highly malicious purposes, such as propagating a self-replicating computer worm. A new study now sheds light on how GPT-4, the most advanced chatbot currently available on the market, can exploit extremely dangerous security vulnerabilities simply by examining the details of a flaw.

According to the study, LLMs have become increasingly powerful, yet they lack ethical principles to guide their actions. The researchers tested various models, including OpenAI’s commercial offerings, open-source LLMs, and vulnerability scanners like ZAP and Metasploit. They found that advanced AI agents can “autonomously exploit” zero-day vulnerabilities in real-world systems, provided they have access to detailed descriptions of such flaws.

In the study, LLMs were pitted against a database of 15 zero-day vulnerabilities related to website bugs, container flaws, and vulnerable Python packages. The researchers noted that more than half of these vulnerabilities were classified as “high” or “critical” severity in their respective CVE descriptions. Moreover, there were no available bug fixes or patches at the time of testing.

The study, authored by four computer scientists from the University of Illinois Urbana-Champaign (UIUC), aimed to build on previous research into chatbots’ potential to automate computer attacks. Their findings revealed that GPT-4 was able to exploit 87 percent of the tested vulnerabilities, whereas other models, including GPT-3.5, had a success rate of zero percent.

UIUC assistant professor Daniel Kang highlighted GPT-4’s capability to autonomously exploit 0-day flaws, even when open-source scanners fail to detect them. With OpenAI already working on GPT-5, Kang foresees “LLM agents” becoming potent tools for democratizing vulnerability exploitation and cybercrime among script-kiddies…

Source…

Cyber Security News Weekly Round-Up (Vulnerabilities, Threats & New Stories)

/in


The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.

A well-developed knowledge base is necessary for securing networks from the newest targets and vulnerabilities in the face of the changing risk landscape.

Staying updated with the latest trends, reports, and news is completely necessary nowadays.

Cyber Attacks

CoralRaider Hackers Steal Data

XClient stealer and RotBot are two attack tools that Vietnamese threat actor CoralRaider uses to steal financial data, login credentials, and social media information from victims in Asian and Southeast Asian countries.

Since 2023, the group has been operational with complex approaches where they would integrate Vietnamese vocabularies into their payloads as a sort of hard coding.

The most recent campaign by this threat group involves using Windows shortcut files to distribute malware targeting South Korean, Bangladeshi, and Chinese nationals. This is a significant threat to individuals and businesses in the region.

Chinese Hackers Using AI Tools To Influence Upcoming Elections

The report concerns how Chinese hackers could use AI to influence the elections. While no instances are specifically mentioned in the report, it cautions against this cyber risk. 

Not only that even AI can be used to generate deepfake videos, control social media sites and undertake highly developed cyber offences which makes it a very powerful tool to influence the elections. 

Moreover, the report stresses on increasing cybersecurity defenses against such threats including improvements in detection and response capabilities. 

While it highlights the need of remaining alert and proactive towards changing cyber risks especially in line with elections and politics at large.

Threat Actors Deliver Malware Via YouTube Video

The report highlights a recent malware campaign in which Vidar, StealC, and Lumma Stealer information-stealing malware are disseminated via YouTube videos by hackers. 

These videos that pretend to be guides for getting free software or game upgrades have links to cracked video games and pirated…

Source…

Rise of Zero-Day Vulnerabilities: Enterprise Software Now a Prime Target for Hackers With 64% YoY Surge

/in


In the fast-paced world of cybersecurity, “zero-day” vulnerabilities loom as a formidable challenge for tech giants investing billions in enhancing user experiences. These vulnerabilities are mostly software flaws that developers fail to detect, leaving no immediate patches or fixes available to protect against potential exploitation. According to a recent report, “Google’s Threat Analysis Group,” the year 2023 witnessed a significant rise in the exploitation of zero-day vulnerabilities.

To be precise, the exploitation of zero-day vulnerabilities increased a notable 56.5% YoY, from 62 in 2022 to 97 in 2023. However, this number fell short of the record set in 2021, when 106 zero-day vulnerabilities were observed being exploited.

The surge in vulnerability exploitation suggests that hackers are becoming more aggressive and adept at discovering and using vulnerabilities to launch cyberattacks.

As these vulnerabilities are exploited, Commercial Surveillance Vendors (CSVs) emerge as key players in the cyber threat ecosystem. In 2023, CSVs were responsible for 75% of known zero-day exploits targeting Google products and Android ecosystem devices, comprising 13 out of 17 vulnerabilities. These CSVs specialize in selling spyware capabilities to government clients for surveillance activities.

Out of the 37 zero-day vulnerabilities exploited in browsers and mobile devices in 2023, more than 60% were attributed to Commercial Surveillance Vendors (CSVs).

Attackers have also increased their efforts to exploit vulnerabilities within third-party components and libraries. This strategy was chosen because exploiting these vulnerabilities could potentially impact multiple products simultaneously.

Threat actors across various motivations actively sought out vulnerabilities in products or components that offered broad access to multiple targets, reflecting a scalable and effective approach to launching attacks.

It is important to note that there was a whopping 64% YoY increase in the number of vulnerabilities targeted by hackers in enterprise-specific technologies during 2023. This trend was further evidenced by the widening range of enterprise vendors targeted since at least 2019,…

Source…

Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)

/in


Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.

From sophisticated malware attacks to innovative phishing schemes, we cover the crucial updates you need to stay informed and protected.

Threats

Notepad++ Plugin Compromised by Hackers

Hackers have targeted a widely used Notepad++ plugin, “mimeTools.dll,” injecting malicious code that compromises users’ systems upon execution. The attack, discovered by the AhnLab Security Intelligence Center, leverages DLL Hijacking to execute encrypted malicious Shell Code, posing a significant threat to programmers and writers who rely on Notepad++ for its versatility and plugin support; read more.

Weaponized PDF Files Deliver Byakugan Malware

Cybersecurity researchers at Fortinet have uncovered a new attack vector involving weaponized PDF files used to deliver the multi-functional Byakugan malware. By exploiting the trust and popularity of PDFs, hackers have been able to infiltrate systems through malicious codes embedded in seemingly innocuous documents, highlighting the need for heightened awareness and protection against such files.

Fake E-Shopping Attack Targets Banking Credentials

A sophisticated fake e-shop scam campaign has been targeting users in Southeast Asia, hijacking banking credentials through phishing emails and malicious APKs. The attackers have expanded their operations, utilizing screen-sharing and exploiting accessibility services to gain more control over victims’ devices. This campaign underscores the evolving tactics of cybercriminals in their efforts to steal sensitive information.

Rhadamanthys Stealer Targets Oil and Gas Sector

The oil and gas sector has become the latest target of the Rhadamanthys Stealer malware, delivered through weaponized PDF files. This attack emphasizes the ongoing threat to critical infrastructure sectors and the importance of robust cybersecurity measures to protect against such sophisticated threats.

Ransomware Exploits Unpatched Vulnerabilities

A recent report highlights the increasing trend of ransomware attacks exploiting unpatched…

Source…