2 min read

Articles of interest from the week of April 10, 2023

Europol Details ChatGPT’s Potential for Criminal Abuse

With the increased public interest in ChatGPT, the Europol Innovation Lab took the matter seriously and conducted a series of workshops involving subject matter experts from various departments of Europol. These workshops aimed to investigate potential ways in which large language models (LLMs) like ChatGPT can be exploited by criminals and how they can be utilized to aid investigators in their day-to-day tasks. (Help Net Security)

NSN Email Template v4_Expert-Take
 

“ChatGPT represents a new wave of powerful tools and capabilities that will just as surely be used by criminals as it will be used by those seeking to do good. It’s up to the folks providing access to these tools, as well as cybersecurity providers, to provide countermeasures and safeguards to manage the risk that these tools will be misused.

Jason Ingalls, Founder & CEO at Ingalls Information Security

 


Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs

Microsoft's Patch Tuesday security update for April 2023 contains patches for 97 CVEs, including one zero-day bug under active exploit in ransomware attacks, another that's a reissue of a fix for a flaw from 2013 that a threat actor recently exploited in a supply chain attack on 3CX, and a wormable bug rated critical in severity.

Microsoft identified a total of seven of the bugs it fixed this month as being of critical severity, which typically means organizations need to make them a top priority from a patch implementation standpoint. (Dark Reading)


Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft recently shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability.

Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. (The Hacker News)


Fake Ransomware Gang Targets U.S. Orgs With Empty Data Leak Threats

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.

Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the message. (BleepingComputer)

 

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. The domain seizures coincided with more than a hundred arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data. (Krebs on Security)

Sign Up For Network Security News
Articles of interest from the week of January 16, 2023

Articles of interest from the week of January 16, 2023

ChatGPT Showcases Promise of AI in Developing Malware Security researchers found members of the low-level hacking community Breach Forums posting...

Read More
Articles of interest from the week of February 27, 2023

Articles of interest from the week of February 27, 2023

Users Looking for ChatGPT Apps Get Malware Instead The massive popularity of OpenAI’s chatbot ChatGPT has not gone unnoticed by cybercriminals: they...

Read More

Articles of interest from the week of October 28, 2019

10 Steps for Ransomware Protection Here are things you can do right now to shore up your defenses and help your recovery when you get hit. (By Derek...

Read More