Money Ransomware Group Enters Double-Extortion Fray
Ransomware group uses API calls to spread throughout shared network resources, researchers say.
Explore the intersection of AI and cybersecurity. Stay informed on AI-driven security trends, tools, and threats in the ever-evolving digital landscape.
Search across headline titles and summaries.
Background for this topic.
Artificial intelligence (AI) describes computer systems that perform tasks such as recognizing patterns, making predictions, understanding language, or generating content. In security reporting, the term commonly includes machine-learning models used for detection and analysis, as well as generative AI applications that produce text, code, images, or other outputs.
AI can help analyze security telemetry, prioritize vulnerabilities, and support investigations, but its outputs can be wrong or manipulated. Important attack surfaces include prompt injection that steers an application into unintended actions, sensitive data being exposed through prompts or model outputs, and excessive permissions granted to AI systems that use external tools. Models can also be degraded by poisoned training data or evaded with carefully crafted inputs. Practitioners should protect training and operational data, limit model access and tool permissions, test for adversarial behavior, and require appropriate human validation before high-impact decisions.
Ransomware group uses API calls to spread throughout shared network resources, researchers say.
Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface (API) that isn't officially documented or supported. Contrary to popular belief, it's unfortunately all too common to have APIs in production that no one on
OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "safe and secure." To that end, it has partnered with the crowdsourced security platform Bugcrowd for independent researchers to report vulnerabilities discovered in its product in exchange for rewards ranging from "$200 for low-severity findings to up to
With deps.dev API and Assured OSS, Google is addressing the common challenges software developers face in securing the software supply chain.
Microsoft has introduced a new update to Bing.com that includes a significant change in its search results — the addition of ChatGPT responses to search queries. [...]
Following criticisms around ChatGPT’ security and privacy practices, OpenAI has launched a bug bounty program to help identify vulnerabilities across its systems and services
It's not all doom and gloom because ML also amplifies defensive efforts, probably Bots like ChatGPT may not be able to pull off the next big Microsoft server worm or Colonial Pipeline ransomware super-infection but they may help criminal gangs and nation-state hackers develop some attacks against IT, according to Rob Joyce, director of the NSA's Cybersecurity Directorate.…
AI research company OpenAI announced today the launch of a new bug bounty program to allow registered security researchers to discover vulnerabilities in its product line and get paid for reporting them via the Bugcrowd crowdsourced security platform. [...]
The campaign shrouds the commodity infostealer in OpenAI files in a play that aims to take advantage of the growing public interest in AI-based chatbots.
In three separate incidents, engineers at the Korean electronics giant reportedly shared sensitive corporate data with the AI-powered chatbot.