Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers.
The post Chrome 114 Released With 18 Security Fixes appeared first on SecurityWeek.
The all in one place for non-profit security aid.
Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers.
The post Chrome 114 Released With 18 Security Fixes appeared first on SecurityWeek.
ChatGPT to ThreatGPT: Generative AI Impact in Cybersecurity and Privacy
OpenAI launched ChatGPT in November 2022, and the arrival of ChatGPT caused a significant disruption in the AI/ML community.
In the last decade, the rapid evolution of AI (Artificial Intelligence) and ML (Machine Learning) has sparked a striking digital revolution.
From supervised learning to groundbreaking advancements, AI and ML have swiftly progressed with the development of the following things:-
Unsupervised learning
Semi-supervised learning
Reinforcement learning
Deep learning
Generative AI, the latest frontier of technology, employs deep neural networks to learn patterns and structures from extensive training data, which enables the creation of similar new content.
A recently published research paper explores the potential risks, limitations, challenges, and opportunities of GenAI in the field of cybersecurity and privacy.
At the moment, the tech industry currently races to create highly advanced Large Language Models (LLMs) capable of executing humanlike conversations. Here below, we have mentioned a few outcomes:-
Microsoft’s GPT model
Google’s Bard
Meta’s LLaMa
Generative models’ performance surged with deep learning’s arrival. N-gram language modeling, an early method, generates the best sequence using learned word distribution.
Image processing
Speech recognition
Text understanding
ChatGPT is mainly based on GPT-3 language model, while the latest version, which is a paid one, ChatGPT Plus, is completely based on GPT-4 language model.
The evolution of the digital landscape not only upgrades the current tech era but, also raises the cyber threat actors’ sophistication.
In the past, cyberspace dealt with high-volume but unsophisticated intrusions. AI-aided attacks are conducted by threat actors in this new era, transforming and evolving the complete cyberattack vectors.
GenAI tools’ evolution proves a double-edged sword in cybersecurity, benefiting both sided players:-
Defenders
Attackers
Leveraging ChatGPT, defenders safeguard systems against intruders, and these tools mainly rely on LLMs that are trained on vast cyber threat intelligence data, including:-
Vulnerabilities
Attack patterns
Indications of attack
However, the risk of GenAI misuse in cybersecurity cannot be underestimated. Attackers exploit the GenAI to extract information or bypass the policies of OpenAI. They harness its generative power for various attacks, such as:-
Social engineering Attack
Phishing attack
Attack payload
Malicious code snippets
OpenAI’s ethical policy prevents LLMs like ChatGPT from aiding the threat actors with malicious information. However, the threat actors can bypass these restrictions using various malicious techniques, such as:-
Jailbreaking
Reverse psychology
Prompt Injection Attacks
ChatGPT-4 Model escaping
Attackers can exploit ChatGPT’s text generation to craft attack payloads, and not only that even automating ransomware and malware development with ChatGPT accelerates the creation of diverse threats, saving time and doesn’t require significant skill.
Some viruses can crack computer CPUs, particularly by reading kernel memory. Once a virus gains access to kernel memory, it has unrestricted control over the entire system.
Polymorphic malware is a sophisticated type of malicious software that continuously modifies its code to evade antivirus detection. Exploiting ChatGPT’s generative power could enable the creation of polymorphic malware that could pose a potential abuse risk.
With advancing technology, enterprises will witness emerging cybersecurity defense use cases for ChatGPT. Incorporating diverse technical, organizational, and procedural controls ensures effective measures.
Here below we have mentioned the cybersecurity defense use cases for ChatGPT:-
Cyberdefense Automation
Cybersecurity reporting
Threat Intelligence
Secure Code Generation and Detection
Identification of Cyber Attacks
Developing Ethical Guidelines
Enhancing the Effectiveness of Cybersecurity Technologies
Incidence Response Guidance
Malware Detection
Here below we have mentioned all the implications:-
The Pervasive Role of ChatGPT
Controversy Over Data Ownership and Rights
Unauthorized Access to User Conversations and Data Breaches
Misuse by Organizations and Employees
Misuse of Personal Information
Hallucinations: A Challenge to Tackle
Cyber Offense and Malcode Generation
GenAI-powered tools like ChatGPT have greatly influenced society. Humans embrace them for several creations like:-
Spanning image creation
Text writing
Music Composition
This technology saturates various domains, including cybersecurity, and it also shapes the evolution of organizational cybersecurity, offering both power and threat.
“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.
The post ChatGPT to ThreatGPT: Generative AI Impact in Cybersecurity and Privacy appeared first on Cyber Security News.
Cyber Security News
Meta Makes End-to-End Encryption Default on Facebook Messenger
In a historic revelation, Meta has declared a paradigm shift for its Messenger platform, unveiling the implementation of default end-to-end encryption for all personal messages and calls.
This pivotal moment is destined to reshape the landscape of private communication.
Since 2016, the optional nature of end-to-end encryption on Messenger has lingered on the periphery of user choices.
Now, Meta boldly embraces progress by making it the default setting, a meticulous endeavor that required years of strategic planning and development involving a collaborative effort from engineers, cryptographers, designers, and experts in diverse fields.
The benefits bestowed upon users by end-to-end encryption are nothing short of profound.
With only the sender and recipient privy to the content of their messages and calls, a shield of confidentiality is erected, promising enhanced security.
Moreover, Meta relinquishes the ability to access user communications, assuring an unprecedented level of privacy for delicate conversations.
This transformative update extends far beyond the realms of encryption, introducing a suite of captivating features destined to elevate user experience and control.
From the ability to edit messages within a 15-minute window to enhanced control over disappearing messages, users are empowered with tools that transcend conventional messaging norms.
As Messenger prepares to embrace default end-to-end encryption, the global user base of over a billion will witness a gradual yet meticulous rollout over the coming months.
Users will be prompted to establish a recovery method, ensuring a seamless transition without the risk of losing access to their valuable messages.
This monumental update heralds a new era for Messenger, solidifying its status as a trailblazer in secure and private communication.
The post Meta Makes End-to-End Encryption Default on Facebook Messenger appeared first on Cyber Security News.
Cyber Security News
How to Apply MITRE ATT&CK to Your Organization
Discover all the ways MITRE ATT&CK can help you defend your organization. Build your security strategy and policies by making the most of this important framework.
What is the MITRE ATT&CK Framework?
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures (TTPs) Read More
The Hacker News | #1 Trusted Cybersecurity News Site