Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can let attackers bypass authentication and gain admin privileges. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can let attackers bypass authentication and gain admin privileges. […] Read More
BleepingComputer
ChatGPT for Vulnerability Detection – Prompts Used and their Responses
Software vulnerabilities are essentially errors in code that malicious actors can exploit. Advanced language models such as CodeBERT, GraphCodeBERT, and CodeT5 can detect these vulnerabilities, provide detailed analysis assessments, and even recommend patches to address them.
These models have proven to be highly effective in identifying and mitigating software vulnerabilities, making them an essential tool for any organization looking to enhance their security posture.
A tool named AIBugHunter in VSCode uses these models for adequate software security.
Document
FREE Webinar
API security isn’t just a priority; it’s the lifeline of businesses and organizations. Yet, this interconnectivity brings with it an array of vulnerabilities that are often concealed beneath the surface.
While ChatGPT and other large language models excel in code-related tasks, no comprehensive studies have assessed their potential for the entire vulnerability workflow, including-
Detection
Type explanation
Severity estimation
Repair suggestions
Recently, the following cybersecurity researchers from Monash University, Clayton, Australia, have explored ChatGPT’s use in software vulnerability tasks, including prediction, classification, and smart contract correction:-
Michael Fu
Chakkrit (Kla) Tantithamthavorn
Van Nguyen
Trung Le
Some previous studies examined large language models in automated program repair but not the latest ChatGPT versions.
Cybersecurity researchers analyzed the ability of ChatGPT for the following four vulnerability prediction tasks:-
Function and line-level software vulnerability prediction (SVP)
Software vulnerability classification (SVC)
Severity estimation
Automated vulnerability repair (APR)
ChatGPT’s 1.7 trillion parameters vastly exceed those of source code-oriented models like CodeBERT, making prompt-based usage essential. Fine-tuning for vulnerability tasks isn’t possible due to ChatGPT’s proprietary parameters.
Security analysts evaluate ChatGPT (get-3.5-turbo and gpt-4) against code-specific models.
They compared it with AIBugHunter, CodeBERT, GraphCodeBERT, and VulExplainer on four vulnerability tasks using Big-Vul and CVEFixes datasets, addressing four research questions.
Here, we have mentioned all four research questions below, along with their respective results:-
(RQ1) How accurate is ChatGPT for function and line-level vulnerability predictions?
Results: ChatGPT achieves F1-measure of 10% and 29% and top-10 accuracy of 25% and 65%, which are the lowest compared with other baseline methods.
(RQ2) How accurate is ChatGPT for vulnerability type classification?
Results: ChatGPT achieves the lowest multiclass accuracy of 13% and 20%, 45%-52% lower than the best baseline.
(RQ3) How accurate is ChatGPT for vulnerability severity estimation?
Results: ChatGPT gave the most inaccurate severity estimation with the highest mean squared error (MSE) of 5.4 and 5.85, while other baseline methods achieved MSE of 1.8 to 1.86.
(RQ4) How accurate is ChatGPT for automated vulnerability repair?
Results: ChatGPT failed to generate correct repair patches, while other baselines correctly repaired 7%-30% of vulnerable functions.
ChatGPT didn’t produce correct repair patches, whereas fine-tuned baselines repaired 7%-30%. BLEU and METEOR scores confirm baseline patches are closer to true ones.
This highlights the challenge of vulnerability repair, suggesting ChatGPT requires domain-specific fine-tuning.
Other ChatGPT Developments:
ChatGPT-Powered Malware Analysis
HuntGPT: AI-Based Intrusion Detection Tool
ChatGPT for Software Security: How it Assists Attackers & Security Analysts
HackerGPT: A ChatGPT Empowered Penetration Testing Tool
ChatGPT for Digital Forensic – AI-Powered Cybercrime Investigation
PentestGPT – A ChatGPT Empowered Automated Penetration Testing Tool
BurpGPT – ChatGPT Powered Automated Vulnerability Detection Tool
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.
The post ChatGPT for Vulnerability Detection – Prompts Used and their Responses appeared first on Cyber Security News.
Cyber Security News
Cyberespionage and cybersabotage in two hybrid wars. CISA advances defensive tactics. The SEC’s disclosure rules take effect.
Predatory Sparrow and Iran’s gas stations. Iran’s Seedworm and its telco targets. Kyivstar’s recovery from cyberattack. Ukrainian reprisals for Russia’s Kyivstar attack. CitrixBleed exploit at Xfinity. Remote encryption of ransomware. Web-injection malware attacks on banks. Agent Tesla is spreading through an old vulnerability. Cyberattack on Insomniac Games. AI-generated email attacks. Malware increasingly uses public infrastructure. QR code scams. Read More
The CyberWire
Malwarebytes consumer product roundup: The latest
At Malwarebytes, we’re constantly evolving to protect our customers. These days, our products don’t just protect you from malware, we protect your identity, defend you from ads, safeguard your social media, and keep your mobile safe too.
Here are the innovations we’ve made in our products recently. Are you making the most of them?
Tamper / Uninstall Protection. This allows you to password protect your software so that it can’t be removed remotely.
Trusted Advisor. This dashboard provides an easy-to-understand assessment of your computer’s security with a single comprehensive protection score, and clear, expert-driven advice.
Brute Force Protection. This blocks Remote Desktop Protocol (RDP) attacks, which are attempts by cybercriminals to access a computer remotely. We do this by blocking IP addresses that exceed a threshold of invalid login attempts.
Smart Scan. This enables you to schedule scans at a time when you’re not using your computer, which is best for productivity.
The old adage about Macs not getting viruses is simply not true. Macs need protection too and our Premium for Mac is now compatible with Sonoma macOS v. 14.
Whether you’re on iOS or Android, our Mobile Security app just got an upgrade. Our Premium Plus plan now includes a full-featured VPN to help keep your connections private, no matter where you are. Using the latest VPN technology, WireGuard® protocol, you can enjoy better online privacy at a quicker speed than traditional VPNs.
What you get with our apps:
Android: Scan for viruses and malware, and detect ransomware, android exploits, phishing scams, and even potentially unwanted apps.
iOS: Detect and stop robocalls and fake texts, phishing links, malicious sites, and annoying ad trackers (while browsing in Safari).
Available for both Windows and Mac, Malwarebytes Browser Guard is our free browser extension for Chrome, Edge, Firefox, and Safari that blocks unwanted and unsafe content, giving users a safer and faster browsing experience. It’s the world’s first browser extension to do this, while at the same time identifying and stopping tech support scams.
Browser Guard adds an extra layer to your personal security, on top of your antivirus or firewall. Because it’s a browser extension, it can offer protection in the browser that other means of protection do not have access to.
We’ve recently made enhancements to Browser Guard:
Improved protection: Stops even more threats with enhanced phishing detection.
New scanning blocks: Prevents websites from scanning for vulnerable network ports.
Facebook support: Blocks ads and sponsored content from appearing on Facebook feeds.
Monthly overview: Summary showcases what has been blocked.
On top of that, Malwarebytes Premium Security users (Windows only) can now take advantage of:
Content control: Take control of your browsing experience and define what’s appropriate for you and your family. Fully customize the content you want to block while browsing.
Import and export: Use your preferences and customized rules with all your browsers, even on other devices. This helps you to experience a consistent and clean web experience. Discover on this video how to transfer Malwarebytes Browser Guard settings to another browser.
Historical Detection Statistics: View past detections and see what we’ve protected you from.
Want to see Browser Guard in action? Read the 25 most popular websites vs Malwarebytes Browser Guard
Newly released, Malwarebytes Identity Theft Protection scours the dark web for your personal information, prevents your social media account from being hacked, and even keeps an eye on your credit (US only) — and it’s all backed by an up-to-$2 million identity theft insurance. (Insurance coverage is $1 or $2 million depending on selected package (latter only available in the US plan Ultimate))
Here’s what you get (based on your selected plan):
Ongoing monitoring: Peace of mind that we are actively working in the background to keep you safe
Real-time alerts: Immediate notifications if we identify suspicious activity
Recommendations and best practices: Advice on how to prevent identity theft, and help if it happens
Identity restoration helpline and top-notch customer support.
Malwarebytes