Lifeboat Foundation

Meta on Wednesday warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malicious code on devices.

Over the course of the past month, security analysts with the social-media giant have found malicious software posing as ChatGPT or similar AI tools, chief information security officer Guy Rosen said in a briefing.

“The latest wave of malware campaigns have taken notice of generative AI technology that’s been capturing people’s imagination and everyone’s excitement,” Rosen said.

Google on Thursday announced a new cybersecurity training program. Those who sign up for the class will prepare for a cybersecurity analyst career and they will receive a professional certificate from Google when they graduate.

The new Cybersecurity Certificate is part of the company’s Grow With Google initiative. The program was built by Google experts and it’s hosted by online course provider Coursera.

Interested individuals can sign up for a 7-day free trial, after which they will have to pay $49 per month to continue learning.

Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections.

Tracked as CVE-2023–27350 (CVSS score: 9.8), the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.

While the flaw was patched by the Australian company on March 8, 2023, the first signs of active exploitation emerged on April 13, 2023.

AI startup Hugging Face and ServiceNow Research, ServiceNow’s R&D division, have released StarCoder, a free alternative to code-generating AI systems along the lines of GitHub’s Copilot.

Code-generating systems like DeepMind’s AlphaCode; Amazon’s CodeWhisperer; and OpenAI’s Codex, which powers Copilot, provide a tantalizing glimpse at what’s possible with AI within the realm of computer programming. Assuming the ethical, technical and legal issues are someday ironed out (and AI-powered coding tools don’t cause more bugs and security exploits than they solve), they could cut development costs substantially while allowing coders to focus on more creative tasks.

According to a study from the University of Cambridge, at least half of developers’ efforts are spent debugging and not actively programming, which costs the software industry an estimated $312 billion per year. But so far, only a handful of code-generating AI systems have been made freely available to the public — reflecting the commercial incentives of the organizations building them (see: Replit).

Facebook has taken action against a malware campaign leveraging popular topics like ChatGPT, Google BERT, and TikTok marketing tools as a lure.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an Industrial Control Systems (ICS) advisory about a critical flaw affecting ME RTU remote terminal units.

The security vulnerability, tracked as CVE-2023–2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity.

“Successful exploitation of this vulnerability could allow remote code execution,” CISA said, describing it as a case of command injection affecting versions of INEA ME RTU firmware prior to version 3.36.

Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers.

The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It’s currently used by several vendors like NVIDIA Cumulus, DENT, and SONiC, posing supply chain risks.

The discovery is the result of an analysis of seven different implementations of BGP carried out by Forescout Vedere Labs: FRRouting, BIRD, OpenBGPd, Mikrotik RouterOS, Juniper JunOS, Cisco IOS, and Arista EOS.

A shibboleth for machine learning spam.

Jan Häglund is the President and CEO of Enea, a specialist in software for telecommunications and cybersecurity.

As mobile networks are increasingly embedded in daily life, they have become a more attractive target for criminals and malicious state actors alike. A new spate of regulations globally suggests a unified response is required.

To consumers, 5G means ultra-fast connectivity and a smoother, better user experience. Few would be aware of how the interconnection and interworking between networks that enables this user experience is itself vulnerable to attack, with more devastating consequences than in the past, as we all increase our reliance on mobile communications.