In response to the growing public attention given to ChatGPT, the Europol Innovation Lab organised a number of workshops with subject matter experts from across Europol to explore how criminals can abuse large language models (LLMs) such as ChatGPT, as well as how it may assist investigators in their daily work.
The government of France has banned TikTok – and all other recreational apps – from phones issued to its employees.
The nation's ministère de la transformation et de la fonction publiques last Friday issued a statement PDF announcing the policy, which minister of transformation and public service Stanislas Guerini justified on grounds that no recreational apps have sufficiently robust security for them to be deployed on government-owned devices.
QakBot is a banking trojan that has been evolving since its first version was discovered in 2008. According to the 2022 report published by CISA, it was one of the most active variants in 2021, and during 2022 and so far in 2023 it has remained quite active. Taking a brief look at the latests news of QakBot it has been updating its tactics constantly, for example, using a Windows zero-day to avoid displaying the MoTW or the most recent one, using OneNote files to drop QakBot.
In this case we are particularly interested in the anti-analysis techniques used by QakBot during the early stages of its execution. These techniques can make malware analysis harder if they are not known, so learning to identify and bypass them is essential to get to see the malware’s operation at its full potential. Furthermore, there are techniques that can replicate / adopt different types of malware, so knowking them opens the door to the study of different samples.
Uptycs has already identified three Windows-based malware families that use Telegram this year, including Titan Stealer, Parallax RAT, and HookSpoofer. Attackers are increasingly turning to it, particularly for stealer command and control (C2).
And now the Uptycs threat research team has discovered a macOS stealer that also controls its operations over Telegram. We’ve dubbed it MacStealer.
The National Crime Agency has today revealed that it has infiltrated the online criminal marketplace by setting up a number of sites purporting to offer DDoS-for-hire services.
Today’s announcement comes after the Agency chose to identify one of the sites currently being run by officers as part of a sustained programme of activity to disrupt and undermine DDoS as a criminal service.
As we continue to enhance the security of our cloud, we are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Once a version of Exchange Server is no longer supported, it no longer receives security updates; thus, any vulnerabilities discovered after support has ended don’t get fixed. There are similar risks associated with running software that is not patched for known vulnerabilities. Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers.
Warning on KIMSUKY Cyber Actor's Recent Cyber Campaigns against Google's Browser and App Store Services
Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives into the specifics of the ransomware used by the gang, as well as some information regarding their victim naming and shaming website, filled with non-paying victims and stolen data.
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:
C’est une faille banale qui a exposé les relevés de cartes bancaires de milliers d’entreprises suisses pendant 18 mois. Et ni l’entreprise qui émet les cartes concernées, ni les banques qui les fournissent à leurs clients ne comptent diffuser l’information.
Motif? Le problème a été réglé et les recherches n’ont pas permis d’observer un accès indu aux informations. Une stratégie de communication qui interpelle, à l’heure où la sécurité des données devient un enjeu majeur pour les entreprises.
The number of victims affected by a mass-ransomware attack, caused by a bug in a popular data transfer tool used by businesses around the world, continues to grow as another organization tells TechCrunch that it was also hacked.
The City of Toronto told TechCrunch in a revised statement on March 23: “Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third party secure file transfer system.”
Large Language Models (LLM) have made amazing progress in recent years. Most recently, they have demonstrated to answer natural language questions at a surprising performance level. In addition, by clever prompting, these models can change their behavior. In this way, these models blur the line between data and instruction. From "traditional" cybersecurity, we know that this is a problem. The importance of security boundaries between trusted and untrusted inputs for LLMs was underestimated. We show that Prompt Injection is a serious security threat that needs to be addressed as models are deployed to new use-cases and interface with more systems.
[PDF DOC] https://arxiv.org/pdf/2302.12173.pdf
Ecuador's government condemns the attack after journalists nationwide are targeted.
Recently (On March 18 2023 at 23:44), a new malspam campaign has been observed in the wild ( HERE ), which caused a significant amount of concern. This campaign is designed to distribute malicious emails, which contain a harmful payload that can infect a user’s system, steal sensitive information, or launch other types of attacks.