PyRIT peut générer des milliers de messages malveillants pour tester un modèle d'IA générative, et même évaluer sa réponse.
Quelles données personnelles sont concernées ? Le 8 mars, France Travail (anciennement Pôle emploi) et Cap emploi ont informé la CNIL avoir été victime d’une intrusion dans leurs systèmes d’information. Cette attaque aurait potentiellement permis l’extraction de données de 43 millions d’usagers. Ce nombre, à confirmer, concerne les personnes actuellement inscrites sur la liste des demandeurs d'emploi ou qui l’ont été au cours des 20 dernières années, ainsi que des personnes ayant un espace candidat sur francetravail.fr.
This week, the Click Here podcast landed a rare interview with the purported leader of the LockBit ransomware group – he goes by the name LockBitSupp. He’s under pressure because last month an international police operation infiltrated the group and seized not just their platform, but their hacking tools, cryptocurrency accounts and source code ending a four year ransomware rampage.
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy.
The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.
Learn about key concepts and different crypters-related activities as well as the lucrative ecosystem of malicious groups that exploit them.
The exploitation of a high-severity Kubernetes vulnerability can lead to arbitrary code execution with System privileges on all Windows endpoints in a cluster, Akamai warns.
The issue, tracked as CVE-2023-5528 and impacting default Kubernetes installations, exists in the way the open source container orchestration system processes YAML files, which it uses for virtually every function.
In some regards, the vulnerability is like CVE-2023-3676, a lack of sanitization in the subPath parameter in YAML files leading to code injection when creating pods with volumes.
From July to September, we observed the DarkGate campaign (detected by Trend Micro as TrojanSpy.AutoIt.DARKGATE.AA) abusing instant messaging platforms to deliver a VBA loader script to victims. This script downloaded and executed a second-stage payload consisting of a AutoIT scripting containing the DarkGate malware code. It’s unclear how the originating accounts of the instant messaging applications were compromised, however is hypothesized to be either through leaked credentials available through underground forums or the previous compromise of the parent organization.
Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.
Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers.
ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience. These plugins may include new natural language processing features, search capabilities, integrations with other services or platforms, text analysis tools, and more. Essentially, plugins allow users to customize and tailor the ChatGPT experience to their specific needs.
Senator Ron Wyden has found that the DoD banned the use of such locks for U.S. government systems, but deliberately kept information about the backdoors from the public.
Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.
The European Union Parliament on Wednesday approved the world's first major set of regulatory ground rules to govern the mediatized artificial intelligence at the forefront of tech investment.
Czech software giant JetBrains harshly criticized security company Rapid7 this week following a dispute over two recently-discovered vulnerabilities.
Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from…
Si ces attaques, qui ont commencé dimanche soir, ont été d’une « intensité inédite », les services du premier ministre ont précisé lundi que leur impact avait été « réduit ». Elles ont été revendiquées par Anonymous Sudan, qui regroupe des militants prorusses.
La Commission se félicite de l'accord politique auquel le Parlement européen et le Conseil sont parvenus la nuit dernière concernant le règlement sur la cybersolidarité, proposé par la Commission en avril 2023.
Le règlement sur la cybersolidarité renforcera la solidarité au niveau de l'UE afin de mieux détecter les menaces et incidents de cybersécurité, de mieux s'y préparer et de mieux y réagir. Cet accord intervient à un moment crucial pour la cybersécurité de l'UE, étant donné que le paysage des cybermenaces dans l'UE continue d'être affecté par les événements géopolitiques.
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
Hackers breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February through vulnerabilities in Ivanti products, officials said.
