SecurityThreats

Discussion of public breaches of security

My AI Chatbot Got Hacked Now What?

by

Horizon3 has a post discussing Nextchat open source chatbot… https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/ Here is an interesting sentence: “From our research, the most widely deployed standalone Gen AI chatbot is NextChat, a.k.a ChatGPT-Next-Web. This is a GitHub project with 63K+ stars and 52K+ forks. The Shodan query  title:NextChat,”ChatGPT Next Web” pulls up 7500+ exposed instances, mostly in China … Read more

Chinese Cyberattacks: What Are They in 2024?

by

Microsoft Typhoon story: “Living off the Land” The story starts: ‘The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering’ The Chinese attacked and stole state department employee email, in this Politico story about the Chinese hack: “Among the most sensitive information stolen, … Read more

Are you Hiring? Resume Malware Trying to Get to You!

by

SCMagazine has the story “Hiring? New scam campaign means ‘resume’ downloads may contain malware” “Requiring the victim to copy and paste the malicious domain name increases the likelihood the emails will make it past secure email gateways. Plus, with unassuming domain names like “wlynch[.]com” for a candidate named William Lynch and “annetterawlings[.]com” for a candidate … Read more

How to Defend Against AI Spam Email?

by

So have you been assuming all spam to have spelling mistakes? Or just bad grammar? What if the email has impeccable grammar? How to defend against the bad guys using AI in their spam emails? NIST (National Institute of Science and Technology) has a definition of phishing:  https://csrc.nist.gov/glossary/term/phishing Phishing Definition: ”  A technique for attempting … Read more