ChatGPT Cybersecurity Grant Program – $1M

andreasc
-
0
ChatGPT Cybersecurity Grant Program – $1M
[ad_1]

OpenAI, supported by Microsoft, recently unveiled an innovative cybersecurity grant initiative to enhance AI-driven cybersecurity measures.

The creators of ChatGPT are actively engaged in enhancing cybersecurity evaluations for AI models, aiming to measure and enhance their efficacy. 

CSN

They are dedicated to developing innovative techniques to assess and optimize the cybersecurity capabilities of AI models, promoting a deeper understanding of their significance.

OpenAI actively encourages submissions for its funding program and employs a continuous assessment system.

The $1 million grant will be distributed in various formats, including API credits and direct funds, with each increment amounting to $10,000.

Cybersecurity Grant Program Program Features

Here below, we have mentioned the key features of the program or initiative:-

  • Empower defenders
  • Measure capabilities
  • Elevate discourse

In cybersecurity, a conventional perspective suggests that attackers hold a natural advantage over defenders within the landscape. 

This viewpoint acknowledges the inherent challenges defenders face in safeguarding against cyber threats.

Defenders must be consistently accurate 100% of the time, while attackers need only succeed once.

While attackers may have some advantages, defenders understand the significance of working together towards a common goal, ultimately prioritizing individuals’ protection.

General Project Ideas

Here below, we have mentioned all the general project ideas:-

  • Collect and label data from cyber defenders to train defensive cybersecurity agents
  • Detect and mitigate social engineering tactics
  • Automate incident triage 
  • Identify security issues in source code
  • Assist network or device forensics
  • Automatically patch vulnerabilities
  • Optimize patch management processes to improve prioritization, scheduling, and deployment of security updates
  • Develop or improve confidential compute on GPUs
  • Create honeypots and deception technology to misdirect or trap attackers
  • Assist reverse engineers in creating signatures and behavior based detections of malware
  • Analyze an organization’s security controls and compare to compliance regimes
  • Assist developers to create secure by design and secure by default software
  • Assist end users to adopt security best practices
  • Aid security engineers and developers to create robust threat models
  • Produce threat intelligence with salient and relevant information for defenders tailored to their organization
  • Help developers port code to memory safe languages

Shortly after unveiling its ten $100,000 grants to explore democratic decision-making processes for AI system regulations within legal boundaries, OpenAI has now introduced a cybersecurity grant.

This grant demonstrates OpenAI’s commitment to enhancing security measures in AI, highlighting its dedication to safeguarding technological advancements while ensuring compliance with established laws.

This bold step presents a significant departure from conventional perspectives in the realm of cybersecurity. 

Challenging traditional concepts introduces a fresh and innovative approach to addressing security concerns.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus


[ad_2]
Source link

Trusting AI not to lie Lock and Code S04E12

andreasc
-
0
Trusting AI not to lie Lock and Code S04E12
[ad_1]

This week on Lock and Code, we ask whether AI can “lie” and whether companies and individuals are placing too much trust into tools like ChatGPT.

In May, a lawyer who was defending their client in a lawsuit against Columbia’s biggest airline, Avianca, submitted a legal filing before a court in Manhattan, New York, that listed several previous cases as support for their main argument to continue the lawsuit.

But when the court reviewed the lawyer’s citations, it found something curious: Several were entirely fabricated

The lawyer in question had gotten the help of another attorney who, in scrounging around for legal precedent to cite, utilized the “services” of ChatGPT. 

ChatGPT was wrong. So why do so many people believe it’s always right? 

Today, on the Lock and Code podcast with host David Ruiz, we speak with Malwarebytes security evangelist Mark Stockley and Malwarebytes Labs editor-in-chief Anna Brading to discuss the potential consequences of companies and individuals embracing natural language processing tools—like ChatGPT and Google’s Bard—as arbiters of truth. Far from being understood simply as chatbots that can produce remarkable mimicries of human speech and dialogue, these tools are becoming sources of truth for countless individuals, while also gaining attraction amongst companies that see artificial intelligence (AI) and large language models (LLM) as the future, no matter what industry they operate in. 

The future could look eerily similar to an earlier change in translation services, said Stockley, who witnessed the rapid displacement of human workers in favor of basic AI tools. The tools were far, far cheaper, but the quality of the translations—of the truth, Stockley said—was worse. 

“That is an example of exactly this technology coming in and being treated as the arbiter of truth in the sense that there is a cost to how much truth we want.”

Tune in today. 

You can also find us on Apple PodcastsSpotify, and Google Podcasts, plus whatever preferred podcast platform you use. 

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)


[ad_2]
Source link

Here’s a first look at the Nothing Phone (2)

andreasc
-
0
Here’s a first look at the Nothing Phone (2)
[ad_1]

The Nothing Phone (1) was pretty popular amongst tech fans, and the next generation is going to be one of the most anticipated devices of the Year. While we’re still wondering how this phone is going to look, we might have a quick sneak peek. Thanks to SmartPix, we have a first look at the Nothing Phone (2).

While the Nothing Phone (1) wasn’t spectacular in terms of its specs and software, it still managed to stand out amongst the sea of phones with its unique design and overall fresh mentality. OnePlus co-founder Carl Pei is the owner of the company Nothing, and he’s been doing a lot to bring publicity to this device.

Here’s a first look at the Nothing Phone (2)

Now, it seems that early summer is the expected window for Nothing’s phones to launch. The company launched the Nothing Phone (1) on July 12th 20th 22, and we’re also expecting a July release this year. At this point, we don’t know the exact date. Also, we haven’t gotten any official renders from the company, so you’ll want to take this first look with a grain of salt.

Unfortunately, people expecting a major design overhaul will be disappointed. The differences in design aren’t quite notable. According to the leak, it appears that the Nothing Phone (2) will also sport the transparent backing with many of its components in the same spot as last year.

As for differences, there are some slight differences and how the components are arranged under the back glass. Some of them are shaped slightly differently.

Some of the more noticeable differences are the LED flash in the recording LED. The LED flash is now a bit bigger, and it’s an oval. The recording LED is no longer a small dot, it’s a line

The most notable difference has to do with the glyph interface. The overall shape hasn’t changed all that much, but we see that it’s sectioned off. The section around the camera package is split into two parts, and the large section around the wireless charging coil is split into five sections.

Overall, based on this first look, the Nothing Phone (2) retains the overall design aesthetic of the Nothing Phone (1). It might follow the aesthetic a bit too closely for some people’s taste.

Nothing phone (2) comparision


[ad_2]
Source link

The Huawei ban will reportedly cost the US $100 billion

andreasc
-
0
The Huawei ban will reportedly cost the US $100 billion
[ad_1]

Although many people in the Western world remember Huawei as a pioneering smartphone brand, the main business of the company was selling 5G telecommunications equipment before the US government blacklisted Huawei due to national security fears. However, according to a new report from the Asia Times, this decision to ban Huawei from participating in the development of 5G networks could have economic repercussions of over $100 billion to the US and its allies.

Concerns about Huawei first arose in 2019 when the Trump administration banned the company from doing business, citing that Huawei was covertly accessing sensitive information and sending it back to China. While no concrete evidence of espionage activities was shared with the public, the subsequent Biden administration strengthened these sanctions to impede China’s access to advanced technologies, including high-end semiconductors.

However, this ongoing tech war between the two economies is impacting various stakeholders, including network operators, consultants, economists, and governments worldwide. According to a study by the Oxford Institute of Economics, opting for alternatives to Huawei will increase the overall cost of implementing 5G by over 19%. Furthermore, in a median cost scenario, this ban could lead to a $105.5 billion reduction in the GDP of countries like Australia, Canada, France, Germany, Japan, India, the United Kingdom, and the United States by 2035.

Repercussions of the Ban on Sales to Huawei

The recent ban on sales to Huawei will not only constrain the company’s ability to conduct business but also have a ripple effect on the entire supply chain, as companies like Qualcomm would lose one of their biggest customers. Therefore, policymakers will need to balance the economic benefits of utilizing Huawei’s equipment with national security risks, as telecommunication networks are vital for a nation’s development and form the backbone of advanced economies.

Alternatively, the US and its allies can develop their telecom technology, like South Korea and Japan, to reduce reliance on foreign suppliers and establish domestic intellectual property and supply chains.


[ad_2]
Source link

84% increase in attacks over 6-month period

andreasc
-
0
84% increase in attacks over 6-month period
[ad_1]

In total, 26 separate ransomware-as-a-service gangs contributed to the onslaught on education.

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim didn’t pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. For regular ransomware gang updates, check out our monthly ransomware reviews.

Ransomware gangs have made the past year a hard one for the education sector.

Between June 2022 and May 2023, there were 190 known ransomware attacks against educational institutions, and many more that went unreported and unrecorded. Between the first and second six months of that period, education experienced an 84% increase in attacks.

Known ransomware attacks against education, June 2022-May 2023

Although the attacks were carried out by a large number of different ransomware gangs, one in particular was responsible for the lion’s share (23%). Vice Society is a gang that specializes in attacking education, and almost half of its activity (43%) is directed against the sector.

Distribution of Vice Society attacks vs other ransomware gangs, June 2022-May 2023

Further findings from the data show that, while ransomware attacks against education are a global phenomenon, the USA (with 56% of known attacks) and the UK (with 15%) were hit the most frequently attacked countries between June 2022 and May 2023.

We’ll spend the rest of this blog breaking down attacks on education by gangs, countries, and which gangs attack which countries the most.

The Threat Landscape

The leading gangs that targeted the education sector between June 2022 and May 2023 include Vice Society with 43 attacks, LockBit with 33, BianLian (18), Royal (16), and AvosLocker (15).

A few of the educational institutions attacked in the last year include De Montfort School, Cincinnati State, and one that made national headlines in September: Los Angeles Unified, the second largest school district in the US. The stakes are no joke: schools and colleges have suffered an estimated 1,600 days of downtime due to ransomware attacks, and the average cost of a ransomware breach was $4.54 million in 2022.

Top ten ransomware used in attacks against education, June 2022-May 2023

In total, 26 separate ransomware-as-a-service gangs contributed to the onslaught on education.

Geographic Distribution

When we break down education sector attacks by country, it becomes clear that no region is safe from ransomware. The USA bore the brunt, with 107 reported attacks.

Known attacks on education by country, June 2022-May 2023

The United Kingdom followed distantly with 28 known attacks, while other countries like Canada, Germany, Brazil, and others also fell prey to these cybercriminals.

Comparatively speaking, however, the education sector in the UK suffered far more than in other countries. Education was the target in 15% of known attacks in the UK from June 2022 to May 2023, compared to only 3% in France, 4% in Germany, and 8% in the USA.

The Gang-Country Dynamics

In general, the ransomware activity of the top gangs seems to adhere to a common trend: Most of them spread their attacks across multiple countries, displaying a diverse geographical targeting.

However, we do find an intriguing outlier that challenges the established patterns: Vice Society’s strong focus on the United Kingdom. Vice Society was responsible for 66% of known attacks on UK education institutions May 2022 to April 2023.

UK education ransomware attacks by gang, June 2022-May 2023

It is worth remembering that our numbers only reflect attacks where a ransom wasn’t paid, and the true number of attacks is far larger.

This activity is distinct from the typical spread of ransomware attacks seen among other top gangs, which generally have a more balanced distribution across several countries, including the United States, Canada, and various European countries, charted below.

USA education ransomware attacks by gang, June 2022-May 2023

Global education ransomware attacks by gang, June 2022-May 2023

Looking Ahead

To recap, our key findings include:

  • A significant increase in attacks: The education sector experienced a steep rise in ransomware attacks, with a 84% increase observed over a 6-month period. This was the third highest increase among all monitored sectors.
  • Leading ransomware gangs: Vice Society was the most active ransomware gang in the education sector, responsible for 23% of all attacks. LockBit and BianLian also targeted the sector heavily, alongside a host of other groups.
  • Geographic distribution: The USA bore the brunt of the attacks, accounting for more than 50% of the total, while the UK accounted for 15%. However, relative to the total number of attacks in each country, the education sector in the UK was targeted more frequently.
  • Vice Society’s unusual UK focus: Vice Society focused heavily on the UK education sector, responsible for 64% of all known ransomware attacks on this sector. This contrasts with the typical distribution of ransomware gangs in a given country, which is usually spread more or less proportionally.

Looking ahead, it is anticipated the trend of ransomware gangs targeting the education sector will persist or even intensify. The reality is that tight budgets of many educational institutions force them to struggle with outdated equipment and limited staff, making them an easy target for ransomware gangs. 

But with knowledge comes power. The more the education sector knows about ransomware threats like Vice Society, the better prepared they are to defend against them.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

[ad_2]
Source link

Google’s Pixel Buds Pro are back on Sale for $159

andreasc
-
0
Google’s Pixel Buds Pro are back on Sale for $159
[ad_1]

Amazon has just marked down the Google Pixel Buds Pro, making them very affordable once again. They are now just $159.99. This is not quite an all-time low for the Pixel Buds Pro, but it is the lowest we’ve seen since Black Friday last November.

Google Pixel Buds Pro – Amazon

Why you should buy the Google Pixel Buds Pro

Pixel Buds Pro are the first “pro” pair of earbuds from Google, giving you better battery life, but more importantly ANC. So with this pair of earbuds, you can get up to 11 hours of continuous playback, and up to 31 hours with the included carrying case. That carrying case isn’t super bulky either. It’s about the same size as the older Pixel Buds, which is really more of an egg size.

Google made the Pixel Buds Pro to fit comfortably in your ears. They were designed for a comfortable, secure fit with sensors that help to reduce the plugged-ear feeling.

You can make and take calls on the Pixel Buds Pro. Thanks to the beamforming mics, you’re going to get crystal clear calls, even in noisy settings. As they are able to block out the background noise. Like with Airpods, the Pixel Buds Pro can easily switch between your devices. So you can go from using them with your phone, to your tablet, or your laptop. That’s thanks to Google’s Fast Pair feature.

Finally, the Pixel Buds Prom are also water resistant. So you can wear them in the rain, or to the gym, and not worry about them getting damaged at all. That’s a big deal if you’re looking for a pair of earbuds to wear at the gym to workout with. Not to mention they sound incredible when using them at the gym, or really anywhere else.

You can pick up the Google Pixel Buds Pro from Amazon today by clicking here. This sale won’t last long though.

Google Pixel Buds Pro – Amazon


[ad_2]
Source link

Google Bard could soon gain chat history, text-to-speech & more

andreasc
-
0
Google Bard could soon gain chat history, text-to-speech & more
[ad_1]

As ChatGPT goes on a record-breaking run, Google Bard is slowly catching up to it. After a host of updates in May, Google began June by giving its generative AI tool access to your precise location (with your permission) so it could provide more accurate local results. Now, the company is readying several new features for the tool.

Google Bard will save your chat history and let you upload files

According to reputed app researcher Jane Manchun Wong, who has an excellent track record of finding unreleased or in-development features, Google Bard will soon gain support for chat history. The service currently doesn’t retain your previous queries on the website itself. You can only check your Bard activity through your Google account. Even then, you can only see your queries but not Bard’s responses. ChatGPT, on the other hand, keeps your chat history readily accessible on the website and lets you jump to it with a single click.

Additionally, Google will let you rephrase Bard’s responses according to specific tones. Wong says you’ll be able to make the responses more formal, more casual, funnier, shorter, or longer. It appears these options will reside within a new button in the bottom toolbar where you currently find buttons to like/dislike a response or Google your query for more results. Microsoft has added a similar function to its ChatGPT-powered Bing AI chatbot on its SwiftKey keyboard app. It lets you refine any text in Professional, Social Post, Casual, and Polite tones.

The same toolbar will seemingly contain a button to share a file with Bard. You can upload a file directly from your computer or pull one up from Google Drive. Last but not least, Google is readying text-to-speech support for Bard. Once available, you will be able to convert Bard’s text responses to audio. ChatGPT doesn’t have these abilities, though OpenAI could be working on new updates for the tool. These new Bard features are still in development too. It’s unclear when Google plans to roll them out. We will let you know when we have more information.

The most recent update for Bard allows it to request access to your precise location. Google says this will enable the service to give your more accurate results when searching for restaurants or other points of interest nearby. Currently, Bard uses the location details from your places (home or work addresses) or IP addresses. Google’s AI tool is available in English, Japanese, and Korean languages in more than 180 countries and territories.

Google Bard new features chat history tone refine file upload text to speech


[ad_2]
Source link

Information stealer compromises legitimate sites to attack other sites

andreasc
-
0
Information stealer compromises legitimate sites to attack other sites
[ad_1]

A new web skimming campaign uses compromised legitimate sites to act as command and control servers.

Security researchers at Akamai have published a blog about a new Magecart-alike web skimming campaign that uses compromised legitimate sites as command and control (C2) servers.

A web skimmer is a piece of malicious code embedded in web payment pages to steal personally identifiable information (PII) and credit card details from customers of the site.

Since the code is executed on the client’s side, the malicious behavior is hard to detect by the website’s owner since it will not be picked up by web application firewalls (WAFs) and other measures to keep the server safe.

This campaign is different since it relies on legitimate but compromised sites to make the traffic look genuine. Since these sites normally operate as legitimate businesses, they are less likely to raise suspicion when connecting to a victim. The target sites are running digital content management systems like Magento, WooCommerce, WordPress, and Shopify, but contain a variety of vulnerabilities.

The Akamai researchers uncovered numerous digital commerce websites that have fallen victim, and say that it is reasonable to assume that there are additional legitimate websites that have been exploited as part of this extensive campaign.

Some of the victim organizations see hundreds of thousands of visitors per month which could potentially result in thousands of victims that have their credit card data and PII stolen. Especially since the campaign has been going unnoticed for close to a month for many of the victims.

In this campaign there were two kinds of victim sites:

  • Host victims: Legitimate websites that are hijacked for the purpose of hosting the malicious code used in the attack. They are compromised to behave as an attacker-controlled server.
  • Web skimming victims: Instead of directly injecting the attack code into the website’s resources, the attackers employ small JavaScript code snippets as loaders to fetch the full attack code from the host victim website.

In some cases, the exploited host websites appear to have been abused in both ways.

The code used on the web skimming victims is designed to look like popular third-party services such as Google Tag Manager or Facebook Pixel. This method is popular among web skimmers because it helps the malicious code blend in seamlessly, disguising its true intentions.

CMS security in a nutshell

Spilling your customers’ PII and credit card details can be very damaging for your reputation, so it’s important to make sure they can visit and use your website safely.

There are a few obvious and easy-to-remember rules to keep in mind if you want to use a CMS without compromising your security:

  • Choose your CMS with both functionality and security in mind
  • Choose your plug-ins wisely
  • Update as soon as you can
  • Keep track of the changes to your site and their source code
  • Use 2FA
  • Give user permissions (and their levels of access) a lot of thought
  • Be wary of SQL injection
  • If you allow uploads, limit the type of files to non-executables and monitor them closely.

For websites that require even more security, there are specialized vulnerability scanners and application firewalls that you may want to look into. This is especially true if you are a popular target for people that would love to deface or abuse your website.

If the CMS is hosted on your own servers, be aware of the dangers that this setup comes with some additional risks. Use network segmentation to keep the website server separated from other work servers.

IOCs

Malwarebytes Browser Guard blocks the receiving domains of the stolen data:

byvlsa.com

chatwareopenalgroup.net

Malwarebytes blocks chatwareopenalgroup.net

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

U.S users just don’t want to advertise with Twitter

andreasc
-
0
U.S users just don’t want to advertise with Twitter
[ad_1]

Twitter has been on shaky ground for several months now, and it seems that things are not looking up just yet. According to a report from The New York Times, the number of US users using Twitter to post ads is declining.

One of the major issues that Twitter dealt with after Elon Musk took over was the Exodus of many people using Twitter for ad space. Selling ads is a major source of income for Twitter, and Elon Musk bought the company with the sole plan of making it profitable. So, this was an issue.

Elon Musk even stated that “Almost all advertisers have come back”, and that the company’s ad business was up and running again. However, the reality for US-based users might not be so bright.

US users don’t want to use Twitter for ads

Despite Elon Musk’s claims, the number of US users using Twitter as their personal billboard is dropping. Between the first week of April and the first week of May, Twitter wracked in 89 million dollars from its US ad business. That’s a whopping 59% drop year over year. It’s a tough break for the company.

An internal document states that the company does normally fall short of its US weekly sales projections, and it could be by as much as 30%. Still, a 59% drop year over year points to a major issue.

The company’s ad staff points to the current content on Twitter as being the culprit behind this. They pointed to factors like pornography, hate speech, and ads featuring marijuana and online gambling. Not many people want to advertise in a market with so much negative content. Thus, they’re taking their ad money to different platforms. This is similar to why a lot of advertisers exited YouTube.

It seems bleak, and it’s only made worse by the fact that the company projects that its US Revenue could see a 56% drop each week compared to the same time last year. Only time will tell if Twitter can revitalize its ad business.

The company did recently employ Linda Yaccarino, the NBCUniversal executive. Hopefully, she will be able to push Twitter into a new direction.


[ad_2]
Source link

Twitter hired another top executive from NBCUniversal

andreasc
-
0
Twitter hired another top executive from NBCUniversal
[ad_1]

According to the BBC, senior NBCUniversal executive Joe Benarroch has joined Twitter. He’s the second Twitter executive that’s coming from NBCUniversal.

Last month, Elon Musk appointed Linda Yaccarino as the new chief executive of Twitter. She previously served as NBCUniversal’s head of advertising. The billionaire clarified that Yaccarino would focus on business operations while he stayed focused on product development. Now, Twitter has snapped up its second executive from NBCUniversal again as a part of Musk’s efforts to reshape the Twitter leadership team.

Senior NBCUniversal executive Joe Benarroch joins Twitter

Benarroch’s responsibility in Twitter boils down to focusing on business operations in the company’s New York office. According to Benarroch’s Linkedin profile, he has worked as an executive and senior vice president of communications and advertising at NBCUniversal since 2018. Benarroch work records also show he’s been employed at Facebook from 2012 to 2018.

“I am looking forward to bringing my experience to Twitter and to working with the entire team to build Twitter 2.0 together,” Benarroch said in his latest Linkedin post.

Benarroch’s contribution to the platform is yet to be discovered. However, his prolific experience in advertising and communications could help Twitter makeover its business model and reduce its reliance on plummeting advertising revenues.

Since Musk’s takeover, many Twitter executives have left the company for various reasons and were replaced by Musk like-minded people. But it seems that even these new people don’t have a guaranteed role in the company. Last week, Twitter’s head of trust and safety, Ella Irwin, left the company. She was supposed to be the successor of former head Yoel Roth, who resigned in November 2022.

The reasons for Irwin’s departure are yet unknown. However, some reports claim that Elon Musk and Irwin had a disagreement over Twitter content moderation policies. The departure came after Musk publicly criticized Twitter’s decision to limit the visibility of the “What is a Woman” documentary by the conservative media DailyWire. Musk said, “This was a mistake by many people at Twitter.” The issue was solved after Musk’s intervention.


[ad_2]
Source link
1...1,1931,1941,195...1,471Page 1,194 of 1,471