Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’
WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to write malicious software without all the pesky prohibitions on such activity enforced by the likes of ChatGPT and Google Bard, has started adding restrictions of its own on how the service can be...
7.1AI Score
If you ask Alexa, Amazon's voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn't know. It doesn't take much to make it lambaste the other tech giants, but it's silent about its own corporate parent's misdeeds. When Alexa responds in this way, it's obvious that...
6.4AI Score
Riverbed SteelCentral Detection (HTTP)
The script sends a connection request to the server and attempts to extract the version number from the...
7AI Score
7AI Score
ChatGPT was released just nine months ago, and we are still learning how it will affect our daily lives, our careers, and even our systems of self-governance. But when it comes to how AI may threaten our democracy, much of the public conversation lacks imagination. People talk about the danger of.....
6.8AI Score
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without...
7.5CVSS
7.5AI Score
0.001EPSS
Four tips to keep your GitHub Actions workflows secure
Continuous Integration and Continuous Deployment (CI/CD) software supply chains are a lucrative target for threat actors. GitHub Actions is one of the most widely used platforms for automation, making it an important target. For the past few months, the GitHub Security Lab has been collaborating...
7.5AI Score
n00b’s guide to DEF CON. Surviving the Matrix of the underground
Ah, DEF CON. The world's largest hacker convention. A beacon for the diverse spectrum of cyber security enthusiasts. From code-cracking challenges to the infamous Wall of Sheep, the event is a hive of activities and opportunities. But before we dive into the world of hackerdom, let's get one thing....
7.2AI Score
Zielsetzung dieses Bausteins ist der Schutz von Informationen, die auf Unix-Clients erstellt, bearbeitet, gespeichert oder versendet...
7.3AI Score
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have...
7.8CVSS
7.6AI Score
0.974EPSS
In the first 6 months of 2023, our team has already added 2,471[1] individual vulnerability records to the Wordfence Intelligence WordPress Vulnerability Database. These vulnerabilities affected 1,680[2] WordPress software components. This means we have already surpassed the total number of...
9.1AI Score
Joomla J2Store 3.1.6 Multiple SQL Injection Vulnerabilities
Jommla J2Store is prone to multiple SQL injection...
7.8AI Score
0.002EPSS
Joomla SmartFormer 2.4.1 Shell Upload Vulnerability
Detects the installed version of Joomla Smartformer. The script detects the version of Joomla Smartformer component on remote host and tells whether it is vulnerable or...
7.4AI Score
Practice Your Security Prompting Skills
Gandalf is an interactive LLM game where the goal is to get the chatbot to reveal its password. There are eight levels of difficulty, as the chatbot gets increasingly restrictive instructions as to how it will answer. It's a great teaching tool. I am stuck on Level 7. Feel free to give hints and...
7AI Score
Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239131 As usual, I use my open source Vulristics project to...
9.8CVSS
9.2AI Score
0.115EPSS
Friday Squid Blogging: Chromatophores
Neat: Chromatophores are tiny color-changing cells in cephalopods. Watch them blink back and forth from purple to white on this squid's skin in an Instagram video taken by Drew Chicone… It's completely hypnotic to watch these tiny cells flash with color. It's as if the squid has a little sky full.....
6.8AI Score
Proxmox Virtual Environment (VE, PVE) Detection (HTTP)
HTTP based detection of Proxmox Virtual Environment (VE,...
7.1AI Score
Every company has its own version of ChatGPT now
Welcome to this week's edition of the Threat Source newsletter. When I first started poking at ChatGPT a few months ago, I quickly learned that it wasn't quite ready to take my job (yet) and wasn't staying up to date on wrestling. Since ChatGPT went viral, several other companies have released...
6.8AI Score
Plane sailing for ticket scammers: How to keep your flight plans safe
You may be getting ready to jump on a plane and head off for a few days or weeks of rest and relaxation. So the last thing you need before flying is a technology related horror show. Sadly, scammers are aware of families getting ready to hit the skies, and have tailored their threats accordingly......
6.8AI Score
Few Fortune 100 Firms List Security Pros in Their Executive Ranks
Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn't shifted much since is that very few of these companies list any security professionals within their top executive ranks. The next time you receive a...
6.7AI Score
Add Unique Asset Context with Custom Attributes in CSAM
There is no such thing as “too much context” when it comes to asset management. Continuous discovery and comprehensive, normalized asset data create the foundation for streamlined risk detection and response. The more reliable asset data a security team has, the better it can operationalize an...
7AI Score
6.5AI Score
0.001EPSS
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without...
7.5CVSS
7.7AI Score
0.001EPSS
Imagine a future in which AIs automatically interpret--and enforce--laws. All day and every day, you constantly receive highly personalized instructions for how to comply with the law, sent directly by your government and law enforcement. You're told how to cross the street, how fast to drive on...
6.9AI Score
7.6AI Score
0.001EPSS
Part I: Implementing Effective Cyber Security Metrics That Reduce Risk Realistically
As a CISO or business leader, some burning questions that often come to your mind are: How vulnerable is our cybersecurity posture? Are we better protected than we were three months or a year ago? Have our investments improved the cybersecurity posture and yielded any tangible benefits? Are my...
7AI Score
6.9AI Score
0.001EPSS
CentOS Update for kernel CESA-2009:0331 centos4 i386
The remote host is missing an update for...
6.5AI Score
0.949EPSS
GitHub Repository Rules are now generally available
Protected branches have been around for a while, and we’ve made numerous improvements over time. We've added new rules to protect multiple branches and introduced additional permissions. However, it’s still challenging to consistently protect branches and tags throughout organizations. Managing...
6.8AI Score
Mandriva Update for libreoffice MDVSA-2012:091 (libreoffice)
The remote host is missing an update for...
6.5AI Score
0.047EPSS
FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT
Over 5 years ago, we began tracking a new campaign that we called FakeUpdates (also known as SocGholish) that used compromised websites to trick users into running a fake browser update. Instead, victims would end up infecting their computers with the NetSupport RAT, allowing threat actors to gain....
7.6AI Score
6.8AI Score
0.001EPSS
6.7AI Score
0.001EPSS
7.9AI Score
0.002EPSS
SUSE SLED15 / SLES15 Security Update : libreoffice (SUSE-SU-2022:0886-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0886-1 advisory. LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that...
7.5CVSS
7.4AI Score
0.001EPSS
SUSE SLED15 / SLES15 Security Update : libreoffice (SUSE-SU-2022:3650-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3650-1 advisory. An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro...
8.8CVSS
8.6AI Score
0.002EPSS
6.7AI Score
0.001EPSS
SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website...
6.9AI Score
5.5CVSS
5.9AI Score
0.001EPSS
5.9CVSS
6.8AI Score
0.015EPSS
6.9AI Score
0.002EPSS
5.5CVSS
5.9AI Score
0.001EPSS
Malwarebytes Browser Guard introduces three new features
Malwarebytes Browser Guard is our free browser extension for Chrome, Edge, Firefox, and Safari that blocks unwanted and unsafe content, giving users a safer and faster browsing experience. It's the world's first browser extension to do this while also identifying and stopping tech support scams. .....
7.1AI Score
7.6AI Score
0.07EPSS
7.6AI Score
0.07EPSS
"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!
One of Twitter's big rivals, Mastodon, recently finished fixing four issues which (in the worst case) allowed for the creation of files on the instance's server. Mastodon, whose main selling point is lots of separate communities living on different servers yet still able to communicate, was...
9.9CVSS
7.9AI Score
0.004EPSS
9.8CVSS
9.6AI Score
0.593EPSS
CentOS Update for autocorr-af CESA-2012:1135 centos6
The remote host is missing an update for...
6.5AI Score
0.041EPSS
9.8CVSS
9.6AI Score
0.593EPSS
Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)
The previous blog from this three-part series showcased an overview of the vulnerability threat landscape. To summarize quickly, it illustrated the popular methods of exploiting vulnerabilities and the tactical techniques employed by threat actors, malware, and ransomware groups. Perhaps more...
10CVSS
9.3AI Score
0.976EPSS