It’s almost impossible to escape the hype around artificial intelligence (AI) and generative AI. The application of these tools is powerful. Text-based tools such as OpenAI’s ChatGPT and Google’s Bard can help people land jobs, significantly cut down the amount of time it takes to build apps and websites, and add much-needed context by analyzing large amounts of threat data. As with most transformative technologies, there are also risks to consider, especially when it comes to cybersecurity.

AI-powered tools have the potential to help organizations overcome the cybersecurity skills gap. This same technology that is helping companies transform their businesses is also a powerful weapon in the hands of cybercriminals. In a practice, that’s sometimes referred to as offensive AI, where cybercriminals use AI to automate scripts that exploit vulnerabilities in an organization’s security system or make social engineering attacks more convincing. There’s no doubt that it represents a growing threat to the cybersecurity landscape that security teams must prepare for.

Continue reading →

Securing the software supply chain presents many challenges. To make the process easier OX Security recently launched OX-GPT, a ChatGPT integration aimed specifically at improving software supply chain security.

We spoke to Neatsun Ziv, co-founder and CEO of OX Security, to discuss how AI can present developers with customized fix recommendations and cut and paste code fixes, allowing for quick remediation of critical security issues across the software supply chain.

Continue reading →

New research from Salt Labs highlights API security vulnerabilities uncovered in the social sign-in and Open Authentication (OAuth) implementations of multiple online companies.

Sites affected include Grammarly, Vidio, and Bukalapak. The flaw has now been fixed but could have allowed for credential leakage and enabled full account takeover. Salt Labs also reports that 1,000s of other websites using social sign-in mechanisms are likely to be vulnerable to the same type of attack, putting billions of individuals around the globe at risk.

Continue reading →

A new survey of 300 senior cybersecurity stakeholders finds that 98 percent are concerned about the cybersecurity risks posed by ChatGPT, Google Bard, WormGPT, and similar tools.

The report from Abnormal Security shows the main worry is the increased sophistication of email attacks that generative AI will make possible -- particularly, the fact that generative AI will help attackers craft highly specific and personalized email attacks based on publicly available information.

Continue reading →

We've all heard about how AI is being used to improve cyberattacks, by creating better phishing emails for example, but does AI really have the same potential for being sneaky as humans?

New research from IBM X-Force has set out to answer the question, ‘Do the current Generative AI models have the same deceptive abilities as the human mind?’

Continue reading →

Today, 1Password shared some news about a hacking attempt that happened in late September 2023. The company saw some suspicious activity on a software tool they use called Okta, which helps manage apps for their employees. This strange activity was later found to be connected to a known security issue with Okta’s support system.

On September 29, someone from 1Password’s tech team got a surprising email that helped them find this weird activity in their Okta software. They traced this activity back to a suspicious computer address. Someone unauthorized had got into the Okta software with high-level access. This situation looked a lot like known hacking attempts where bad actors get into high-level accounts to mess with security settings and pretend to be users within the company being targeted.

Continue reading →

A new anti-fraud tool from Jumio uses predictive analytics and AI to look at billions of data points across the company's cross-industry network to identify patterns based on behavioral similarities and other indicators.

Jumio's analysis shows that 25 percent of fraud is interconnected, either being perpetrated by fraud rings or by individuals using the same information or credentials to open new accounts on banking sites, eCommerce platforms, sharing economy sites, etc.

Continue reading →

The cybersecurity landscape is experiencing an unprecedented surge in vulnerabilities. In 2022 alone, a staggering 25,096 new vulnerabilities were added to the National Vulnerability Database (NVD). This number represents the highest count of vulnerabilities ever recorded within a single year and reflects a 25 percent increase compared to the 20,196 new vulnerabilities reported in 2021.

This escalating trend indicates that cybersecurity threats are not only on the rise but are also accelerating at an alarming pace. The reasons behind this surge in vulnerabilities are multifaceted, stemming from factors such as the increasing complexity of software and technology systems, the rapid pace of digital transformation, and the growing sophistication of cyber attackers.

Continue reading →

IT security breaches are becoming more frequent and costly. According to IBM Security’s Cost of a Data Breach Report 2023 UK organizations shell out an average of £3.4m for data breach incidents. There isn't a CISO around that doesn't wish they had that kind of budget to spend on IT security. The tools to help security teams do their job more effectively are out there, but getting them approved in the annual budget is not guaranteed and investment can sometimes be too late.

So what can UK IT leaders do to make sure they continue to improve their IT security without blowing their budget? Here are eight ways to bolster cybersecurity resources: 

Continue reading →

As QR codes have become popular, they're used for all kinds of things from mobile payments to access control and even document sharing. The problem is that they can also hide risks so it's no surprise that they're becoming a popular vehicle for phishing.

New analysis from Hoxhunt finds the use of QR codes in 22 percent of attacks on its 'global human risk network' in the first weeks of October 2023.

Continue reading →

A new report from GuidePoint Security's Research and Intelligence Team (GRIT) shows a total of 3,385 publicly posted ransomware victims in the first three quarters of this year, claimed by 57 different threat groups, representing an 83 percent year-on-year increase.

Attacks directed against US-based organizations decreased, but there has been a marked increase in attacks impacting other nations. Other countries consistently affected, like the UK, saw an approximate 41 percent increase in attacks in Q3.

Continue reading →

The power that quantum computing makes available offers benefits in many areas, but it also means cracking encryption becomes much easier, which poses an enormous threat to data and user security.

At its annual Trust Summit conference, DigiCert has released the results of a global study exploring how organizations are addressing the post-quantum computing threat and preparing for a safe post-quantum computing future.

Continue reading →

A new survey of 900 full-time security decision-makers and practitioners around the world finds that 55 percent of respondents say they're likely to switch jobs in the next year.

The Voice of the SOC report, from secure workflow specialist Tines, shows that 63 percent of the security decision-makers and practitioners surveyed are experiencing burnout amid relentless cyberattacks, internal pressures, and limited resources.

Continue reading →

Bad bots are designed perform various malicious activities. These range from basic scrapers that try to get some data off an application -- and are easily blocked -- to more advanced persistent bots that try to evade detection.

Barracuda researchers have been tracking bots for several years and have identified some interesting recent trends not least that, like King Louie in The Jungle Book, they 'wanna be like you'.

Continue reading →

Governments and data make for a complex relationship. In some cases, agencies are obligated to make information publicly accessible. In others, sensitive data is highly regulated and therefore needs to be protected to keep it out of the public domain.

With key information changing hands internally via various departments and externally via third parties, it's vital that government agencies can access systems and share data securely -- particularly given increases in cyberattacks.

Continue reading →