Is ChatGPT Your Next Phishing Enemy?

AI Phishing with ChatGPT

AI technologies such as ChatGPT and Google Bard have the potential to revolutionize productivity and convenience. However, the negative implications of AI, specifically in the realm of cybersecurity, are often overlooked.

For instance, tools like ChatGPT can greatly aid marketing employees in creating templates, emails, logos, and more with speed and efficiency. Unfortunately, these same tools can be exploited by malicious actors to easily craft convincing phishing emails.

According to IBM’s X-Force Threat Intelligence Index 2023, up to 41% of breaches occur due to employees unwittingly opening malicious documents (“maldocs”) embedded in phishing emails. Despite advancements in email scanners and antivirus solutions, such incidents are increasing.

To illustrate the risks associated with AI-generated phishing emails, Pensive Security conducted a test using the ChatGPT 3.5 service to create a reasonably believable phishing campaign with minimal user input.

Read More

Source Code Analysis

Source Code Analysis

One of the most frustrating and potentially time-consuming stages of development is debugging and testing. Not only can analyzing source code manually be nearly impossible when dealing with several million lines of code, but there is a massive potential that human editors can miss something. The most common way of avoiding this is to implement source code analysis into the development pipeline.

Read More

TikTok Mobile App Security and Privacy

TikTok Mobile App Security and Privacy: How Does It Stack Up?

When it comes to social media applications, TikTok is one of the most popular kids on the block. The app has only been around for a few years, but it has already become extremely popular—particularly with younger users.

One of the main reasons for TikTok’s popularity is its unique approach to content. Unlike other social media apps, which tend to be focused on text and images, TikTok is all about short videos. This makes it perfect for quick and entertaining content that can be easily consumed on the go.

However, as with any social media application, there are concerns about TikTok’s security and privacy. So, how does TikTok stack up in terms of mobile app security and privacy?

Read More

Russian Cyber Attacks In The US

Russian Cyber Attacks In The US

Tensions are rising between the United States and Russia. In fact, according to some analysts, the relationship between the two superpowers hasn’t been this strained since the height of the Cold War.

For years now, Russia and the US haven’t seen eye to eye on a myriad of issues. Since the turn of the 21st century, Russia has aggressively pushed itself into many facets of the modern world. It has wanted to have a strong presence in all sorts of foreign affairs.

And Russia has also wanted a strong influence on other nations - including America. Those running the nation, most notably President Vladimir Putin, long ago decided that they could lessen the impact of America and other Western nations by waging a very modern form of warfare against them.

Indeed, cyber attacks have become one of the most major and important features of the modern Russian assault on democracies across the world but especially against the United States.

Multiple cyber attacks against the US have already been committed by Russia and experts are warning that many more are sure to come.

Read More

Phishing

How Effective Are Phishing Attacks in 2022?

Over the past few years, spam filters have gotten significantly more effective. This has been good news for email users, but it also has unintended consequences. Because bulk spam emails are unlikely to get through to the recipient, scammers are switching their approach to more targeted phishing operations.

Phishing attacks are designed to look like they come from a trusted source, like a bank, major company, or even the recipient’s employer. This lures the person into a false sense of security. They might click a link and fill out a form with sensitive information, or they might download a file with malicious code hidden inside.

Here, we’ll discuss how effective these attacks have become, who is at risk, and how you can protect yourself and your organization.

Read More

August 2021 Roundup

August 2021: Cybersecurity Roundup

The previous month in cybersecurity:

  1. Glowworm Attacks Let Your LEDs Spy On You
  2. U.S. Senate Moves to Protect Water and Power Grids
  3. Accenture Gets Hit by LockBit Ransomware
  4. $600 Million Crypto Heist Nearly Resolved
  5. U.S. Navy Struggles to Keep Up with “RMF of Tomorrow”

Read More

Speech Neuroprosthesis (Credit: Nvidia, https://developer-blogs.nvidia.com/wp-content/uploads/2021/07/speech-neuroprosthesis.png)

Speech Neuroprosthetic Restores Paralyzed Man’s Ability to Speak, but Privacy Concerns Abound

We often take our ability to communicate with others for granted. The ability to verbally say “hi” or “I love you” isn’t something we think about every day. However, for those without the ability to speak, such a thing would be world-changing.

That change is upon us.

Researchers at UC San Francisco have succeeded in giving speech to a man denied that ability. Affected by severe paralysis and unable to form words at all, the man could communicate through a new speech “neuroprosthetic”. The device could translate brainwaves from the man’s brain to his vocal tract and then display that communication on a monitor.

According to the study, which was published in July 2021, the authors stated, “We decoded sentences from the participant’s cortical activity in real-time at a median rate of 15.2 words per minute, with a median word error rate of 25.6%. In post hoc analysis, we detected 98% of the attempts by the participant to produce individual words, and we classified words with 47.1% accuracy using cortical signals that were table throughout the 81-week study period.”

Read More

July 2021 Roundup

July 2021: Cybersecurity Roundup

The previous month in cybersecurity:

  1. Kaseya Gets It All Wrong
  2. Congress Advances a Slate of Cybersecurity Bills
  3. New Cyber Rules from the TSA for Pipeline Companies
  4. DHS Cybersecurity Chief Confirmed
  5. China Cracks Down on Didi

Read More

Web App Pentest

Web Application Penetration Testing

Web application penetration testing is an integral part of assessing applications for potential security threats. Companies rely on customer-facing web applications to hold sensitive data and allow people to perform sensitive tasks in real-time. To avoid security issues, some companies depend solely on vulnerability scans which are limited in their ability to identify threats and potential issues. While vulnerability scanning certainly has its place in a secure development life-cycle, it leaves much to be desired in terms of an in-depth security assessment.

Pensive Security takes security testing several steps further with dedicated web app penetration testing (or “pentesting”), which helps identify threats or gaps in the application that could be vulnerable to cyber-attacks. This guide will take a detailed look at web application penetration testing and what it means for your business.

Read More

June 2021 Roundup

June 2021: Cybersecurity Roundup

The previous month in cybersecurity:

  1. FBI Chats with Bad Guys
  2. Will Water Utilities Be the Next Colonial Pipeline?
  3. From Fitness Fad to Cybersecurity Risk
  4. Biden Takes Putin to Task Over Ransomware, Cybersecurity in Summit
  5. The Coast Guard Gets into Cybersecurity

Read More

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×