Lifeboat Foundation

Researchers demonstrate how Text-to-SQL systems can lead to cyber attacks.

A team of researchers from the University of Sheffield has demonstrated that popular artificial intelligence applications like OpenAI’s ChatGPT, among five others, can be manipulated to produce potentially harmful Structured Query Language (SQL) commands and can be exploited to attack computer systems in the real world.

The applications they used in their study included BAIDU-UNIT, ChatGPT, AI2SQL, AIHELPERBOT, Text2SQL, and ToolSKE.

Microsoft warns of Scattered Spider, a financially motivated hacking crew that infiltrates firms worldwide using SMS phishing, SIM swapping, and by posing as new employees, leading to data breaches and takeovers.

Find out more:

The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world.

Continue reading “Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware” »

⚠️ ALERT: AvosLocker #ransomware targets US critical infrastructure. Recent joint advisory from CISA and FBI exposes their tactics — using open-source tools and stealthy techniques to compromise networks.

Read more 👉 https://thehackernews.com/2023/10/fbi-cisa-warn-of-rising-avoslocker.htm

The FBI and CISA issue advisory on AvosLocker ransomware gang. They use open-source tools, leave minimal traces.

“Meet Kelvin Dafiaghor, a distinguished luminary in the fields of education and technology. As the Founder and Director of Ogba Educational Clinic in Nigeria, he has dedicated a decade to integrating AI and STEM education into African learning, particularly excelling in robotics and AI. His commitment extends globally, showcased by his participation in prestigious events like FINTECH Abu Dhabi in 2018 and a high-level conference in Morocco in 2019, where he advocated fervently for innovation and artificial intelligence as transformative forces in Africa. In 2021, he made a lasting impact at GISEC Dubai, emphasizing the role of AI in cybersecurity. Additionally, as the Regional Manager for Global STEM Initiative, he’s passionate about advancing STEM education worldwide. #gsiuganda #comingsoon Andrew Webb-Buffington KELVIN OGBA DAFIAGHORJosselin LavigneKasule RaphaelLorraine Tsitsi MajiriLily R. ASONGFACIvan Peter OtimKimani NyoikeGlobal STEM Initiative (GSI)RIIS LLC.

🚨 ALERT: A massive ad fraud botnet called PEACHPIT has been exposed. It exploited hundreds of thousands of Android and iOS devices to generate illicit profits for cybercriminals.

🚨Executives in U.S. firms under attack.

A new EvilProxy phishing campaign is targeting top-level employees, including banking, insurance, real estate, and manufacturing sectors.

Learn how they operate:

Continue reading “Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms” »

Operating since last May, an emerging ransomware strain called Rhysida was deployed along with new stealer malware called Lumar for a potent new one-two punch against Brazil’s popular PIX payment system users.

Researchers from Kaspersky reported Rhysida is functioning as a ransomware-as-a-service (RaaS) operation with a demonstrated ability to quickly evolve.

“ It stands out for its unique self-deletion mechanism and compatibility with pre-Windows 10 versions of Microsoft. Written in C++ and compiled with MinGW and shared libraries, Rhysida showcases sophistication in its design,” Kaspersky said in its findings about the group. “While relatively new, Rhysida faced initial configuration challenges with its onion server, revealing a group’s rapid adaptation and learning curve.”

ChatGPT’s deceptive messages work almost as well as ones written by people, IBM found. And it’s much faster.

Beware of fake software ads on Google Search!

Hackers use Google Ads to direct users searching for popular software, such as KeePass Password Manager and Notepad++, to malicious copycats that distribute malware.