How AI can be trained to deceive, even after safety training
LLMs can engage in intentional malicious behaviour, even when current methods to promote their safety are employed. Such behaviour can be deeply persistent, Anthropic research shows.
Anthropi'sc researchers have presented these findings in their paper "Sleeper Agents: Training Deceptive LLMs tha... Read more
Linux IoT devices vulnerable to self-spreading botnet
Linux devices connected to the Internet of Things (IoT) are vulnerable to NoaBot. This botnet is linked to crypto-mining activities and is another form of the previously known botnet Mirai. What sets NoaBot apart is its ability to duplicate itself, and that is also where its greatest danger lies.
... Read more
Only a fraction of companies are genuinely data-driven
Many companies say they use data for their daily operations. However, only a fraction of them are actually 'data-driven'. This is the finding of the SD Times and Melissa Data in their study of data use and quality within companies.
The 'Data Quality 2023 Study shows that 34 percent of companies ... Read more
Verified X accounts being traded on the darkweb
Verified X 'Gold' accounts of the social media platform X are being taken over en masse by hackers. Subsequently, these accounts are being traded on the darkweb, as security researchers from India's CloudSEK found out.
In 2023, X introduced its so-called X Verified or Gold accounts for the socia... Read more
ChatGPT is a bad doctor, but that shouldn’t surprise anyone
ChatGPT is found to make errors 83 percent of the time when performing pediatric diagnoses, a study conducted by JEMA Pediatrics found. Nevertheless, generative AI is a promising technology for health care, the researchers argue.
The research focused specifically on ChatGPT in its GPT-4 guise. O... Read more
Exploit provides access to Google accounts: password change doesn’t help
Several malware families can give hackers access to Google accounts. For this, the malware abuses an OAuth2 functionality provided by Google. It is not possible to lock out the hacker by changing the password of an affected account.
The Google OAuth2 endpoint MultiLogin would be exploitable for ... Read more
Data breaches aren’t setting records anymore, but there are more victims than ever
The biggest data breaches of all time almost all took place between 2018 and 2020. Since then, no leak has managed to reach the top 20. Global regulations and the growing threat from cybercriminals are making organizations take the measures required. It's very much needed, as there are more victims... Read more
Explosive rise in ransomware attacks since 2022
The number of ransomware attacks continues to increase worldwide. This is despite a previous dip in the number of attacks, NCC Group researchers note based on figures from November this year.
Whereas in the month of October, NCC Group researchers noted a small dip in the number of global ransomw... Read more
Online data transfer not always secure with SSH protocol despite encryption
A new type of attack is targeting the Secure Socket Shell (SSH). This network protocol is used for data transfers. The protocol is said to guarantee the security of the transfer, but that is now being questioned.
Researchers have found a new method of attack that tampers with the SSH protocol. S... Read more
‘Most cyber attacks hide in encrypted web traffic’
Most cyber-attacks take place with malware hidden in encrypted web traffic. This is what Zscaler found out in its ThreatLabz 2023 State of Encrypted Attacks Report.
According to Zscaler's annual report, the spread of cyber threats via encrypted (HTTPS) web traffic is increasing every year. In 20... Read more