WormGPT and PoisonGPT. Empowering the next generation of script kiddies and scammers. Recently, there’s been a significant development in the world of cybercrime, a malicious AI model known as WormGPT. This ChatGPT-style AI tool has recently gained traction in cybercrime forums on the dark web, allowing hackers to carry out cyberattacks on an unprecedented scale. WormGPT, as a sophisticated AI model, is designed to generate human-like text explicitly tailored for hacking campaigns, raising concerns about the speed and volume of scams it can generate. WormGPT was developed through extensive tra ..read more

Essential 8: A practical guide Essential 8 (E8) is a collection of eight cyber security strategies developed by the Australian Signals Directorate (ASD) to assist organisations in defending against cyber threats and is considered the most cost-effective means of protecting against cyber threats and the bare minimum for cyber security. E8 is ideal for small and medium-sized businesses because it is easier to implement and manage than other standards and compliance requirements. The E8 is relatively inexpensive to implement, and the benefits are substantial, providing an appropriate level of pro ..read more

Indicators You’re Being Targeted By An APT An Advanced Persistent Threat (APT) is a type of cyberattack in which an attacker attempts to establish a long-term presence on a target’s network to gather sensitive information. The attacker can gain access to the network in various ways, including exploiting software flaws or stealing login credentials. Once they have access, they will often use sophisticated methods to stay on the network and avoid being found. They will use tools and techniques such as keyloggers, network sniffers, and custom malware to gather sensitive information. APT attacks a ..read more

Penetration Testing – A Guide for Australian Businesses Why Penetration Testing? Penetration testing comprises an expert security team simulating a real-world attack on your network or applications in order to find weaknesses and evaluate security threats for your business. Penetration Testing goes beyond basic vulnerability scanning because it involves simulating attack techniques from real-world adversaries looking to compromise your business. Although there are numerous techniques and types of penetration tests, the fundamental concept is straightforward. Cybersecurity specialists utilise t ..read more

Red Teaming: A Primer In Conducting An Effective Assessment Red teaming is easily one of the most exciting topics and engagements anyone will be a part of working in cyber security. It can be eye-opening for companies undertaking a red teaming exercise, especially when it can be demonstrated how easy it can be for malicious actors to infiltrate their premises and bypass implemented security measures. Everyone has seen the Youtube videos or read the stories about how specialists have compromised a company by simply walking through the front doors. Quite simply, it can sound like a script out of ..read more

Data Security: A Practical Handbook For Your Business Introduction: In today’s world, data security is one of the most prominent challenges organisations of all sizes face. Companies must take the necessary steps to protect their valuable data assets due to the increasing reliance on technology and the internet. This guide will outline an example step-by-step approach to creating a comprehensive data security improvement plan and provide practical implementation advice. Step 1: Assess Your Current Security Controls The first step in creating a data security plan is assessing the current secur ..read more

Cybra Security News Feed Fri, 28 Apr 2023 09:57:00 -0700 Researchers warn that a financially motivated cybercrime group known as FIN7 is compromising Veeam Backup & Replication servers and deploying malware on them. It’s not yet clear how attackers are breaking into the servers, but a possibility is that they’re taking advantage of a vulnerability patched in the popular enterprise data replication solution last month. Researchers from cybersecurity firm WithSecure investigated two such compromises so far, dating from late March, but they believe are likely part of a larger campaign . The p ..read more

Cybra Security News Feed Fri, 28 Apr 2023 03:52:00 -0700 The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the cybersecurity implications of large language models (LLMs). The Security Implications of ChatGPT paper details how threat actors can exploit AI-driven systems in different aspects of cyberattacks including enumeration, foothold assistance, reconnaissance, phishing, and the generation of polymorphic code. By examining these topics, the CSA said it aims to raise awareness of the potential t ..read more

Cybra Security News Feed Thu, 27 Apr 2023 03:25:00 -0700 Chinese state-sponsored threat actor Alloy Taurus has introduced a new variant of PingPull malware , designed to target Linux systems, Palo Alto Networks said in its research . Along with the new variant, another backdoor called Sword2033 was also identified by the researchers. Alloy Taurus, a Chinese APT , has been active since 2012. The group conducts cyberespionage campaigns across Asia, Europe, and Africa. The group is known to target telecommunication companies but in recent years has also been observed targeting financial and gover ..read more

Cybra Security News Feed Thu, 27 Apr 2023 03:51:00 -0700 Cyber experts from the SANS Institute have revealed the five most dangerous new attack techniques being used by attackers including cyber criminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on how to prepare for them. The SANS Institute is a leading cybersecurity training, certifications, degrees, and resources company that aims to empower cybersecurity professionals ..read more