ChatGPT Security: OpenAI's Bug Bounty Program Offers Up to $20,000 Prizes

The Hacker News Daily Updates [Newsletter]( [cover]( [DevSecOps Is Just the Beginning: Why Modern Security Teams Need a Transformation (And How They Can Do It)]( As companies push for digital transformation, rapid changes are sweeping across all industries, especially software development. Discover why modern security teams must shift their approach. [Download Now]( Sponsored LATEST NEWS Apr 13, 2023 [New Python-Based "Legion" Hacking Tool Emerges on Telegram]( An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct remote code execution (RCE) attacks, exploit unpatched versions of Apache, and brute-force cPanel ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Why Shadow APIs are More Dangerous than You Think]( Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface (API) that isn't officially documented or supported. Contrary to popular belief, it's unfortunately all too common to have APIs in production that no one ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions]( The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in attacks targeting the Indian education sector using a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target military and government entities in the country, the activities have since expanded to include ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign]( The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running activity called DeathNote. While the nation-state adversary is known for its persistent attacks on the cryptocurrency sector, it has also targeted automotive, academic, and defense sectors in Eastern Europe and other parts of the ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [ChatGPT Security: OpenAI's Bug Bounty Program Offers Up to $20,000 Prizes]( OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "safe and secure." To that end, it has partnered with the crowdsourced security platform Bugcrowd for independent researchers to report vulnerabilities discovered in its product in exchange for rewards ranging from "$200 for low-severity findings to up ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit]( Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware campaign was directed against journalists, political opposition figures, and an NGO worker in ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late]( Here's a hard question to answer: 'How many service accounts do you have in your environment?'. A harder one is: 'Do you know what these accounts are doing?'. And the hardest is probably: 'If any of your service account was compromised and used to access resources would you be able to detect and stop that in real-time?'. Since most identity and security teams would provide a negative ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit]( It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [DevSecOps Is Just the Beginning: Why Modern Security Teams Need a Transformation (And How They Can Do It)]( As companies push for digital transformation, rapid changes are sweeping across all industries, especially software development. Discover why modern security teams must shift their approach. [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India