WormGPT Cybercrime Tool Heralds an Era of AI Malware vs. AI Defenses

A black-hat alternative to GPT models specifically designed for malicious activities like BEC, malware, and phishing attacks is here, and will push organizations to level up with generative AI themselves. [TechWeb]( Follow Dark Reading: [RSS]( July 14, 2023 LATEST SECURITY NEWS & COMMENTARY [WormGPT Cybercrime Tool Heralds an Era of AI Malware vs. AI Defenses]( A black-hat alternative to GPT models specifically designed for malicious activities like BEC, malware, and phishing attacks is here, and will push organizations to level up with generative AI themselves. [SolarWinds Attackers Dangle BMWs to Spy on Diplomats]( Cloaked Ursa/Nobelium gets creative by appealing to the more personal needs of government employees on foreign missions in Kyiv. [Killnet Tries Building Russian Hacktivist Clout With Media Stunts]( Killnet has been more effective at generating headlines than in executing attacks or wreaking any real damage, experts say. [Critical RCE Bug in Rockwell Automation PLCs Zaps Industrial Sites]( Rockwell Automation and CISA warn of security vulnerabilities that affect power plants, factories, and other critical infrastructure sites. [Orca Sues Wiz for 'Copying' Its Cloud Security Tech]( Two fierce cloud security competitors are locked in a legal battle, as Orca accuses Wiz of ripping off its intellectual property. [Creating a Patch Management Playbook: 6 Key Questions]( The vulnerability gap continues to persist, and IT and security teams can play a major role in reducing their attack surface. [Okta, Ping Identity, CyberArk & Oracle Lead the IDaaS Omdia Universe]( Omdia has published its Omdia Universe on IDaaS. This vendor comparison study highlights the capabilities of the vendors in the space. [(Sponsored Article) How to Use Log Management to Retrace Your Digital Footsteps]( Log management tools help IT and security teams monitor and improve a system's performance by identifying bugs, cybersecurity breaches, and other issues that can create outages or compliance problems. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Hackers Exploit Policy Loophole in Windows Kernel Drivers]( Using open source tools, attackers target Chinese speakers with malicious drivers with expired certificates, potentially allowing for full system takeover. [Microsoft Discloses 5 Zero-Days in Voluminous July Security Update]( Fixes for more than 100 vulnerabilities affect numerous products, including Windows, Office, .Net, and Azure Active Directory, among others. [How to Put Generative AI to Work in Your Security Operations Center]( Generative AI is the cybersecurity resource that never sleeps. Here are some of the ways security-focused generative AI can benefit different members of the SOC team. [MORE]( EDITORS' CHOICE [Chinese APT Cracks Microsoft Outlook Emails at 25 Government Agencies]( Foreign state-sponsored actors likely had access to privileged state emails for weeks, thanks to a token validation vulnerability. LATEST FROM DR TECHNOLOGY [Decoding Identity and Access Management for Organizations and Consumers]( Workforce IAM and consumer IAM are not interchangeable — they serve different purposes and constituencies. LATEST FROM THE EDGE [How the EU AI Act Will Affect Businesses, Cybersecurity]( The draft AI Act represents a significant step in regulating AI technologies, recognizing the need to address the potential risks and ethical concerns. LATEST FROM DR GLOBAL [African Nations Face Escalating Phishing & Compromised Password Cyberattacks]( Cyberattacks against organizations in some African nations increased significantly in 2022, despite a major expansion in cybersecurity hiring to support cloud and digital migration. WEBINARS - [State of DDoS: Mid-Year Threat Report]( Killnet, REvil and Anonymous Sudan - it's been a busy quarter in the DDoS realm. Threat actor groups have been targeting Western organizations in an attempt to disrupt our way of life. If you're finding it hard to keep track ... - [Finding a Backup Strategy That Works For You]( You've been hit with a ransomware, DDoS, natural disaster, or destructive cyberattack. One of the first questions: can we get our data back? Good back-ups are key to business continuity and disaster recovery, but backing up your data in preparation ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( - [Rediscovering Your Identity]( - [2023 Global Future of Cyber Report]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... - [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Black Hat Announces Sustainability Pledge]( [Cybersecurity Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions]( [Safe Security Acquires RiskLens]( [Facebook and Microsoft are the Most Impersonated Brands in Phishing Attacks]( [Introducing EncryptionSafe: A Free and Easy-to-Use Encryption App for Windows PC]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How to Use Threat Intelligence to Mitigate Third-Party Risk]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)