Your Tech Story

security

WormGPT

What is WormGPT? The new AI behind the cyberattacks

In recent news, a dangerous AI tool named WormGPT has been gaining popularity on cybercrime forums within the dark web. Marketed as a “sophisticated AI model,” WormGPT is specifically designed to generate human-like text for hacking campaigns, enabling cybercriminals to execute attacks on an unprecedented scale.

According to cybersecurity expert Daniel Kelley, who shared his findings on the platform Slashnext, WormGPT was trained on a diverse range of data sources, with a particular emphasis on malware-related data. This training allows the AI tool to create text that can be utilized for various malicious activities.

WormGPT
Image Source: dataconomy.com

The implications of WormGPT’s emergence are concerning for everyday internet users and businesses alike. One of the key issues lies in the speed and volume of scams that a language model like this can generate simultaneously.

The rapid text generation capability of AI models, combined with WormGPT’s malicious intent, poses a significant threat. Cyberattacks such as phishing emails can now be replicated easily, even by those with minimal cybercriminal skills.

Adding to the danger is the promotion of “jailbreaks” on ChatGPT, a similar AI language model by OpenAI, which essentially allows for the manipulation of prompts and inputs to create harmful content or reveal sensitive information. The consequences of such manipulation can be severe, leading to potential data breaches, inappropriate content dissemination, and the development of harmful code.

Also Read: The Future of AI: How Artificial Intelligence Will Change Future

Kelley pointed out that generative AI, like WormGPT, can produce emails with impeccable grammar, making them appear legitimate and decreasing the chances of being flagged as suspicious. This democratizes the execution of sophisticated Business Email Compromise (BEC) attacks, providing access to powerful hacking tools for a broader spectrum of cybercriminals, including those with limited technical expertise.

While companies such as OpenAI ChatGPT and Google Bard are actively working to combat the misuse of large language models (LLMs), there are concerns about the capabilities of these countermeasures.

A recent report by Check Point highlighted that Bard’s anti-abuse restrictors in the realm of cybersecurity are significantly lower compared to ChatGPT, making it easier to generate malicious content using Bard’s capabilities.

The introduction of WormGPT to the dark web follows a disconcerting trend. Researchers from Mithril Security recently revealed their successful modification of an existing open-source AI model named PoisonGPT, aimed at spreading disinformation. The potential consequences of such AI technology are still largely unknown.

As AI has already demonstrated the ability to generate and spread disinformation, manipulate public opinion, and even influence political campaigns, the emergence of bootleg AI models like WormGPT only exacerbates the risks faced by unsuspecting users.

In conclusion, the rise of WormGPT on the dark web signifies a troubling development in the world of cybercrime. The ease with which this AI tool can generate realistic and malicious content poses a significant threat to cybersecurity.

As cyber threat actors find new ways to exploit AI technology, it becomes crucial for AI developers and cybersecurity experts to remain vigilant and take proactive measures to safeguard against potential abuses of AI language models.

Additionally, internet users and organizations must stay informed about these developments and implement robust security measures to protect themselves from the ever-evolving landscape of cyber threats.

Data Act

Does the EU draft Data Act put trade secrets at risk?

German engineering giant Siemens and German business software firm SAP have joined American IT juggernauts in denouncing new EU legislation on the use of data produced by consumer goods and other smart devices. Before the Data Act can be enacted as law, EU member states and EU legislators are working on its specifics.

Data Act
Image Source: economictimes.indiatimes.com

The proposed law, which addresses corporate and consumer data from the EU, is one of several pieces of legislation designed to restrain the influence of American tech titans and aid the EU in achieving its digital and environmental goals.

The proposed rule has drawn criticism from the United States for being overly onerous, and German businesses have voiced concern that a section requiring corporations to exchange data with third parties in order to supply aftermarket or related data-driven services could jeopardize trade secrets.

Also Read: What is Apple’s rapid security response?

“It risks undermining European competitiveness by mandating data sharing, including core know-how and design data, with not only the user, but also third parties,” the companies warned in a joint letter to Commission President Ursula von der Leyen, EU antitrust chief Margrethe Vestager, and EU industrial chief Thierry Breton.

According to them, “effectively, this could mean that EU companies will have to divulge data to third-country rivals, particularly those not operating in Europe and against which the Data Act’s safeguards would be ineffective.”

The chief executives of the two firms, Siemens Healthineers, German medical technology company Brainlab, German software developer DATEV, and lobbying group DIGITALEUROPE were among the signatories to the letter, dated May 4, obtained by Reuters.

The letter urged that the list of devices covered by the law not be expanded and called for measures to allow companies to reject requests to divulge data where trade secrets, cybersecurity, health, and safety are in danger. The Commission acknowledged receiving the letter and stated that while it recognized the value of trade secrets, corporations shouldn’t exploit them as an excuse.

The Data Act does not seek to alter international or domestic trade secret laws. Trade secrets shouldn’t, however, be a justification for avoiding sharing data, said Johannes Bahrke, a spokesperson for the EU Commission, at a daily press briefing.

The EU draft Data Act is a proposed legislation aimed at regulating data access and use within the EU. While the Act primarily deals with personal data, it also has provisions that could impact trade secrets.

Also Read: Is advertising the future of streaming?

One provision of the draft Data Act requires companies to disclose certain information about their data processing activities, including information about algorithms used to process data. This provision could potentially put trade secrets at risk, as companies may be required to disclose proprietary algorithms that give them a competitive advantage However, the draft Data Act also includes safeguards to protect trade secrets.

For example, companies would be able to request that certain information be kept confidential, and there are provisions in the Act that limit the disclosure of confidential information to specific parties, such as regulators or courts.

Google

Google Rolls Out Passkeys to (Eventually) Kill Passwords

Google has rolled out a new feature called “Passkeys,” which is designed to eventually replace traditional passwords. Passkeys are a type of two-factor authentication (2FA) that allows users to sign in to their accounts using their mobile devices instead of a password.

The Passkeys feature uses a combination of biometrics, such as face or fingerprint recognition, and an on-device security key, which is a physical security token that can be used to authenticate the user’s identity. This means that even if a hacker were to obtain the user’s password, they would still need physical access to the user’s mobile device to gain access to the account.

Also Read: Google Authenticator finally syncs one-time codes in the cloud

Since the dawn of the internet (and computing in general), password-based authentication has become the norm. However, the system has severe security flaws, including the possibility that hackers may steal your password or deceive you into providing it through phishing attacks.

The passkey system relies on a separate paradigm that leverages cryptographic keys kept on devices used for account authentication in order to specifically combat phishing assaults.

Passkey standards were originally created by the FIDO Alliance, a security collaboration with several IT companies as members. Passkeys are now a reality thanks to efforts from Microsoft, Apple, and Google. Apple made its passkey option available with the launch of iOS 16, enabling users to use this feature across applications, including Apple Wallet.

In October 2022, support for Passkey was made available on Google Chrome and Android devices. Today, Gmail and Drive are also able to use the feature. Password selection is notoriously difficult for people. However, adding even a single special character or alphanumeric string won’t provide complete security against malicious users.

In contrast, passkeys are typically regarded as being more secure than alternative methods, with Google even describing them as “resistant to online attacks like phishing.”

Google will still offer two-factor authentication and passwords as additional account access methods. Through end-to-end encrypted services like iCloud Keychain and Google Password Manager, Passkeys can sync between your devices.

Also Read: Google TV now has over 800 ad-supported free channels

Another option is to create a QR code on a device that is signed into your Google account, which will identify another device where you want to log in and then set up passkeys on numerous devices using that code.

Passkeys are part of Google’s broader effort to move away from passwords and toward more secure authentication methods. The company has also developed other 2FA options, such as the Google Authenticator app and Google Prompt, which sends a notification to the user’s mobile device asking them to approve the login attempt.

Gmail

How to send a secure email in Gmail?

Email is an essential communication tool in today’s digital world. Sending a secure email is, therefore, crucial to protecting our privacy and security. Gmail is one of the most popular email services globally, and hence it’s important to know how to send a secure email in Gmail.

One can enable Two-factor Authentication (2FA) in Gmail. Two-factor authentication (2FA) is a security feature that requires users to provide two forms of identification before accessing an account. This extra layer of security makes it difficult for cybercriminals to gain access to your Gmail account even if they have your password.

Gmail
Image Source: pcmag.com

To enable 2FA in Gmail, go to your Google Account settings, click on “Security,” and then enable “Two-Step Verification.” You can choose to receive a verification code via SMS, a phone call, or an authenticator app.

Also Read: Is Microsoft going to unbundle Teams and Office?

A strong password is crucial in keeping your Gmail account secure. Avoid using easily guessable passwords such as “password,” “123456,” or your name. Instead, use a combination of letters, numbers, and special characters.

Additionally, do not reuse passwords across multiple accounts. You can use a password manager to generate and store strong passwords for your Gmail account. Use Encryption to Protect Email Content

Encryption is a method of encoding data to make it unreadable to unauthorized users. Gmail uses Transport Layer Security (TLS) to encrypt email content in transit. However, if you want to add an extra layer of security, you can use end-to-end encryption.

End-to-end encryption encrypts email content from the sender’s device to the recipient’s device, making it difficult for anyone to intercept or read the email content. You can use third-party tools such as ProtonMail, Tutanota, or Virtru to send encrypted emails in Gmail.

Gmail’s Confidential mode is a feature that allows you to add an extra layer of security to your email. When you enable Confidential mode, you can set an expiration date for the email, and you can also choose to require a passcode to open the email. Additionally, Confidential mode emails are protected from forwarding, copying, printing, or downloading.

To use Confidential mode in Gmail, compose your email as usual, but before you hit send, click on the lock icon located at the bottom of the compose window. This will enable Confidential mode, and you can set the desired settings before sending the email.

Avoid Clicking on Suspicious Links and Attachments. Phishing emails are a common tactic used by cybercriminals to steal sensitive information. Always verify the authenticity of the email before clicking on any links or attachments. Additionally, you can use anti-malware software to scan any attachments before opening them.

Regularly updating your Gmail account and devices is crucial in keeping them secure. Software updates often include security patches that fix vulnerabilities that cybercriminals can exploit. Make sure you update your Gmail account settings, software, and devices regularly to stay protected.

Also Read: What is Auto-GPT and why does it matter?

In conclusion, sending a secure email in Gmail is crucial in protecting your privacy and security. By enabling two-factor authentication, using strong passwords, encrypting email content, using Gmail’s Confidential mode, avoiding clicking on suspicious links and attachments, and regularly updating your Gmail account and devices, you can keep your Gmail account and email content secure.

TikTok

Why Are US States Banning TikTok from official devices?

In response to growing security concerns, North Carolina and Wisconsin have become the latest US states to prohibit using TikTok on state-owned devices, following at least 25 other jurisdictions that have already taken some action.

Gov. Tony Evers of Wisconsin, a Democrat, raised privacy, security, and safety issues after discussing the app with the FBI and disaster management experts. With few exclusions, including criminal investigators who might be utilizing the app to follow particular people, Mr. Evers’ ruling applies to the majority of state agencies.

TikTok
Image Source: reuters.com

Additionally excluded is the University of Wisconsin System, which has 40,000 faculty and staff members on employment. Despite the exemption, a UW System representative said the institution was undertaking a review and working toward imposing limitations on the app’s use on devices in order to guard against major cybersecurity concerns.

Concerns that TikTok, a Chinese internet company owned by Bytedance, might be used to collect user information and data and give it to the Chinese Communist Party are a factor in the ban. Two-thirds of American teenagers use TikTok, making it the second most popular website around the globe.

But there has long been a bipartisan worry in Washington that the Chinese government may try to obtain American user data or spread false information by using its legal and regulatory authority. News allegations from last year that a Chinese team had inappropriately accessed the data of American TikTok users, namely two journalists, as part of a clandestine surveillance campaign to find the source of press leaks, fanned fears. Additionally, there are worries that the corporation is violating strict European privacy laws by sending vast amounts of customer data to China.

Some states, including Texas and Ohio, cited China’s 2017 National Intelligence Law, which obliges businesses with regional headquarters to cooperate with law enforcement by sharing user data with them.

Other Chinese-owned platforms and apps including Weibo, WeChat, Alibaba, and Huawei Technologies are also blocked in several jurisdictions. Chris Wray, the director of the FBI, issued a caution about the possibility of espionage using TikTok in December. He noted that China can “manipulate content, and if they want to, to use it for influence operations.”

In 2020, then-President Donald Trump and his government wanted to ban business with TikTok’s owner, compel the company to sell over its U.S. assets, and ban TikTok from app stores.

Courts had previously thwarted Mr. Trump’s attempts to outlaw TikTok. President Joe Biden reversed Mr. Trump’s orders after assuming office but requested a thorough investigation of the matter.

The sale of TikTok’s U.S. assets was postponed.  In December 2022, President Joe Biden signed a bill banning federal employees from using the TikTok app on government devices due to rising worries that the software would be used to spy on American users. As people became more aware of security risks, a number of jurisdictions started banning the app.

Jimmy Patronis, Florida’s chief financial officer, issued an order to the Florida Department of Financial Services in August 2020 prohibiting TikTok use on department-owned devices.

In August 2020, Nebraska was the second state to declare a ban on TikTok use on state-owned devices.

ForgeRock

ForgeRock – Accessing the Internet With Security.

The past two decades have brought a lot of changes in almost every industry. From personal computers to having multiple personal virtual accounts on various sites and for work, we are all about usernames and passwords today. Having a different account for each client helps the companies manage them better, hence, from having a work identity to a shopping identity, we have to have those IDs for almost everything. But when we are logging in to various such sites, whether for shopping or work only, we have constant doubt of identity theft. Therefore, companies like ForgeRock are there.

ForgeRock is an American company building an enterprise-grade platform for managing, securing, and governing different types of organisations. The ForgeRock platform from the company helps the organisations to work faster and in a safer environment. With the changing technologies, the company is using cloud architecture to make every site, app or any other platform using ForgeRock accessible from anywhere securely.

About ForgeRock

ForgeRock is an identity and access management software company founded in February 2010. A group of people who worked at Sun Microsystem had founded the company in Norway, and the headquarters of the company resides in San Francisco, California, United States. It is a publically traded company and trades as FORG on NYSE. Its flagship product is identity management software named after the company’s name, i.e., ForgeRock. The company produces identity solutions for big organizations and offers its service in over 50 countries. As per the 2021 records, over 700 people are employed at ForgeRock, whereas it has gained more than 1300 permanent clients globally. The company made annual revenues worth $100 million for FY2019.

ForgeRock
Image source: solutionsreview.com

The Back Story

A group of people, who were employed at Sun Microsystems founded ForgeRock in 2010, in Norway. ForgeRock was a concept upon which Sun was already working, but after Oracle acquired the company, it discontinued the project, and the founders of the Company started to work on the same project and eventually founded the company. In the very beginning, only the employees of a company using computers for their work needed identity protection, but the founders of ForgeRock had a larger vision. They knew that the concept of identity management has a bigger scope in general. This vision helped the company build a platform that is sufficient to manage identities across and for the workforce, consumers, and things.

The company provides two different types of products, i.e., a platform for organisations and SDKs for building apps. The company also offers training and certification programs for developing and deploying identity solutions under its ForgeRock University.

For the establishment of the company, the founders bagged investments worth $250 million from investors like Accel Partners, Meritech Capital Partners, Riverwood Capital, etc., in venture capital. Names like BMW, Toyota, BBC, Philips, Geico, Richmond, etc., are a few of the permanent clients of ForgeRock, and the company serves industries including financial services, healthcare, government, retail, manufacturing, telecommunication, media, auto, smart mobility, etc.

ForgeRock is a publically traded company and went public on NYSE in September 2021. The ForgeRock platform offers services like Access Management, Identity Gateway, Directory Services as well as Identity Management, etc. The company has also won some recognition, including the SC2020 Awards, 2020 Fortress Cyber Security Award, Silver 2020 Stevie Award, etc.

The CEO at ForgeRock

Fran brings is the current CEO at ForgeRock. He has over twenty years of experience as a management leader in various leading name companies, including VeriSign and Symantec. Rosch holds B.S. in industrial engineering from Lehigh University in Bethlehem, PA.