ChatGPT4 is out, poorly-protected Linux servers are exploited, and more.
Welcome to Cyber Security Today. It’s Wednesday, March 22nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
The new version of ChatGPT has been released. But if you were hoping that version 4 has made this tool safer from being abused by threat actors, researchers at Check Point Software have a warning: The new version might let hackers streamline their work. In certain instances non-technical people could find it easier to create harmful tools. Bad actors can also use ChatGPT4’s quick responses to overcome technical challenges in developing malware, the report says. On the other hand, defenders and code developers will be better able to leverage the new version’s capabilities.
Poorly-protected Linux SSH servers are being compromised by the ShellBot malware. That’s according to researchers at South Korea’s AhnLab. Also called PerlBot, this is a distributed denial of service malware developed in the Perl language. Here’s a warning: The compromised servers found by the researchers had SSH port 22 open. Here’s another warning: They were exploited through stolen or brute-forced passwords. Secret and hard-to-guess passwords like ‘password,’ ‘hadoop,’ ‘oracle.’ and ‘11111’ were used. IT teams should be looking for poor passwords used by administrators and employees.
Why are companies having trouble beefing up cybersecurity? Maybe its because there aren’t many cyber experts on their boards. According to a recent news report, only 14 per cent of new board appointments at major companies last year were people with backgrounds in cybersecurity. That was down from 17 per cent in 2021. A commentator at the SANS Institute notes that the primary role of the board in cybersecurity is to set the organization’s tolerance for risk. If you’re a CEO or major shareholder who is listening, your board needs to have at least one member with cyber expertise to help interpret what the IT team is saying.
The Cyber Readiness Institute has updated its free education tools to help small and medium-sized businesses improve their cyber maturity. The program focuses on four core policy areas: how to better protect logins; create a software update strategy; educate staff on phishing; and create secure data sharing and storage. The program is composed of short training videos and materials that cyber leaders can share with their colleagues to build awareness and gain commitment to best practices. For more information go to https://cyberreadinessinstitute.org.
Finally, as part of Fraud Prevention Month Canada’s HomeEquity Bank has released the third in a series of short videos advising consumers how to spot scams. The latest is a warning about crooks on social media trying to strike up a romance with people. Their goal is to steal money. Other videos in the series talk about spotting tech support and real estate scams.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.