Nanyang Technological University (NTU) computer scientists have discovered a way to compromise Artificial Intelligence (AI) chatbots by training and using an AI chatbot to generate prompts capable of jailbreaking other chatbots. According to the team, jailbreaking involves computer hackers finding and exploiting flaws in a system's software to force it to do something its developers have purposefully restricted it from doing. The researchers named the method they used to jailbreak Large Language Models (LLMs), Masterkey.

A team of Information Technology (IT) security researchers from Technische Universität Berlin (TU Berlin) were able to activate a powerful "Elon mode" and gain access to secrets through Tesla's driving assistant. All Tesla models are said to be vulnerable to their demonstrated attack. The researchers were able to extract arbitrary code and user data from the system, including cryptographic keys and critical system components, allowing them to reconstruct how it works. They could also access a video with GPS coordinates that the previous owner of the vehicle had deleted.

Professor Chan Chi-hou, Chair Professor of Electronic Engineering at City University of Hong Kong (CityU), led a research team that advanced antenna technology by enabling the manipulation of all five fundamental properties of electromagnetic waves through software control. The team created a universal metasurface antenna that allows for independent and simultaneous manipulation of electromagnetic radiation amplitude, phase, frequency, polarisation, and direction.

IRONSCALES' Eyal Benishti provides a guide to establishing a phishing simulation testing program. Employee phishing training has become critical in developing a security-conscious workforce, lowering the risk of successful phishing attacks, and cultivating a resilient organizational culture capable of effectively responding to evolving cybersecurity threats. Today's average enterprise receives hundreds of phishing emails daily, with hundreds of thousands of attempts yearly.

Threat actors are using a new malware loader, tracked under the name Win/TrojanDownloader.Rugmi, to deliver various information stealers such as Lumma Stealer, Vidar, RecordBreaker, and Rescoms. According to researchers at ESET, this malware is a loader composed of a downloader that downloads an encrypted payload, a loader that executes the payload from internal resources, and another loader that runs the payload from an external file on the disk. The company's telemetry data shows that detections for the Rugmi loader increased significantly in October and November 2023.

Security experts stress that the continued advancement of Artificial Intelligence (AI) calls for organizations and governing bodies to establish security standards, protocols, and other safeguards to prevent AI from outpacing them. Large Language Models (LLMs) exhibit exceptional language understanding and human-like conversational capabilities as sophisticated algorithms and massive data sets power them. Experts agree that the time has come for the industry to address the inherent security risks posed by their development and deployment.

Healthcare organizations are increasingly reliant on interconnected systems, electronic health records, and telemedicine, making them a prime target for malicious actors looking to exploit vulnerabilities. The consequences of a healthcare cybersecurity breach are measured in compromised data as well as in jeopardized patient safety and trust. Help Net Security has provided some excerpts from cybersecurity-focused surveys conducted in the healthcare sector that were covered in 2023. With this data, security teams will gain insights that could help improve future security strategies.

AhnLab Security Emergency Response Center (ASEC) researchers are warning about attacks on poorly managed Linux SSH servers in which Distributed Denial-of-Service (DDoS) bots and CoinMiners are installed. During the reconnaissance phase, threat actors scan IP addresses for servers with the SSH service or port 22 activated, then carry out a brute force or dictionary attack to get the ID and password. They can sell compromised IP addresses and account credentials on the dark web.

Albania’s Parliament recently announced that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services.  A statement said Monday’s cyberattack had not “touched the data of the system,” adding that experts were working to discover what consequences the attack could have.  It said the system’s services would resume at a later time.

German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has recently confirmed that service disruptions at three hospitals were caused by a Lockbit ransomware attack.  The attack began in the early morning of December 24, 2023.  It severely impacted the systems that support the operations of three hospitals in Bielefeld, Rheda-Wiedenbrück, and Herford, Germany.