Codex Exposed: Helping Hackers in Training?
In June 2020, OpenAI released version 3 of its Generative Pre-trained Transformer (GPT-3), a natural language transformer that took the tech world by storm with its uncanny ability to generate text seemingly written by humans. But GPT-3 was also trained on computer code, and recently OpenAI released a specialized version of its engine, named Codex,…
Attackers Use Unicode & HTML to Bypass Email Security Tools
Cybercriminals have been spotted using HTML/CSS and Unicode tricks to bypass tools meant to block malicious emails, marking a new twist in phishing techniques, security researchers report. Attackers are continuously testing enterprise security systems and exploring new ways to get through. Some rely on hidden text and zero-font attacks, in which they put invisible characters…
SAP Releases August 2020 Security Updates
The most important of these is a cross-site scripting (XSS) flaw in the Knowledge Management component of NetWeaver. Tracked as CVE-2020-6284 and featuring Hot News priority, the issue has a CVSS score of 9. A default component of all SAP Enterprise Portal installations, Knowledge Management allows users to manage data sources in multiple formats, to…
How to Defend Against Malvertising Drive-By Attacks
Many longtime internet users will remember receiving pop-up ads warning that their computers were infected with a virus. In nearly all cases, the ad’s specific claims were bogus; the purpose was to scare users into paying for a questionable tech support service or to drive them to a site that would actually infect them with…