It was only a matter of time before hackers started leveraging the immense popularity of ChatGPT to push malware (opens in new tab) and steal sensitive personal data - and several security companies have now spotted this happening. For the uninitiated, OpenAI's ChatGPT is an AI-powered chatbot whose popularity has skyrocketed in recent months. The novelty of its output, plus Microsoft's eagerness to invest in the technology, made it the most sought-after technology online, hitting more than 100 million users in just two months (November 2022 to January 2023), according to BleepingComputer (opens in new tab). The demand, inevitably, led to the service's monetization. Those who want uninterrupted access to the platform can get it for $20 a month.

PyTorch has identified a malicious dependency with the same name as the framework's'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector. PyTorch admins are warning users who installed PyTorch-nightly over the holidays to uninstall the framework and the counterfeit'torchtriton' dependency. From computer vision to natural language processing, the open source machine learning framework PyTorch has gained prominence in both commercial and academic realms. Between December 25th and December 30th, 2022, users who installed PyTorch-nightly should ensure their systems were not compromised, PyTorch team has warned.

Earlier this year, Twitter confirmed that the private user data for 5.4 million users was stolen due to an API vulnerability, but the company said it had "no evidence" that it was exploited. Now, all of those accounts have been exposed on a hacker form, BleepingComputer has reported. On top of that, an additional 1.4 million Twitter profiles for suspended users was reportedly shared privately, and an even larger data dump with the data of "tens of millions" of other users may have come from the same vulnerability. The owner of hacking forum called Breached told BleepingComputer that it was responsible for exploiting the weakness (originally obtained from another hacker called "Devil") and dumping the user records. It said that it also obtained 1.4 million Twitter profiles for suspended accounts, obtained via another API, but only shared those privately among a few individuals.

As automation becomes more common, so do the challenges inherent in new technology. The 2022 Complete Learn Coding & Automation Bundle gives you hands-on practice with machine learning, data management, and automation to apply in your daily work. All eight courses in this bundle are taught by working experts in the field, including automation and algorithm expert Frank Kane, experienced technology trainer Joseph Delgadillo, and professor Nouman Azam. All of them work with automation and draw on that personal experience as they design their courses. Each course is also built to be self-paced and to be tapped into for both training and to review as needed.

BitVex is the end destination of a crypto scam using deep fakes of prominent cryptocurrency advocates as promotion to steal deposited currency. In the deepfake videos, advocates such as Musk claim to own the scam trading platform, stating that he created the site to allow everyone to earn up to 30% returns on their crypto deposits. According to researchers at BleepingComputer, the campaign began in early May, with threat actors creating or hacking existing YouTube accounts to host deep fake videos of crypto advocates including Cathie Wood, Brad Garlinghouse, Michael Saylor, and Charles Hoskinson. The scammers then take these legitimate interview clips, modify them with deepfake technology, using the person's voice in a low-quality script provided by the threat actors. Despite the effort by the scammers, the deep fake synchronizes the person's talking to the script, and it is quickly obvious that the interviews are not real.

Security experts have devised a method that allows users to recover data from computers infected with the Petya ransomware program without paying money to cybercriminals. Petya appeared on researchers' radar last month when criminals distributed it to companies through spam emails that masqueraded as job applications. It stood out from other file-encrypting ransomware programs because it overwrites a hard disk drive's master boot record (MBR), leaving infected computers unable to boot into the operating system. The program replaces the drive's legitimate MBR code, which normally starts the operating system, with code that encrypts the master file table (MFT) and shows a ransom note. The MFT is a special file on NTFS volumes that contains information about all other files: their name, size and mapping to hard disk sectors. The actual contents of the user's files are not encrypted, but without the MFT, the OS no longer knows where those files are located on disk.