Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2023

Financial Services is Leading the Pack in Placing Controls Around ChatGPT

ChatGPT use is increasing exponentially in the enterprise, where users are submitting sensitive information to the chat bot, including proprietary source code, passwords and keys, intellectual property, and regulated data. In response, organizations have put controls in place to limit the use of ChatGPT. Financial services leads the pack, with nearly one in four organizations implementing controls around ChatGPT.

Netskope Uses AI to Help Protect Sensitive Data Stored in Amazon S3 by AWS AppFabric

Spending for software-as-a-service (SaaS) applications is projected to grow 17.9% to $197 billion in 2023, then grow another 17.7% to $232 billion in 2024. This rapid growth is being fueled by several factors including the desire to modernize IT environments and enable hybrid workers, who might login from a branch office one day and a hotel room the next.

Cloud Threats Memo: A Recent Campaign Exploiting Digital Trust Through Github

The weaponization of digital trust involves exploiting an application or tool we use in our daily digital life to perform our business or personal tasks for malicious purposes. It is a technique increasingly used by the threat actors to carry out malicious actions such as the delivery of malware or links to phishing pages.

Leveraging Feedly and Netskope Cloud Threat Exchange to Accelerate Threat Intelligence Gathering, Analysis, and Sharing

Cyber threat intelligence is a foundational piece of any organization’s security program, providing defenders with awareness of activities occurring in the threat landscape. Accounting for all threats an organization may face is a daunting and nearly impossible task. Some organizations may take the step to stay informed by following industry leaders or a news service.

Enterprise Users Sending Sensitive Data to ChatGPT

ChatGPT use is increasing exponentially among enterprise users, who are using it to help with the writing process, to explore new topics, and to write code. But, users need to be careful about what information they submit to ChatGPT, because ChatGPT does not guarantee data security or confidentiality. Users should avoid submitting any sensitive information, including proprietary source code, passwords and keys, intellectual property, or regulated data.

Phishing Campaigns Abusing Telegram to Bypass MFA

Netskope Threat Labs is tracking phishing campaigns targeting customers of seven different financial institutions across North, Central, and Latin America, aiming to steal their credentials to make fraudulent transactions. Attackers are abusing the Royal Web Hosting company, which provides a free web hosting plan, to host the malicious pages.

Safely Enable ChatGPT and Other Generative AI Applications-In One Move!

At Netskope, we’ve talked a lot lately about how to safely enable ChatGPT and other generative AI applications such as Google Bard and Jasper. Why? As the saying goes, “There’s no going back.” Generative AI is here to stay and will have a transformative effect on our day-to-day lives whether we’re in technology or not.

ChatGPT Use is Increasing Exponentially in the Enterprise

ChatGPT is a language model that generates fluent, contextually relevant responses to prompts in a conversational fashion. Because it can generate fluent text in multiple languages, it is gaining popularity among enterprise users who are using it to help with the writing process, to explore new topics, and to write code.

Here's What ChatGPT and Netskope's Inline Phishing Detection Have in Common

Phishing attacks are a major cyber threat that continue to evolve and become more sophisticated, causing billions of dollars in losses each year according to the recent Internet Crime Report. However, traditional offline or inline phishing detection engines are limited in how they can detect evasive phishing pages. Due to the performance requirements of inline solutions, they can only target specific campaigns and, at best, act as a basic static analyzer.

.Zip and .Mov Top Level Domain Abuse: One Month After Being Made Public

A month ago, Google released eight new top level domains (TLD). Two of them (.zip and.mov) have been a cause for concern because they are similar to well known file extensions. Both.zip and.mov TLD are not new, as they have been available since 2014. The main concern is that anyone now can own a.zip or.mov domain and be abused for social engineering at a cheap price. Because both of these TLDs are indistinguishable from the file extensions, they can be a great bait for threat actors.

Supporting Sustainability Through Data Security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability. In this video, Netskope experts examine how cybersecurity and data protection are intrinsically linked to sustainability. We invite you to watch and to learn more about how data security is paramount to a more sustainable future.

Understanding the Risks of Prompt Injection Attacks on ChatGPT and Other Language Models

Large language models (LLMs), such as ChatGPT, have gained significant popularity for their ability to generate human-like conversations and assist users with various tasks. However, with their increasing use, concerns about potential vulnerabilities and security risks have emerged. One such concern is prompt injection attacks, where malicious actors attempt to manipulate the behavior of language models by strategically crafting input prompts.

Cloud Threats Memo: Threat Actors Continue to Exploit the Flexibility of GitHub for Malicious Purposes

Dark Pink (also known as Saaiwc Group) is an advanced threat actor that has been operating since mid-2021, mainly in the Asia-Pacific region and to a lesser extent in Europe, leveraging a range of sophisticated custom tools within a sophisticated kill chain relying on spear-phishing emails. The group has been quite active since 2021, attacking at least 13 organizations in Vietnam, Bosnia and Herzegovina, Cambodia, Indonesia, Malaysia, Philippines, Belgium, Thailand, and Brunei.

Netskope Threat Coverage: MOVEit Transfer Zero-Day

A new critical zero-day vulnerability in the MOVEit Transfer software is being actively exploited by attackers to exfiltrate data from organizations. MOVEit Transfer is a managed file transfer (MFT) software, developed by Progress, designed to provide organizations a way to securely transfer files, which can be implemented on-premise or as a cloud SaaS platform. According to BleepingComputer, attackers have been actively exploiting MOVEit Transfer to download data from organizations.

AI and Deep Learning At Work: How to Know If Your Images Are Storing Sensitive Information

In today’s rapidly digitizing world, the importance of data security has become paramount. With the increasing amount of sensitive information being shared and stored online, securing information from cyber attacks, information breaches, and theft has become a top priority for companies of all sizes. Data loss prevention (DLP) is a critical part of the Netskope Intelligent Security Service Edge (SSE) security platform, providing best-in-class data security to our customers.