Latest news with #Keybase
Yahoo
24-07-2025
- Yahoo
AI slop and fake reports are exhausting some security bug bounties
So-called AI slop, meaning LLM-generated low quality images, videos, and text, has taken over the internet in the last couple of years, polluting websites, social media platforms, at least one newspaper, and even real-world events. The world of cybersecurity is not immune to this problem, either. In the last year, people across the cybersecurity industry have raised concerns about AI slop bug bounty reports, meaning reports that claim to have found vulnerabilities that do not actually exist, because they were created with a large language model that simply made up the vulnerability, and then packaged it into a professional-looking writeup. 'People are receiving reports that sound reasonable, they look technically correct. And then you end up digging into them, trying to figure out, 'oh no, where is this vulnerability?',' Vlad Ionescu, the co-founder and CTO of RunSybil, a startup that develops AI-powered bug hunters, told TechCrunch. 'It turns out it was just a hallucination all along. The technical details were just made up by the LLM,' said Ionescu. Ionescu, who used to work at Meta's red team tasked with hacking the company from the inside, explained that one of the issues is that LLMs are designed to be helpful and give positive responses. 'If you ask it for a report, it's going to give you a report. And then people will copy and paste these into the bug bounty platforms and overwhelm the platforms themselves, overwhelm the customers, and you get into this frustrating situation,' said Ionescu. 'That's the problem people are running into, is we're getting a lot of stuff that looks like gold, but it's actually just crap,' said Ionescu. Just in the last year, there have been real-world examples of this. Harry Sintonen, a security researcher, revealed that the open source security project Curl received a fake report. 'The attacker miscalculated badly,' Sintonen wrote in a post on Mastodon. 'Curl can smell AI slop from miles away.' In response to Sitonen's post, Benjamin Piouffle of Open Collective, a tech platform for nonprofits, said that they have the same problem: that their inbox is 'flooded with AI garbage.' One open-source developer, who maintains the CycloneDX project on GitHub, pulled their bug bounty down entirely earlier this year after receiving 'almost entirely AI slop reports.' The leading bug bounty platforms, which essentially work as intermediaries between bug bounty hackers and companies who are willing to pay and reward them for finding flaws in their products and software, are also seeing a spike in AI-generated reports, TechCrunch has learned. Do you have more information about how AI is impacting the cybersecurity industry? We'd love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Michiel Prins, the co-founder and senior director of product management at HackerOne, told TechCrunch that the company has encountered some AI slop. 'We've also seen a rise in false positives — vulnerabilities that appear real but are generated by LLMs and lack real-world impact,' said Prins. 'These low-signal submissions can create noise that undermines the efficiency of security programs.' Prins added that reports that contain 'hallucinated vulnerabilities, vague technical content, or other forms of low-effort noise are treated as spam.' Casey Ellis, the founder of Bugcrowd, said that there are definitely researchers who use AI to find bugs and write the reports that they then submit to the company. Ellis said they are seeing an overall increase of 500 submissions per week. 'AI is widely used in most submissions, but it hasn't yet caused a significant spike in low-quality 'slop' reports,' Ellis told TechCrunch. 'This'll probably escalate in the future, but it's not here yet.' Ellis said that the Bugcrowd team who analyze submissions review the reports manually using established playbooks and workflows, as well as with machine learning and AI 'assistance.' To see if other companies, including those who run their own bug bounty programs, are also receiving an increase in invalid reports or reports containing non-existent vulnerabilities hallucinated by LLMs, TechCrunch contacted Google, Meta, Microsoft, and Mozilla. Damiano DeMonte, a spokesperson for Mozilla, which develops the Firefox browser, said that the company has 'not seen a substantial increase in invalid or low quality bug reports that would appear to be AI-generated,' and the rejection rate of reports — meaning how many reports get flagged as invalid — has remained steady at 5 or 6 reports per month, or less than 10% of all monthly reports. Mozilla's employees who review bug reports for Firefox don't use AI to filter reports, as it would likely be difficult to do so without the risk of rejecting a legitimate bug report,' DeMonte said in an email. Microsoft and Meta, companies that have both bet heavily on AI, declined to comment. Google did not respond to a request for comment. Ionescu predicts that one of the solutions to the problem of rising AI slop will be to keep investing in AI-powered systems that can at least perform a preliminary review and filter submissions for accuracy. In fact, on Tuesday, HackerOne launched Hai Triage, a new triaging system that combines humans and AI. According to HackerOne spokesperson Randy Walker, this new system leveraging 'AI security agents to cut through noise, flag duplicates, and prioritize real threats.' Human analysts then step in to validate the bug reports and escalate as needed. As hackers increasingly use LLMs and companies rely on AI to triage those reports, it remains to be seen which of the two AIs will prevail. Sign in to access your portfolio
Yahoo
21-07-2025
- Yahoo
Hackers exploiting SharePoint zero-day seen targeting government agencies
The hackers behind the initial wave of attacks exploiting a zero-day in Microsoft SharePoint servers have so far primarily targeted government organizations, according to researchers as well as news reports. Over the weekend U.S. cybersecurity agency CISA published an alert, warning that hackers were exploiting a previously unknown bug — known as a 'zero-day' — in Microsoft's enterprise data management product SharePoint. While it's still early to draw definitive conclusions, it appears that the hackers who first started abusing this flaw were targeting government organizations, according to Silas Cutler, the principal researcher at Censys, a cybersecurity firm that monitors hacking activities on the internet. 'It looks like initial exploitation was against a narrow set of targets,' Cutler told TechCrunch. 'Likely government related.' 'This is a fairly rapidly evolving case. Initial exploitation of this vulnerability was likely fairly limited in terms of targeting, but as more attackers learn to replicate exploitation, we will likely see breaches as a result of this incident,' said Cutler. Do you have more information about these SharePoint attacks? We'd love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Now that the vulnerability is out there, and still not fully patched by Microsoft, it's possible other hackers that are not necessarily working for a government will join in and start abusing it, Cutler said. Cutler added that he and his colleagues are seeing between 9,000 and 10,000 vulnerable SharePoint instances accessible from the internet, but that could change. Eye Security, which first published the existence of the bug, reported seeing a similar number, saying its researchers scanned more than 8,000 SharePoint servers worldwide and found evidence of dozens of compromised servers. Given the limited number of targets and the types of targets at the beginning of the campaign, Cutler explained, it is likely that the hackers were part of a government group, commonly known as an advanced persistent threat. The Washington Post reported on Sunday that the attacks targeted U.S. federal and state agencies, as well as universities and energy companies, among other commercial targets. Microsoft said in a blog post that the vulnerability only affects versions of SharePoint that are installed on local networks, and not the cloud versions, which means that each organization that deploys a SharePoint server needs to apply the patch, or disconnect it from the internet.
Yahoo
17-06-2025
- Business
- Yahoo
Pro-Israel hacktivist group claims reponsibility for alleged Iranian bank hack
The pro-Israeli hacktivist group Predatory Sparrow claimed on Tuesday to have hacked and taken down Iran's Bank Sepah. The group, which is also known for its Persian name Gonjeshke Darande, claimed responsibility for the hack on X. 'We, 'Gonjeshke Darande,' conducted cyberattacks which destroyed the data of the Islamic Revolutionary Guard Corps' 'Bank Sepah,'' the group wrote. The group claimed Bank Sepah is an institution that 'circumvented international sanctions and used the people of Iran's money to finance the regime's terrorist proxies, its ballistic missile program and its military nuclear program.' Do you have more information about Predatory Sparrow? Or other hacking groups active in Israel and Iran? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. According to the independent news site Iran International, there are reports of 'widespread banking disruptions' across the country. Iran International said several Bank Sepah branches were closed on Tuesday, and customers told the publication that they were unable to access their accounts. Aerie Oseran, a correspondent for i24NEWS, posted pictures of ATMs in Iran displaying an error message. TechCrunch could not independently verify the group's alleged cyberattack. We reached out to two Bank Sepah Iranian email addresses, but the messages returned an error. Bank Sepah's affiliates in the U.K. and Italy did not immediately respond to requests for comment. Predatory Sparrow did not respond to a request for comment sent to their X account, and via Telegram. The alleged cyberattack on Bank Sepah comes as Israel and Iran are bombing each other's countries, a conflict that started after Israel began targeting nuclear energy facilities, military bases, and senior Iranian military officials on Friday. It's unclear who is behind Predatory Sparrow. The group clearly fashions itself as a pro-Israel or at least anti-Iran hacktivist group, and has targeted companies and organizations in Iran for years. Cybersecurity researchers believe the group has had success in the past and made credible claims. 'Despite appearances this actor is not all bluster,' John Hultquist, the chief analyst at Google's Mandiant, wrote on X. According to Rob Joyce, who previously worked at the NSA and the Biden administration, 'Predatory Sparrow's past cyber attacks on Iranian steel plants and gas stations have demonstrated tangible effects in Iran.' Predatory Sparrow's most eye-catching alleged hacks have been against a steel maker, which allegedly caused an explosive fire in the plant, and against Iran's gas stations, which caused disruptions to citizens trying to refill their cars' gas tanks.
Yahoo
04-06-2025
- Health
- Yahoo
Ransomware gang claims responsibility for Kettering Health hack
A ransomware gang claimed responsibility for the hack on Kettering Health, a network of hospitals, clinics, and medical centers in Ohio. The healthcare system is still recovering two weeks after the ransomware attack forced it to shut down all its computer systems. Interlock, a relatively new ransomware group that has targeted healthcare organizations in the U.S. since September 2024, published a post on its official dark web site, claiming to have stolen more than 940 gigabytes of data from Kettering Health. CNN first reported on May 20 that Interlock was behind the breach on Kettering Health. At the time, however, Interlock had not publicly taken credit. Usually, that can mean the cybercriminals are attempting to extort a ransom from their victims, threatening to release stolen data. The fact that Interlock has now come forward could indicate that the negotiations have gone nowhere. Do you have more information about Kettering Health's ransomware incident? Or other ransomware attacks? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Kettering Health's senior vice president of emergency operations, John Weimer, previously told local media that the healthcare company had not paid the hackers a ransom. TK, a spokesperson for Kettering Health, did not provide comment when reached by TechCrunch on Wednesday. Interlock did not respond to a request for comment sent to an email address listed on its dark web site. A brief review of some of the files Interlock published on its dark web site appears to show the hackers were able to steal an array of data from Kettering Health's internal network, including private health information, such as patient names, patient numbers, and clinical summaries written by doctors, which include categories such as mental status, medications, health concerns, and other categories of patient data. Other stolen data includes employee data and the contents of shared drives. One of the folders contains documents, such as background files, polygraphs, and other private identifying information of police officers with Kettering Health Police Department. On Monday, Kettering Health published an update on the cyberattack, saying the company was able to restore 'core components' of its electronic health record system, which is provided by Epic, a healthcare software company. The company said this was 'a major milestone in our broader restoration efforts and a vital step toward returning to normal operations' that allows it to 'to update and access electronic health records, facilitate communication across care teams, and coordinate patient care with greater speed and clarity.' Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
TechCrunch
03-06-2025
- Health
- TechCrunch
Health giant Kettering still facing disruption weeks after ransomware attack
Kettering Health, a network with dozens of medical and emergency centers in Ohio, is still working to recover and return to normal operations two weeks after a ransomware attack prompted 'a system-wide technology outage.' On Monday, Kettering Health said in an update that it had restored 'core components' of its electronic health record system provided by Epic, which re-established the company's 'ability to update and access electronic health records, facilitate communication across care teams, and coordinate patient care.' A patient who said they frequently rely on Kettering Health told TechCrunch that they and others cannot call into doctors' offices, are having trouble getting medication refills, and some emergency rooms are closed. 'Everything is being done by hand pen and paper,' the patient said. Contact Us Do you have more information about Kettering Health's ransomware incident? Or other ransomware attacks? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Do you have more information about Kettering Health's ransomware incident? Or other ransomware attacks? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . Others say they are having to deal with these issues on local subreddits. In a post on the Dayton, Ohio, subreddit, for example, a patient said they were having trouble refilling medication, without which they risked having 'a withdrawal seizure,' and couldn't call their doctor because phone lines were down. Another person wrote over the weekend that 'everything is still on paper, no computers and spotty phone service.' 'I'd avoid using Kettering right now if possible,' they wrote. Another user said that 'ambulances are still avoiding Kettering because they have to wait too long to dump patients due to paper charting and label making.' Others said they had their MRIs, cancer followups, tests before open-heart surgery, and chemotherapy sessions cancelled. Last week, Kettering Health's senior vice president of emergency operations John Weimer told a local TV station that the healthcare company believed the incident was a ransomware attack, and that it had not paid a ransom. 'As soon as this was realized, we did shut down our IT infrastructure, which essentially means we shut off our door to the world,' Weimer told WLWT Cincinnati. A spokesperson for Kettering Health did not respond to a series of questions from TechCrunch, including whether the hackers exfiltrated data, and if so, what kinds of data were taken. 'Your network was compromised, and we have secured your most vital files,' said the ransom note from the hackers, according to CNN. The news network reported that the attack was carried out by a gang called Interlock. The ransomware gang has not yet publicly taken credit for the cyberattack, suggesting the hackers may still be attempting to negotiate a ransom payment. Kettering is the latest in a series of healthcare companies targeted by hackers, both with ransomware and other types of malware. In 2024, a ransomware attack on UnitedHealth-owned health tech company Change Healthcare became the worst healthcare breach in U.S. history. Change Healthcare confirmed in January 2025 that the breach impacted 190 million people across the United States. Also last year, U.S. healthcare giant Ascension disclosed that hackers had stolen 5.6 million patient records in a ransomware attack. Healthcare news website HIPAA Journal called 2024 'an annus horribilis for healthcare data breaches,' with a record number of patients' stolen data. Kettering Health spokesperson Claire Myree acknowledged but did not respond to TechCrunch's request for comment.
