EmergingTech Spotlight

1. BurpGPT: BurpGPT was developed by Alexandre Teyar, a security researcher from the UK. It combines Burp Suite with OpenAI’s GPT to perform a passive scan to detect vulnerabilities and traffic-based analysis. To detect the vulnerabilities in web applications, BurpGPT sends web traffic to an OpenAI model specified by the user, enabling analysis within the passive scanner. [more]

2. AI market: Google’s improved Bard is taking on OpenAI’s ChatGPT. [more]

3. LLM Risk: ChatGPT and other forms of large-language-model (LLM) generative artificial intelligence make writing malware too easy, create common coding errors, can be tricked into revealing secrets, may plagiarize copyrighted code and sometimes just make stuff up. [more]

4. AI’s impact on cybersecurity: Generative AI has helped bad actors innovate and develop new attack strategies, enabling them to stay one step ahead of cybersecurity defenses. Additionally, AI can helps cybercriminals automate attacks, scan attack surfaces, and generate content that resonates with various geographic regions and demographics, allowing them to target a broader range of potential victims across different countries. [more]

5. AI fake news: Chinese authorities have detained a man for using ChatGPT to write fake news articles, in what appears to be one of the first instances of an arrest related to misuse of artificial intelligence in the nation.[more]

6. Quantum safe security: IBM is working to resolve post quantum era cryptography risk through its Quantum Safe. It will be an end-to-end solution that will assist enterprises and government agencies in identifying and replacing existing cryptography algorithms with new algorithms [more]

7. GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. [more]

Web3 Cryptospace Spotlight

1. 6 May - Deus DAO Hack: DeFi protocol Deus Finance has lost over $6 million due to an error in the DEI token contract being exploited by attacker. [more][more-Deus]

   1. A simple implementation error was introduced into the DEI token contract, in an upgrade last month. The burnFrom function was misconfigured, with the ‘_allowances’ parameters ‘msgSender’ and ‘account’ written into the contract in the wrong order.

   2. This created a public burn vulnerability, which an attacker is then able to manipulate and gain control of DEI holders’ approvals and transfer assets directly to their own address.

   3. The parameters that were wrongly ordered allow the attacker to set a large token approval for any DEI holder’s address. Then, by burning 0 tokens from the address, the approval is updated to the attacker’s address, who can drain the holder’s funds.

2. 11 May - DeFi protocol Liqwid Labs has suffered a Discord server hack that resulted in the compromise of an admin's user token. The company tweeted the news early Wednesday, urging users not to click any links or engage with the server until the issue was resolved. An admin's user token was compromised through a malicious link. This bypassed 2FA and led to account take over. [more][more-2]

3. Ethereum disruption: The Ethereum network appears to have suffered another technical snag that kept transaction finality from happening for about an hour on Friday. The issue drew fresh concerns about the stability of the network, as it came less then 24 hours after a similar event yesterday. The root cause has yet to be determined. [more]

4. “Victimless” attack: Giorgi Khazarade, the CEO of DeFi platform Aurox, noted that opportunistic attackers are draining the remaining liquidity from abandoned token pools in what some have called an almost-victimless exploit. The attacker would use flash loans from DeFi protocol Balancer to borrow a significant amount of money. Then, those funds would be used to drive up the volume of a chosen token’s pool.  Once the volume of the pool increases, the attacker drains the remaining liquidity from the pool and returns the money it borrowed from the flash loan. [more]

5. Biometric and MPC security: Crypto security firm Dfns has revealed plans to incorporate biometric identification into its wallet-as-a-service toolkit, allowing crypto developers to build out wallets that use Face ID, fingerprint scanners and other biometrics to secure user funds. [more]

6. Immunefi founder and CEO Michell Amador highlighted on the key challenge of keeping up wtih DeFi based bug bounty programs - staffing. Staffing an always-on security desk to respond to those reports can be really expensive [more]