ChatGPT use is increasing exponentially in the enterprise, where users are submitting sensitive information to the chat bot, including proprietary source code, passwords and keys, intellectual property, and regulated data. In response, organizations have put controls in place to limit the use of ChatGPT. Financial services leads the pack, with nearly one in four organizations implementing controls around ChatGPT.

Spending for software-as-a-service (SaaS) applications is projected to grow 17.9% to $197 billion in 2023, then grow another 17.7% to $232 billion in 2024. This rapid growth is being fueled by several factors including the desire to modernize IT environments and enable hybrid workers, who might login from a branch office one day and a hotel room the next.

The weaponization of digital trust involves exploiting an application or tool we use in our daily digital life to perform our business or personal tasks for malicious purposes. It is a technique increasingly used by the threat actors to carry out malicious actions such as the delivery of malware or links to phishing pages.

Cyber threat intelligence is a foundational piece of any organization’s security program, providing defenders with awareness of activities occurring in the threat landscape. Accounting for all threats an organization may face is a daunting and nearly impossible task. Some organizations may take the step to stay informed by following industry leaders or a news service.

ChatGPT use is increasing exponentially among enterprise users, who are using it to help with the writing process, to explore new topics, and to write code. But, users need to be careful about what information they submit to ChatGPT, because ChatGPT does not guarantee data security or confidentiality. Users should avoid submitting any sensitive information, including proprietary source code, passwords and keys, intellectual property, or regulated data.

Netskope Threat Labs is tracking phishing campaigns targeting customers of seven different financial institutions across North, Central, and Latin America, aiming to steal their credentials to make fraudulent transactions. Attackers are abusing the Royal Web Hosting company, which provides a free web hosting plan, to host the malicious pages.

At Netskope, we’ve talked a lot lately about how to safely enable ChatGPT and other generative AI applications such as Google Bard and Jasper. Why? As the saying goes, “There’s no going back.” Generative AI is here to stay and will have a transformative effect on our day-to-day lives whether we’re in technology or not.

ChatGPT is a language model that generates fluent, contextually relevant responses to prompts in a conversational fashion. Because it can generate fluent text in multiple languages, it is gaining popularity among enterprise users who are using it to help with the writing process, to explore new topics, and to write code.

Phishing attacks are a major cyber threat that continue to evolve and become more sophisticated, causing billions of dollars in losses each year according to the recent Internet Crime Report. However, traditional offline or inline phishing detection engines are limited in how they can detect evasive phishing pages. Due to the performance requirements of inline solutions, they can only target specific campaigns and, at best, act as a basic static analyzer.

A month ago, Google released eight new top level domains (TLD). Two of them (.zip and.mov) have been a cause for concern because they are similar to well known file extensions. Both.zip and.mov TLD are not new, as they have been available since 2014. The main concern is that anyone now can own a.zip or.mov domain and be abused for social engineering at a cheap price. Because both of these TLDs are indistinguishable from the file extensions, they can be a great bait for threat actors.