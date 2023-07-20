Artificial intelligence and large language models continue to be lacking in analyzing malware, with malware risk accurately classified by LLMs in only about 5% of cases, SiliconAngle reports.
No calls to sensitive APIs were found in the code base of 45% of applications but in only 5% of apps if dependencies are considered, suggesting that lack of API analysis has prompted an underestimation of security risks, according to a report from Endor Labs' Station9 research team. Moreover, open-source components accounted for 71% of Java application codes although only 12% of imported code is being used by such apps.
"The fact that there's been such a rapid expansion of new technologies related to artificial intelligence and that these capabilities are being integrated into so many other applications is truly remarkable but it's equally important to monitor the risks they bring with them. These advances can cause considerable harm if the packages selected introduce malware and other risks to the software supply chain," said Endor Labs Station9 Lead Security Researcher Henrik Plate.
BleepingComputer reports that internet-exposed Windows and Linux Redis servers that have not been patched against the critical Lua sandbox escape flaw, tracked as CVE-2022-0543, have been targeted by the new Rust-based P2PInfect worm malware, which features self-propagation capabilities.
Chinese state-sponsored threat operation APT41, also known as Bronze Atlas, Winnti, Brass Typhoon, Axiom, Blackfly, HOODOO, and Wicked Panda, has launched recent attacks deploying new versions of the DragonEgg and WyrmSpy Android spyware strains, according to The Hacker News.
The U.S. Commerce Department's Bureau of Industry and Security has updated its Entity List to include spyware developers Intellexa and Cytrox AD due to threats posed by their commercial surveillance tools to U.S. national security, reports The Record, a news site by cybersecurity firm Recorded Future.