Author: Admin
Meta for training artificial intelligence models using public posts on Facebook and Instagram in the UK
September 17, 2024Ravi LakshmananArtificial intelligence / regulatory compliance Meta has announced that it will begin training its artificial intelligence (AI) systems in the coming months using publicly available content shared by adult users on Facebook and Instagram in the UK. “This means that our generative AI models will reflect British culture, history and idioms, and that UK companies and institutions will be able to use the latest technology,” the social media giant said. said. As part of the process, users aged 18 and over are expected to receive in-app notifications starting this week on both Facebook and Instagram explaining how…
US Treasury officials have imposed sanctions related to the Intellexa Predator spying operation
September 17, 2024Ravi LakshmananSpyware / Privacy The US Treasury Department has imposed new sanctions against five executives and one entity associated with the Intellexa consortium for their role in the development, operation and distribution of commercial spyware called Predator. “The United States will not tolerate the mindless proliferation of disruptive technologies that threaten our national security and undermine the privacy and civil liberties of our citizens,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “We will continue to prosecute those who seek to promote the spread of exploitative technologies, while encouraging the responsible…
September 17, 2024Ravi LakshmananBrowser Security / Quantum Computing Google has announced that it is switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to protect against the risk posed by cryptographically compliant quantum computers (CRQC). “Chrome Offers Key Share Prediction for Hybrid ML-KEM (Code Point 0x11EC)” by David Adrian, David Benjamin, Bob Beck, and Devon O’Brien of the Chrome Team said. “PostQuantumKeyAgreementEnabled flag and company policy will apply to both Kyber and ML-KEM.” The changes are expected to take effect in Chrome version 131, which is available on track for release in early…
September 17, 2024Hacker newsGenAI Security / SaaS Security Since ChatGPT launched in 2022, OpenAI has defied expectations with a steady stream of product announcements and improvements. One such message was made on May 16, 2024, and it probably seemed innocuous to most consumers. Titled “Data Analysis Improvements in ChatGPT”, The post shows how users can add files directly from Google Drive and Microsoft OneDrive. It should be noted that other genAI tools such as Google AI Studio and Claude Enterprise have also recently added similar capabilities. Great, right? Maybe When you connect your organization’s Google Drive or OneDrive account to…
September 17, 2024Ravi LakshmananCryptocurrency / Malware Cryptocurrency exchange Binance is warning of an “ongoing” global threat targeting cryptocurrency users with clipper malware to facilitate financial fraud. Clipper malware, also known as ClipBankersis a type of malware which Microsoft calls crying softwarewhich comes with capabilities to monitor the victim’s clipboard activities and steal sensitive data that the user copies, including replacing cryptocurrency addresses with addresses under the attacker’s control. In this case, digital asset transfers initiated on the compromised system are routed to a fake wallet instead of the intended destination address. “During cut and switch, the critical software monitors the…
September 17, 2024Ravi LakshmananSoftware Security / Data Protection SolarWinds has released patches to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could lead to remote code execution. Vulnerability, tracked as CVE-2024-28991rated 9.0 out of a maximum of 10.0 on the CVSS grading system. This has been described as an instance of untrusted data deserialization. “SolarWinds Access Rights Manager (ARM) has been found to be vulnerable to a remote code execution vulnerability,” the company said in a statement. said in the consulting room. “If exploited, this vulnerability would allow an authenticated user to…
September 16, 2024Hacker newsPayment Security / Data Protection The PCI DSS landscape is evolving rapidly. As the Q1 2025 deadline looms large, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are of concern because they require organizations to strictly control and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching and the serious consequences of non-compliance, there is no room for complacency, so in this article we will look at the best way to meet these complex coding requirements. PCI DSS…
North Korean hackers have targeted cryptocurrency users on LinkedIn with the RustDoor malware
September 16, 2024Ravi LakshmananFinancial Security / Malware Cybersecurity researchers continue to warn of attempts by North Korean threat actors to direct potential victims to LinkedIn to deliver malware called RustDoor. The latest advisory comes from Jamf Threat Labs, which said it discovered an attempted attack in which a user contacted a professional social network claiming to be a recruiter for a legitimate decentralized cryptocurrency exchange (DEX) called STON.fi. The malicious cyber activity is part of a multi-pronged campaign by cyber threat actors supported by the Democratic People’s Republic of Korea (DPRK) to infiltrate networks of interest under the guise of…
September 16, 2024Ravi LakshmananCloud Security / Vulnerability A now-fixed critical security flaw affecting Google Cloud Platform (GCP) Composer could be used to achieve remote code execution on cloud servers using a supply chain attack technique called dependency confusion. The vulnerability was given a code name CloudImposer by Tenable Research. “The vulnerability could allow an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline orchestration tool,” security researcher Liv Mattan said in a the report shared with The Hacker News. The dependency confusion (aka substitution attack) that was documented for the first time by…
September 16, 2024Hacker newsPersonal Protection / Incident Response Imagine this… You arrive at work to a chaotic scene. Systems are down, panic is in the air. Guilty? Not a rogue virus, but a compromised individual. There is an attacker inside your walls by pretending to be a trusted user. This is not a horror movie, this is the new reality of cybercrime. The question is, are you prepared? Traditional incident response plans are like old maps in a new world. They focus on malware and network hacking, but today’s criminals are looking for your identity. Stolen credentials and weak access…