Author: Admin
The evolution of software always catches us by surprise. I remember betting against the IBM Deep Blue computer during its chess match against Grandmaster Garry Kasparov in 1997, only to be stunned when the machine declared victory. Let’s move to today. Could we have imagined just three years ago that a chatbot could write essays, handle support calls and even create commercials Source link
September 18, 2024Ravi LakshmananCyber espionage / malware A cyber espionage group linked to North Korea has been seen using leverage phishing lures for jobs to target potential victims in the energy and aerospace verticals and infect them with a previously undocumented backdoor called MISPPEN. The activity cluster is tracked by Mandiant, owned by Google, under a pseudonym UNC2970which he said coincides with a threat group known as TEMP. Hermitwhich is also commonly referred to as the Lazarus Group or Diamond Sleet (formerly Zinc). The threat actor has a history of attacking government, defense, telecommunications and financial institutions around the world…
September 18, 2024Ravi LakshmananBrowser security/privacy Google has announced that it is releasing a new set of features for its Chrome browser that gives users more control over their data while surfing the web and protects against online threats. “With the latest version of Chrome, you can take advantage of our upgraded security checks, opt out of unwanted website notifications more easily, and grant certain site permissions just once,” the tech giant said. said. Improvements to Security check allow it to run automatically in the background, notifying users of actions they’ve taken, such as revoking permissions for websites they no longer…
September 18, 2024Ravi LakshmananMobile Security / Encryption The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, said on Tuesday it is working to implement end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems. “The next important milestone is the addition of a universal RCS profile to important user protections such as compatible end-to-end encryption,” Tom Van Pelt, CTO, GSMA said. “This will be the first deployment of a standardized, interoperable message encryption between different computing platforms that solves significant technical challenges such as key federation and group membership…
September 18, 2024Ravi LakshmananVirtualization / Network Security Broadcom on Tuesday released updates to address a critical security flaw affecting VMware vCenter Server that could open the way for remote code execution. The vulnerability tracked as CVE-2024-38812 (CVSS score: 9.8) was described as a heap overflow vulnerability in DCE/RPC protocol. “An attacker with network access to vCenter Server could cause this vulnerability by sending a specially crafted network packet that could potentially lead to remote code execution,” the virtualization service provider. said in the bulletin. The flaw is similar to two other remote code execution flaws, CVE-2024-37079 and CVE-2024-37080 (CVSS scores:…
September 17, 2024Ravi LakshmananArtificial intelligence / regulatory compliance Meta has announced that it will begin training its artificial intelligence (AI) systems in the coming months using publicly available content shared by adult users on Facebook and Instagram in the UK. “This means that our generative AI models will reflect British culture, history and idioms, and that UK companies and institutions will be able to use the latest technology,” the social media giant said. said. As part of the process, users aged 18 and over are expected to receive in-app notifications starting this week on both Facebook and Instagram explaining how…
September 17, 2024Ravi LakshmananSpyware / Privacy The US Treasury Department has imposed new sanctions against five executives and one entity associated with the Intellexa consortium for their role in the development, operation and distribution of commercial spyware called Predator. “The United States will not tolerate the mindless proliferation of disruptive technologies that threaten our national security and undermine the privacy and civil liberties of our citizens,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “We will continue to prosecute those who seek to promote the spread of exploitative technologies, while encouraging the responsible…
September 17, 2024Ravi LakshmananBrowser Security / Quantum Computing Google has announced that it is switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to protect against the risk posed by cryptographically compliant quantum computers (CRQC). “Chrome Offers Key Share Prediction for Hybrid ML-KEM (Code Point 0x11EC)” by David Adrian, David Benjamin, Bob Beck, and Devon O’Brien of the Chrome Team said. “PostQuantumKeyAgreementEnabled flag and company policy will apply to both Kyber and ML-KEM.” The changes are expected to take effect in Chrome version 131, which is available on track for release in early…
September 17, 2024Hacker newsGenAI Security / SaaS Security Since ChatGPT launched in 2022, OpenAI has defied expectations with a steady stream of product announcements and improvements. One such message was made on May 16, 2024, and it probably seemed innocuous to most consumers. Titled “Data Analysis Improvements in ChatGPT”, The post shows how users can add files directly from Google Drive and Microsoft OneDrive. It should be noted that other genAI tools such as Google AI Studio and Claude Enterprise have also recently added similar capabilities. Great, right? Maybe When you connect your organization’s Google Drive or OneDrive account to…
September 17, 2024Ravi LakshmananCryptocurrency / Malware Cryptocurrency exchange Binance is warning of an “ongoing” global threat targeting cryptocurrency users with clipper malware to facilitate financial fraud. Clipper malware, also known as ClipBankersis a type of malware which Microsoft calls crying softwarewhich comes with capabilities to monitor the victim’s clipboard activities and steal sensitive data that the user copies, including replacing cryptocurrency addresses with addresses under the attacker’s control. In this case, digital asset transfers initiated on the compromised system are routed to a fake wallet instead of the intended destination address. “During cut and switch, the critical software monitors the…