 Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
Abo-Malware: Googles und Apples Stores von teuren ChatGPT-Fakes geflutet
Sophos warnt vor ChatGPT-Nachahmer-Apps in Apples und Googles App-Stores, die arglose Nutzer mit verschleierten Gebühren abzocken.
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
In den Stunden vor der Abschaltung von ChatGPT, war es demnach für einige Benutzer möglich, den Vor- und Nachnamen, die E-Mail- und Zahlungsadresse, die letzten vier Ziffern der Kreditkartennummer und das Ablaufdatum der Kreditkarte eines anderen aktiven Benutzers zu sehen. Die vollständigen Kreditkartennummern seien zu keinem Zeitpunkt offengelegt worden.
|
|
Scooped by
Gust MEES
|
Mehrere Mastodon-Nutzer wurden kürzlich über einen "Security Incident auf Mastodon.social" informiert, dem originalen Server, der durch die Mastodon gGmbH betrieben wird. Durch eine Fehlkonfiguration konnten demnach Dritte alle Daten von files.mastodon.social abrufen.
Die meisten der dort abgelegten Dateien sind zwar ohnehin öffentlich einsehbar, darunter die Profilbilder, benutzerdefinierte Emojis, Bilder und Videos, allerdings nicht alle: Auch die von Nutzern angeforderten Datenexporte wurden hier abgelegt, in denen auch nicht-öffentlich geteilte Beiträge enthalten sind. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
If you've been experiencing Tor network connectivity and performance issues lately, you're not the only one since many others have had problems with onion and i2p sites loading slower or not loading at all.
Tor Project's Executive Director Isabela Dias Fernandes revealed on Tuesday that a wave of distributed denial-of-service (DDoS) attacks has been targeting the network since at least July 2022.
"At some points, the attacks impacted the network severely enough that users could not load pages or access onion services," Fernandes said on Tuesday. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet
|
|
Scooped by
Gust MEES
|
If you're like most people, you use the incognito browsing mode when you want to keep your browsing history private. But did you know that incognito mode isn't actually private?
When using incognito mode in your web browser, you may think that your activities are completely anonymous and untraceable. Unfortunately, this is not always the case. Your Internet Service Provider (ISP) and other third-party entities may still be able to track your online activity, even when you are browsing in incognito mode. Not only that: if you share your device with others, even they can find out what you visited in incognito mode. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Attackers Are Already Exploiting ChatGPT to Write Malicious Code
The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.
Since OpenAI released ChatGPT in late November, many security experts have predicted it would only be a matter of time before cybercriminals began using the AI chatbot for writing malware and enabling other nefarious activities. Just weeks later, it looks like that time is already here.
In fact, researchers at Check Point Research (CPR) have reported spotting at least three instances where black hat hackers demonstrated, in underground forums, how they had leveraged ChatGPT's AI-smarts for malicious purposes. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=ChatGPT
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles.
Last month, BleepingComputer spoke to a threat actor who said that they were able to create a list of 5.4 million Twitter account profiles using a vulnerability on the social media site.
This vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. The threat actor then used this ID to scrape the public information for the account. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Twitter
|
|
Scooped by
Gust MEES
|
Zukünftig soll es möglich sein, sich von all seinen Geräten aus sicher und ohne Passwort bei Online-Diensten anzumelden, verspricht die Allianz für Fast IDentity Online (FIDO). Bei der Synchronisierung der FIDO-Identitäten über die Cloud zeichnet sich jetzt ein Paradigmenwechsel ab: Die könnte nämlich Ende-zu-Ende-verschlüsselt erfolgen – also, ohne dass die Cloud-Betreiber Zugriff darauf erhalten. Dazu hat sich nach Apple überraschend jetzt auch Google committet.
Die FIDO hat ein technisch ausgefeiltes Konzept zur Anmeldung bei Internet-Diensten auf Basis von asymmetrischer Kryptografie und Challenge-Response-Verfahren entworfen, das deutlich sicherer als Passwörter und noch dazu komfortabel ist. Um tatsächlich Passwörter ablösen zu können, will man, dass der Anwender zukünftig seine FIDO-Identität auf all seinen Geräten nutzen kann – auf dem Smartphone genauso wie auf dem PC. Dazu muss ein geheimer Schlüssel auf all diese Geräte verteilt werden, was gemäß FIDO über die Infrastruktur der großen Plattform-Provider – also primär Google, Apple und Microsoft geschehen soll. Alle drei haben sich auch bereits dazu bekannt, das umzusetzen. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=FIDO
|
|
|
Scooped by
Gust MEES
|
A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.
The CVE-2023-32233 identifier has been reserved for the vulnerability, but a severity level is yet to be determined. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
|
Scooped by
Gust MEES
|
Kriminelle lieben ChatGPT – und Europol hat konkrete Beispiele dafür entdeckt
Was Beobachter:innen vorhergesagt haben, ist eingetreten: ChatGPT kommt längst bei kriminellen Machenschaften zum Einsatz, wie Europol warnt – und sei es nur zur Recherche für Verbrechen. Doch das Gefahrenpotenzial geht weit darüber hinaus.
|
|
Scooped by
Gust MEES
|
A ChatGPT bug found earlier this week also revealed user's payment information, says OpenAI(Opens in a new tab).
The AI chatbot was shut down on March 20, due to a bug that exposed titles and the first message of new conversations from active users' chat history to other users.
Now, OpenAI has shared that even more private data from a small number of users was exposed.
"In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date," said OpenAI. "Full credit card numbers were not exposed at any time.
|
|
Scooped by
Gust MEES
|
A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet
|
|
Scooped by
Gust MEES
|
A pervasive cyber-espionage group known as Iron Tiger, believed to be out of China, has updated one of its malware frameworks to attack Linux-based systems.
Researchers at Trend Micro recently discovered that Iron Tiger (aka Emissary Panda or APT27) had added new features to its so called SysUpdate malware family, which allows it to infect Linux platforms in addition to Windows. SysUpdate abuses system services, grabs screenshots, browses and terminates processes, retrieves drive information, executes commands, and can find, delete, rename, upload, and download files as well as peruse a victim's file directory. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
|
Scooped by
Gust MEES
|
As 2022 ended, OpenAI made ChatGPT live to the world. It is an artificially intelligent research and deployment chatbot that interacts through text using realistic human responses. Its deep learning techniques can generate conversations that convince anyone they are interacting with an actual human.
Like opening the jar and releasing the genie, its impact is relatively unknown, but grave intrigue and curiosity surrounded it. How will it be used; how does it work; is it for good or evil? No, this is not the next Terminator sequel…
Its intentions are certainly for positive use, and its articulate responses have led many to claim it as the best chatbot to be released. However, in a short period, ChatGPT has already been linked to cyber threats as cyber-criminals leverage its advanced capabilities for nefarious means. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=ChatGPT
|
|
Scooped by
Gust MEES
|
The Feds have disrupted the prolific Hive ransomware gang, saving victims from a collective $130 million in ransom demands. But it remains to be seen how much of a blow the effort will be to the overall ransomware landscape.
The group's operations have been buzzing with activity for months, racking up more than 1,500 victims in 80-plus countries around the world since it appeared in June 2021, according to an announcement from the US Justice Department. The gang has been operating with a ransomware-as-a-service (RaaS) model, engaging in data theft and double extortion, and delivering its venom indiscriminately to school districts, financial firms, critical infrastructure, and others. At least one affiliate has become a bit of a hospital specialist, disrupting patient care in some attacks.
|
|
Scooped by
Gust MEES
|
ChatGPT est déjà détourné pour écrire des logiciels malveillants
Sécurité : L'analyse des discussions sur les forums du dark web montre que des efforts sont déjà en cours pour utiliser le chatbot d'OpenAI afin d'aider à la rédaction de logiciels malveillants. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=ChatGPT
|
|
Scooped by
Gust MEES
|
Une grave faille de sécurité affecte le noyau Linux
Sécurité : La faille de sécurité affecte ksmbd, un serveur SMB intégré au noyau de Linux 5.15, et sa note de gravité avoisine le 10, selon la ZDI.
Joyeux Noël à tous les administrateurs de systèmes Linux ! Et en guise de cadeau : une grave faille de sécurité dans le noyau Linux.
C’est la Zero Day Initiative (ZDI), une société de recherche sur les failles zero-day, qui l’a découverte et annoncée juste avant le réveillon.
Cette vulnérabilité pourrait permettre à un attaquant à distance authentifié de divulguer des informations sensibles et d’exécuter du code sur les versions vulnérables du noyau Linux.
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas.
The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range.
"An attacker can falsely indicate the proximity of Bluetooth LE (BLE) devices to one another through the use of a relay attack," U.K.-based cybersecurity company NCC Group said. "This may enable unauthorized access to devices in BLE-based proximity authentication systems. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth https://www.scoop.it/topic/securite-pc-et-internet/?&tag=BLURtooth
|
|
Scooped by
Gust MEES
|
|
Abo-Malware: Googles und Apples Stores von teuren ChatGPT-Fakes geflutet
Sophos warnt vor ChatGPT-Nachahmer-Apps in Apples und Googles App-Stores, die arglose Nutzer mit verschleierten Gebühren abzocken.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/21st-century-innovative-technologies-and-developments/?&tag=ChatGPT
https://www.scoop.it/t/21st-century-innovative-technologies-and-developments/?&tag=AI
https://www.scoop.it/topic/21st-century-innovative-technologies-and-developments/?&tag=Ethics