 Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
March 13, 10:23 AM
|
A high-severity vulnerability was discovered and patched in the All-in-One WP Migration and Backup plugin, which has over five million installations. The vulnerability requires no user authentication, making it easier for an attacker to compromise a website, but this is mitigated by a restricted attack method.
The vulnerability was assigned a severity rating of 7.5 (High), which is below the highest severity level, labeled Critical. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress
|
|
Scooped by
Gust MEES
October 15, 2024 2:25 PM
|
|
|
Scooped by
Gust MEES
September 25, 2024 10:31 AM
|
Software developers have embraced “artificial intelligence” language models for code generation in a big way, with huge gains in productivity but also some predictably dubious developments. It’s no surprise that hackers and malware writers are doing the same.
According to recent reports, there have been several active malware attacks spotted with code that’s at least partially generated by AI.
|
|
Scooped by
Gust MEES
October 12, 2023 3:38 PM
|
|
|
Scooped by
Gust MEES
September 12, 2023 11:33 AM
|
A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.
The malware used in this campaign establishes a reverse shell to a C2 server and installs a Bash stealer that collects user data and account credentials.
Kaspersky discovered the potential supply chain compromise case while investigating suspicious domains, finding that the campaign has been underway for over three years. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
|
Scooped by
Gust MEES
August 22, 2023 2:55 PM
|
A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb.
The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] best seller on Amazon Italy,” so we don’t know how other smart bulbs stack up, but their report has plenty to teach us anyway. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?tag=Smart+Home
|
|
Scooped by
Gust MEES
August 3, 2023 12:57 PM
|
Russian hackers and cybercrime forums are notorious for exploiting critical infrastructure. Last month, Hackread.com exclusively reported that a Russian-speaking threat actor was selling access to a US military satellite. Now, researchers have identified macOS malware being sold for $60,000.
|
|
Scooped by
Gust MEES
July 27, 2023 5:39 PM
|
Researchers jailbreak AI chatbots, including ChatGPT
Like a magic wand that turns chatbots evil.
|
|
Scooped by
Gust MEES
July 13, 2023 8:33 AM
|
Kryptomining-Malware versteckt sich ausschließlich im Ram
Ein Python-Skript namens Pyloose hat es auf Linux-Systeme abgesehen, um direkt aus dem Arbeitsspeicher heraus Kryptowährungen zu schürfen.
|
|
Scooped by
Gust MEES
July 7, 2023 6:28 AM
|
Die Entwickler der quelloffenen Software hinter dem sozialen Netzwerk Mastodon haben kürzlich ein Sicherheitsupdate für die aufstrebende Twitter-Alternative veröffentlicht. Damit behoben sie insgesamt fünf Schwachstellen, von denen eine es Hackern ermöglichte, ganze Mastodon-Instanzen zu kapern. Auf Github heißt es zu der als CVE-2023-36460 registrierten Sicherheitslücke, sie erlaube es "Angreifern, jede Datei zu erstellen und zu überschreiben, auf die Mastodon Zugriff hat". Dadurch seien etwa Denial-of-Service-Angriffe oder eine beliebige Codeausführung aus der Ferne (RCE) umsetzbar. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon
|
|
Scooped by
Gust MEES
June 20, 2023 8:47 AM
|
More than 101,000 ChatGPT user accounts have been stolen by information-stealing malware over the past year, according to dark web marketplace data.
Cyberintelligence firm Group-IB reports having identified over a hundred thousand info-stealer logs on various underground websites containing ChatGPT accounts, with the peak observed in May 2023, when threat actors posted 26,800 new ChatGPT credential pairs.
|
|
Scooped by
Gust MEES
May 17, 2023 9:54 AM
|
Abo-Malware: Googles und Apples Stores von teuren ChatGPT-Fakes geflutet
Sophos warnt vor ChatGPT-Nachahmer-Apps in Apples und Googles App-Stores, die arglose Nutzer mit verschleierten Gebühren abzocken.
|
|
Scooped by
Gust MEES
April 28, 2023 11:26 AM
|
|
|
|
Scooped by
Gust MEES
October 15, 2024 2:31 PM
|
A new ‘super-realistic’ AI scam could get your Gmail account hacked
A Microsoft security expert warns Gmail users of a new convincing social engineering attack.
Warning signs of a scam attempt
The advent of generative AI has opened up all kinds of opportunities, but it has also ramped up various risks and dangers.
We’ve previously seen hackers who can use AI-generated codes, phishing emails, or even deepfakes to make even more realistic fraud attempts — ones that even security experts can easily fall for.
|
|
Scooped by
Gust MEES
October 8, 2024 2:25 PM
|
Linux-Malware "Perfctl" befällt offenbar schon seit Jahren Linux-Server.
Eine ausgeklügelte Malware befällt massenweise Linux-Server mit falschen Konfigurationen. Das blieb lange unentdeckt, auch wegen der guten Tarnung.
Eine jetzt entdeckte Malware hat es auf Linux-Server abgesehen: Wie die Experten der Cybersecurity-Beratung Aqua Security berichten, ist das Programm namens "Perfctl" vermutlich schon seit 2021 im Umlauf und befällt Linux-Systeme, um diese heimlich als Proxyserver und für Cryptomining zu nutzen. Das Schadprogramm kann auch als Loader für weitere unerwünschte Programme fungieren.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
|
Scooped by
Gust MEES
January 24, 2024 1:23 PM
|
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
The critical (CVSS score: 10.0) flaw allows attackers to send password reset emails for a targeted account to an attacker-controlled email address, allowing the threat actor to change the password and take over the account.
Although the flaw does not bypass two-factor authentication (2FA), it is a significant risk for any accounts not protected by this extra security mechanism. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=GitHub
|
|
Scooped by
Gust MEES
October 10, 2023 2:37 PM
|
|
|
Scooped by
Gust MEES
September 7, 2023 10:08 AM
|
The fake TradingView website is hosted on trabingviews[.]com, with special font characters being used to make it look like the legitimate domain and help it avoid detection.
The malicious website is designed to look authentic, claiming to offer downloads for the TradingView app’s Windows, macOS and Linux versions.
While the Windows and Linux files deliver the NetSupport RAT, the Mac file delivers the AMOS malware. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet
|
|
Scooped by
Gust MEES
August 15, 2023 3:59 PM
|
|
|
Scooped by
Gust MEES
August 3, 2023 9:13 AM
|
CHATGPT AND ITS artificially intelligent siblings have been tweaked over and over to prevent troublemakers from getting them to spit out undesirable messages such as hate speech, personal information, or step-by-step instructions for building an improvised bomb. But researchers at Carnegie Mellon University last week showed that adding a simple incantation to a prompt—a string text that might look like gobbledygook to you or me but which carries subtle significance to an AI model trained on huge quantities of web data—can defy all of these defenses in several popular chatbots at once.
|
|
Scooped by
Gust MEES
July 14, 2023 5:24 AM
|
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
This allows its operators to hide a wide spectrum of malicious activities, from digital advertising fraud to password spraying.
According to Lumen's Black Lotus Labs threat research team, while the AVrecon remote access trojan (RAT) compromised over 70,000 devices, only 40,000 were added to the botnet after gaining persistence. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
|
Scooped by
Gust MEES
July 7, 2023 6:44 PM
|
Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, one of them critical that allows hackers to create arbitrary files on the server using specially crafted media files.
Mastodon has about 8.8 million users spread across 13,000 separate servers (instances) hosted by volunteers to support distinct yet inter-connected (federated) communities.
All the four issues fixed were discovered by independent auditors at Cure53, a company that provides penetration testing for online services. The auditors inspected Mastodon's code at Mozilla's request. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon
|
|
Scooped by
Gust MEES
July 6, 2023 9:53 AM
|
Security updates that Google released this week for Android resolve 43 vulnerabilities, including three that have been exploited in attacks.
The exploited flaws, tracked as CVE-2023-2136, CVE-2023-26083, and CVE-2021-29256, impact Android’s System and Arm Mali components.
The internet giant says “there are indications” that these security defects “may be under limited, targeted exploitation”.
CVE-2023-2136 was disclosed in April as a zero-day vulnerability in the Chrome browser, and is described as an integer overflow issue in Skia.
The bug allows “a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page,” a NIST advisory explains. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
|
Scooped by
Gust MEES
June 3, 2023 9:39 AM
|
Neue Gefahr für Windows-Nutzer: Wie unter anderem "Bleeping Computer" berichtet, wird in Hacker-Foren aktuell ein Tool verkauft, das sich "Terminator" nennt. Kriminelle zahlen dem Portal zufolge bis zu 3.000 US-Dollar für die offenbar sehr effektive Software. Der Entwickler nennt sich in den Foren selbst "Spyboy".
Was "Terminator" so gefährlich macht: Das Tool ist offenbar in der Lage, 24 weitverbreitete Antivirus-, Endpoint Detection and Response- und Extended Detection and Response-Sicherheitsanwendungen zu umgehen. Davon ist offenbar auch der Windows Defender betroffen. Angreifbar sind alle Systeme ab Windows 7.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet
|
|
Scooped by
Gust MEES
May 9, 2023 12:54 PM
|
A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.
The CVE-2023-32233 identifier has been reserved for the vulnerability, but a severity level is yet to be determined. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
A high-severity vulnerability was discovered and patched in the All-in-One WP Migration and Backup plugin, which has over five million installations. The vulnerability requires no user authentication, making it easier for an attacker to compromise a website, but this is mitigated by a restricted attack method.
The vulnerability was assigned a severity rating of 7.5 (High), which is below the highest severity level, labeled Critical.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress