Étiquette : vulnerability (Page 3 of 36)

Story Killers: Des clients de hackers démasqués par des données bancaires suisses

21 mai 2023 /

Un des deux paiements d’Arcanum à la société de «Jorge».

“Aujourd’hui, la question se pose de savoir si la Suisse aurait pu arrêter Jorge il y a huit ans déjà. Les fonctionnaires auraient-ils pu empêcher l’homme de continuer à manipuler des processus démocratiques? À l’époque, les autorités helvétiques disposaient des données bancaires de Jorge. La cellule enquête de Tamedia a analysé en détail ces documents bancaires issus des dossiers de procédure de 2015. Résultat: la clientèle de Jorge a transféré des sommes considérables sur le compte de sa société auprès de la banque tessinoise BSI. Rien qu’en 2014, l’équivalent de près de 850’000 francs ont été versés sur ce compte. De nombreux virements auraient pu éveiller les soupçons, comme le montrent les exemples qui suivent.”

Source : Enquête internationale – Story Killers: Des clients de hackers démasqués par des données bancaires suisses | 24 heures

PyPI temporarily pauses new users, projects amid high volume of malware

21 mai 2023 /

pypi

“As of today, the Python Package Index, more commonly known as PyPI, has temporarily suspended new user registrations and project creations until further notice. « New user and new project name registration on PyPI is temporarily suspended, » states an incident notice posted by PyPI admins today, May 20th. « The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave. »”

Source : PyPI temporarily pauses new users, projects amid high volume of malware

TikTok Feeds Teens a Diet of Darkness

14 mai 2023 /

https://images.wsj.net/im-780503/?width=1278&size=1

“After a few hours, I had to stop. If the rapid string of sad videos made me feel bad, how would a 14-year-old feel after watching this kind of content day after day? One account is dedicated to “sad and lonely” music. Another features a teenage girl crying in every video, with statements about suicide. One is full of videos filmed in a hospital room. Each of the hospital videos contains text expressing suicidal thoughts, including, “For my final trick I shall turn into a disappointment.”
Users have developed creative ways to skirt TikTok’s content filters. For instance, since TikTok won’t allow content referencing suicide, people use a sound-alike such as “sewerslide,” or just write “attempt” and leave the rest to the viewer’s imagination. Creators of videos about disordered eating have also evaded TikTok’s filters.
Policing all the content on a service used by more than one billion monthly users is no easy task. Yet there is a difference between stamping out harmful content and promoting it. “If tech companies can’t eliminate this from their platforms, don’t create algorithms that will point kids to that information,” said Arthur C. Evans Jr., chief executive of the American Psychological Association.”

Source : TikTok Feeds Teens a Diet of Darkness – WSJ

Washington annonce avoir neutralisé le logiciel espion russe baptisé « Snake »

14 mai 2023 /

https://i0.wp.com/www.beaude.net/no-flux/wp-content/uploads/2023/05/9bac910_WAS112_USA-TRUMP-RUSSIA_0201_11.jpg?w=676&ssl=1

“Ce logiciel, baptisé « Snake », a permis aux services de sécurité russes (FSB) de « voler des centaines de documents sensibles dans au moins cinquante pays », en attaquant notamment les services informatiques de gouvernements, de médias ou de centres de recherche, selon un communiqué du ministère américain de la justice. « Grâce à une opération de haute technologie, qui a retourné ce logiciel malveillant russe contre lui-même, les forces de l’ordre américaines ont neutralisé l’un des outils de cyberespionnage russe les plus sophistiqués », s’est félicitée la ministre adjointe de la justice, Lisa Monaco. D’après les autorités américaines, le logiciel était guidé depuis une unité du FSB baptisée « Turla », située à Riazan, en Russie. Il pouvait identifier et voler des documents et rester non détecté de manière indéfinie. Sa spécificité : les agents de « Turla » exfiltraient ces données en utilisant le réseau mondial des ordinateurs infectés.”

Source : Washington annonce avoir neutralisé le logiciel espion russe baptisé « Snake »

The Hacking of ChatGPT Is Just Getting Started

14 mai 2023 /

https://i0.wp.com/www.beaude.net/no-flux/wp-content/uploads/2023/05/security_jailbreaking_chatgpt_ai.jpg?resize=676%2C380&ssl=1

“It took Alex Polyakov just a couple of hours to break GPT-4. When OpenAI released the latest version of its text-generating chatbot in March, Polyakov sat down in front of his keyboard and started entering prompts designed to bypass OpenAI’s safety systems. Soon, the CEO of security firm Adversa AI had GPT-4 spouting homophobic statements, creating phishing emails, and supporting violence. Polyakov is one of a small number of security researchers, technologists, and computer scientists developing jailbreaks and prompt injection attacks against ChatGPT and other generative AI systems.
The process of jailbreaking aims to design prompts that make the chatbots bypass rules around producing hateful content or writing about illegal acts, while closely-related prompt injection attacks can quietly insert malicious data or instructions into AI models. Both approaches try to get a system to do something it isn’t designed to do.
The attacks are essentially a form of hacking—albeit unconventionally—using carefully crafted and refined sentences, rather than code, to exploit system weaknesses. While the attack types are largely being used to get around content filters, security researchers warn that the rush to roll out generative AI systems opens up the possibility of data being stolen and cybercriminals causing havoc across the web.”

Source : The Hacking of ChatGPT Is Just Getting Started | WIRED UK

Twitter marks dead celebrities as ‘subscribed’ to Twitter Blue

23 avril 2023 /

Twitter Blue Fake

“Chadwick Boseman, Kobe Bryant and Anthony Bourdain are the latest celebrities to be verified under Twitter Blue, the social media platform’s paid-subscription service that allows anyone to get a blue check mark by their display name if they pay $8 a month and confirm their phone number.
Except the actor, athlete and celebrity chef died years ago, before Twitter Blue even existed. Their accounts — and those of at least a dozen other dead celebrities — now feature a blue check, which, if hovered over, displays the message: “This account is verified because they are subscribed to Twitter Blue and verified their phone number.””

Source : Twitter marks dead celebrities as ‘subscribed’ to Twitter Blue – The Washington Post

Cybersécurité en Suisse: La Confédération refuse d’interdire TikTok à ses employés

23 avril 2023 /

https://i0.wp.com/www.beaude.net/no-flux/wp-content/uploads/2023/04/93my-e4QabyAJgFeBfQ_gb.jpg?resize=676%2C450&ssl=1

“L’utilisation de TikTok au sein de l’Administration fédérale constitue-t-elle une menace pour la sécurité de la Suisse? Pressée par des élus de tous bords, la Confédération a fait appel à l’Institut national de test pour la cybersécurité (NTC) pour une analyse technique de la sécurité de l’application. Résultat: «Aucune indication d’une surveillance des utilisateurs n’a été décelée.»”

Source : Cybersécurité en Suisse: La Confédération refuse d’interdire TikTok à ses employés | 24 heures

Google Chrome emergency update fixes first zero-day of 2023

16 avril 2023 /

https://i0.wp.com/www.beaude.net/no-flux/wp-content/uploads/2023/04/Google___Chrome.jpg?w=676&ssl=1

“Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. « Google is aware that an exploit for CVE-2023-2033 exists in the wild, » the search giant said in a security advisory published on Friday. The new version is rolling out to users in the Stable Desktop channel, and it will reach the entire user base over the coming days or weeks. Chrome users should upgrade to version 112.0.5615.121 as soon as possible, as it addresses the CVE-2023-2033 vulnerability on Windows, Mac, and Linux systems.”

Source : Google Chrome emergency update fixes first zero-day of 2023

FBI warns of public phone chargers: What to know about juice jacking

14 avril 2023 /

“To avoid being a victim in the first place, Coulson encourages adopting newer USB technology (such as USB C) or purchasing charging-only cables, which don’t allow data extraction. Wireless chargers are a more secure option, Chugh said, with instances of tampering on such devices “pretty much nonexistent.” When you plug a smartphone into a USB port, it also might ask whether you trust the device you’ve connected to. That’s a signal that the USB could be doing more than just charging. Unless you’ve connected to your personal computer, you should say no, experts say.”

Source : FBI warns of public phone chargers: What to know about juice jacking – The Washington Post

« Older posts Newer posts »

Archives

Catégories

© 2024 no-Flux

Theme by Anders NorenUp ↑