“Security experts have long said that any potential backdoors into encrypted communications or ways to decrypt services would undermine the overall security of the encryption. If law enforcement officials have a way to decipher messages, criminal hackers or those working on behalf of governments could exploit the same capabilities.”
Source : Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption | WIRED
“Aujourd’hui, la question se pose de savoir si la Suisse aurait pu arrêter Jorge il y a huit ans déjà. Les fonctionnaires auraient-ils pu empêcher l’homme de continuer à manipuler des processus démocratiques? À l’époque, les autorités helvétiques disposaient des données bancaires de Jorge. La cellule enquête de Tamedia a analysé en détail ces documents bancaires issus des dossiers de procédure de 2015. Résultat: la clientèle de Jorge a transféré des sommes considérables sur le compte de sa société auprès de la banque tessinoise BSI. Rien qu’en 2014, l’équivalent de près de 850’000 francs ont été versés sur ce compte. De nombreux virements auraient pu éveiller les soupçons, comme le montrent les exemples qui suivent.”
“As of today, the Python Package Index, more commonly known as PyPI, has temporarily suspended new user registrations and project creations until further notice. « New user and new project name registration on PyPI is temporarily suspended, » states an incident notice posted by PyPI admins today, May 20th. « The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave. »”
Source : PyPI temporarily pauses new users, projects amid high volume of malware
“Apple announced that in 2022, the App Store prevented over $2 billion in potentially fraudulent transactions, and rejected nearly 1.7 million app submissions for failing to meet the App Store’s high standards for privacy, security, and content. ”
Source : App Store stopped more than $2 billion in fraudulent transactions in 2022 – Apple
“After a few hours, I had to stop. If the rapid string of sad videos made me feel bad, how would a 14-year-old feel after watching this kind of content day after day? One account is dedicated to “sad and lonely” music. Another features a teenage girl crying in every video, with statements about suicide. One is full of videos filmed in a hospital room. Each of the hospital videos contains text expressing suicidal thoughts, including, “For my final trick I shall turn into a disappointment.”
Users have developed creative ways to skirt TikTok’s content filters. For instance, since TikTok won’t allow content referencing suicide, people use a sound-alike such as “sewerslide,” or just write “attempt” and leave the rest to the viewer’s imagination. Creators of videos about disordered eating have also evaded TikTok’s filters.
Policing all the content on a service used by more than one billion monthly users is no easy task. Yet there is a difference between stamping out harmful content and promoting it. “If tech companies can’t eliminate this from their platforms, don’t create algorithms that will point kids to that information,” said Arthur C. Evans Jr., chief executive of the American Psychological Association.”
“Ce logiciel, baptisé « Snake », a permis aux services de sécurité russes (FSB) de « voler des centaines de documents sensibles dans au moins cinquante pays », en attaquant notamment les services informatiques de gouvernements, de médias ou de centres de recherche, selon un communiqué du ministère américain de la justice. « Grâce à une opération de haute technologie, qui a retourné ce logiciel malveillant russe contre lui-même, les forces de l’ordre américaines ont neutralisé l’un des outils de cyberespionnage russe les plus sophistiqués », s’est félicitée la ministre adjointe de la justice, Lisa Monaco. D’après les autorités américaines, le logiciel était guidé depuis une unité du FSB baptisée « Turla », située à Riazan, en Russie. Il pouvait identifier et voler des documents et rester non détecté de manière indéfinie. Sa spécificité : les agents de « Turla » exfiltraient ces données en utilisant le réseau mondial des ordinateurs infectés.”
Source : Washington annonce avoir neutralisé le logiciel espion russe baptisé « Snake »
“It took Alex Polyakov just a couple of hours to break GPT-4. When OpenAI released the latest version of its text-generating chatbot in March, Polyakov sat down in front of his keyboard and started entering prompts designed to bypass OpenAI’s safety systems. Soon, the CEO of security firm Adversa AI had GPT-4 spouting homophobic statements, creating phishing emails, and supporting violence. Polyakov is one of a small number of security researchers, technologists, and computer scientists developing jailbreaks and prompt injection attacks against ChatGPT and other generative AI systems.
The process of jailbreaking aims to design prompts that make the chatbots bypass rules around producing hateful content or writing about illegal acts, while closely-related prompt injection attacks can quietly insert malicious data or instructions into AI models. Both approaches try to get a system to do something it isn’t designed to do.
The attacks are essentially a form of hacking—albeit unconventionally—using carefully crafted and refined sentences, rather than code, to exploit system weaknesses. While the attack types are largely being used to get around content filters, security researchers warn that the rush to roll out generative AI systems opens up the possibility of data being stolen and cybercriminals causing havoc across the web.”
Source : The Hacking of ChatGPT Is Just Getting Started | WIRED UK
“Chadwick Boseman, Kobe Bryant and Anthony Bourdain are the latest celebrities to be verified under Twitter Blue, the social media platform’s paid-subscription service that allows anyone to get a blue check mark by their display name if they pay $8 a month and confirm their phone number.
Except the actor, athlete and celebrity chef died years ago, before Twitter Blue even existed. Their accounts — and those of at least a dozen other dead celebrities — now feature a blue check, which, if hovered over, displays the message: “This account is verified because they are subscribed to Twitter Blue and verified their phone number.””
Source : Twitter marks dead celebrities as ‘subscribed’ to Twitter Blue – The Washington Post
“L’utilisation de TikTok au sein de l’Administration fédérale constitue-t-elle une menace pour la sécurité de la Suisse? Pressée par des élus de tous bords, la Confédération a fait appel à l’Institut national de test pour la cybersécurité (NTC) pour une analyse technique de la sécurité de l’application. Résultat: «Aucune indication d’une surveillance des utilisateurs n’a été décelée.»”
Source : Cybersécurité en Suisse: La Confédération refuse d’interdire TikTok à ses employés | 24 heures
“Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. « Google is aware that an exploit for CVE-2023-2033 exists in the wild, » the search giant said in a security advisory published on Friday. The new version is rolling out to users in the Stable Desktop channel, and it will reach the entire user base over the coming days or weeks. Chrome users should upgrade to version 112.0.5615.121 as soon as possible, as it addresses the CVE-2023-2033 vulnerability on Windows, Mac, and Linux systems.”
Source : Google Chrome emergency update fixes first zero-day of 2023
© 2023 no-Flux
Theme by Anders Noren — Up ↑
