Recherche : [E*N] - Cyberveille

Microsoft’s AI Chatbot Replies to Election Questions With Conspiracies, Fake Scandals, and Lies https://www.wired.com/story/microsoft-ai-copilot-chatbot-election-conspiracy/

16/12/2023 10:13:44

With less than a year to go before one of the most consequential elections in US history, Microsoft’s AI chatbot is responding to political queries with conspiracies, misinformation, and out-of-date or incorrect information.

When WIRED asked the chatbot, initially called Bing Chat and recently renamed Microsoft Copilot, about polling locations for the 2024 US election, the bot referenced in-person voting by linking to an article about Russian president Vladimir Putin running for reelection next year. When asked about electoral candidates, it listed numerous GOP candidates who have already pulled out of the race.

Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads https://www.404media.co/cmg-cox-media-actually-listening-to-phones-smartspeakers-for-ads-marketing/

16/12/2023 10:12:20

A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a pitch given to an outside marketing professional. Called “Active Listening,” CMG claims the capability can identify potential customers “based on casual conversations in real time.”

Exploiting GOG Galaxy XPC service for privilege escalation in macOS https://securityintelligence.com/x-force/exploiting-gog-galaxy-xpc-service-privilege-escalation-macos/

16/12/2023 01:04:00

Unpack the analysis of a GOG Galaxy XPC service vulnerability. More from IBM X-Force Red.

Imperva Uncovers CVE-2023-22524, A RCE Vulnerability https://www.imperva.com/blog/cve-2023-22524-rce-vulnerability-in-atlassian-companion-for-macos/

16/12/2023 01:01:43

Learn about a RCE vulnerability, discovered by the Imperva Red Team, identified as CVE-2023-22524, in Atlassian Companion for macOS.

3CX warns customers to disable SQL database integrations https://www.bleepingcomputer.com/news/security/3cx-warns-customers-to-disable-sql-database-integrations/

15/12/2023 23:37:14

VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability.

A pernicious potpourri of Python packages in PyPI https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/

15/12/2023 21:57:30

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds.

Paternity and fertility tests among data stolen in Asper Biogene cyberattack | News | ERR https://news.err.ee/1609195705/paternity-and-fertility-tests-among-data-stolen-in-asper-biogene-cyberattack

15/12/2023 21:42:54

Among the health data illegally downloaded from genetic testing company Asper Biogene's database were details related to paternity and fertility tests. Some of the data is easily understandable and can be directly connected to specific individuals, Pille Lehis, director general of the Data Protection Inspectorate, said on ETV morning show "Terevisioon.".

Supply chain attack targeting Ledger crypto wallet leaves users hacked https://techcrunch.com/2023/12/14/supply-chain-attack-targeting-ledger-crypto-wallet-leaves-users-hacked/

15/12/2023 21:39:50

Hackers pushed out a malicious version of a software library made by crypto company Ledger, which powers several web3 applications.

CVE-2023-50164 https://attackerkb.com/topics/pe3CCtOE81/cve-2023-50164/rapid7-analysis

15/12/2023 21:27:06

Apache Struts is a popular Java web application framework. On December 7, 2023 Apache published an advisory for CVE-2023-50164, a Struts parameter pollution vu…

Ledger's Web3 Connector library was compromised and replaced with a drainer https://stackdiary.com/ledger-library-confirmed-compromised-and-replaced-with-a-drainer/

14/12/2023 16:21:52

Ledger's software got hit with a serious security problem. banteg, a well-known crypto guy, tweeted that Ledger's library is messed up and now has a "drainer" in it.

Apple will no longer give police users' push notification data without a warrant https://techcrunch.com/2023/12/13/apple-push-notifications-government-warrant/

13/12/2023 18:04:01

Apple says it will now require a judge-approved order before handing over its users' push notification records to government agencies.

Hackers are exploiting critical Apache Struts flaw using public PoC https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-apache-struts-flaw-using-public-poc/

13/12/2023 17:21:24

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.

Ukraine’s intelligence claims cyberattack on Russia’s state tax service https://therecord.media/ukraine-intelligence-claims-attack-on-russia-tax-service

13/12/2023 17:10:41

Ukraine's defense intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups.

CALISTO doxxing : Sekoia.io findings concurs to Reuters’ investigation on FSB-related Andrey Korinets https://blog.sekoia.io/calisto-doxxing-sekoia-io-findings-concurs-to-reuters-investigation-on-fsb-related-andrey-korinets/

13/12/2023 15:30:13

Discover activities linking Korinets to CALISTO doxxing in our investigation. Uncover details from emails, domains & servers used to target UK Parliament & Cambridge University.

Threat actors misuse OAuth applications to automate financially driven attacks https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/

13/12/2023 15:25:29

Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks.

Spider-Man And Wolverine Devs Hit By Alleged Ransomware Attack https://kotaku.com/insomniac-games-sony-ransomware-spiderman-wolverine-1851092474

13/12/2023 13:31:19

This would be the third time this year that a Sony-owned company has been breached by hackers

Apple’s new iPhone security setting keeps thieves out of your digital accounts https://www.theverge.com/2023/12/12/23998665/apple-stolen-device-protection-face-touch-id-icloud-account-vulnerability-ios-17-3-beta

13/12/2023 11:57:25

Apple added a feature to iOS 17.3 that appears to address an iPhone security vulnerability that lets thieves steal iCloud accounts using only a user’s iPhone PIN.

AlphV’s bid to report its victim to the SEC could backfire https://readme.synack.com/alphvs-bid-to-report-its-victim-to-the-sec-could-backfire

13/12/2023 09:13:47

The ransomware group AlphV reported a victim to the SEC for failing to report a cybersecurity incident, placing government regulators in a precarious position.

Ukraine's top mobile operator hit by biggest cyberattack of war so far | Reuters https://www.reuters.com/technology/cybersecurity/ukraines-biggest-mobile-operator-suffers-massive-hacker-attack-statement-2023-12-12/

12/12/2023 21:45:10

Ukraine's biggest mobile network operator was hit on Tuesday by what appeared to be the largest cyberattack of the war with Russia so far, knocking out mobile and internet services for millions and the air raid alert system in parts of Kyiv region.

pfSense Security: Sensing Code Vulnerabilities with SonarCloud https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/

12/12/2023 21:31:04

Our Clean Code solution SonarCloud discovered multiple vulnerabilities leading to remote code execution on pfSense CE 2.7.0. Let's see how SonarCloud found them and how it can keep your code clean.

Liens par page

Filtres