Tag: technews

ChatGPT Is Exactly What Humans Need—and Unoriginal Dr. Barlow and Wollstonecraft present a case study to a class of 60 students at the Harvard Graduate School of Education. In the case study, they pretend to be teachers or administrators at a school and design a course of action to prevent bullying. The students find that…

Preliminary antitrust ruling suggests breaking up Google’s ad business by EU The European Commission accuses Google of illegally favoring its advertising services over those of its competitors, according to a statement released today by the agency’s executive vice-president in charge of competition policy Margrethe Vestager. It’s a pretty serious charge against what remains a core…

PoC Exploits Found in Fake Researcher Profiles on GitHub At least half a dozen fake GitHub accounts from a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. The repositories, which are still available as of writing, claim to be proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google…

Critical SQL injection vulnerabilities discovered in MOVEit Transfer – patch now! The company behind the MOVEit Transfer file transfer application patches patches to address SQL injection vulnerabilities. Multiple SQL Injection vulnerabilities have been identified in the MOveit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVeeit Transfer database,…

SPECTRALVIPER Backdoor Found Targeting Vietnamese Public Companies Vietnamese public companies have been targeted by an actor named REF2754 who has deployed a backdoor called SPECTRALVIPER. This new piece of malware brings a bunch of new capabilities to the table that include file-passing, file-injection, and token impersonation. It’s also really sneaky–like a Trojan horse for cyberespionage.…

Apple’s Safari Private Browsing Automatically Removes Tracking Parameters in URLs Safari has been a somewhat unheralded pioneer of private browsing, and so many privacy and security features, and this year it’s just a tour de force. Apple is introducing major updates to Safari Private Browsing, including support for tabs that remain open even when the…

Critical vulnerability discovered in WooCommerce Stripe Gateway plugin WooCommerce Stripe Gateway exposes security flaw in pluginA security flaw has been uncovered in the WooCommerce Strip Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. According to security researcher Rafie Muhammad, the plugin suffers from what’s called an unauthenticated insecure direct object…

Critical RCE Flaw Patched in Fortinet FortiGate Firewalls Fortinet patches a flaw in its FortiGate firewalls that allows attackers to gain remote code execution. The company has chosen to keep the details of the flaw a secret until it is fully patched and then plans to release an advisory explaining how the flaw works. It…

1,000+ Fake Cryptocurrency Sites Could Trap Users in Bogus Rewards Scheme A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. The scam works via an advanced fee fraud that involves tricking victims into believing that they’ve won…

Critical FortiOS and FortiProxy vulnerability being exploited – patch now! Fortinet on Monday disclosed a newly patched critical flaw affecting FortiOS and FortiProxy. The vulnerability, tracked as CVE-2023-27997, concerns a heap-based buffer overflow vulnerability in FortiOS that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. LeXFO security researchers…