ICT Security-Sécurité PC et Internet
87.1K views | +2 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Bootloader-Lücke gefährdet viele Linux-Distributionen | heise online

Bootloader-Lücke gefährdet viele Linux-Distributionen | heise online | ICT Security-Sécurité PC et Internet | Scoop.it
From www.heise.de - February 9, 9:54 AM

Bootloader-Lücke gefährdet viele Linux-Distributionen
Im Bootloader shim, der Secure-Boot auch für nicht-Windows-Betriebssysteme erlaubt, klafft eine Sicherheitslücke.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Bootloader-Lücke gefährdet viele Linux-Distributionen
Im Bootloader shim, der Secure-Boot auch für nicht-Windows-Betriebssysteme erlaubt, klafft eine Sicherheitslücke.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Info-stealers can steal cookies for permanent access to your Google account

Info-stealers can steal cookies for permanent access to your Google account | ICT Security-Sécurité PC et Internet | Scoop.it
From www.malwarebytes.com - January 12, 4:30 PM

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password.

Since the discovery of the exploit, numerous white and black hat security researchers have looked into and discussed the issue. As a result, the exploit is now built into various information stealers.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

 

 

Gust MEES's insight:

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication (MFA) the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password.

Since the discovery of the exploit, numerous white and black hat security researchers have looked into and discussed the issue. As a result, the exploit is now built into various information stealers.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=2FA

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=MFA

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

New JaskaGO Malware Targets Mac and Windows for Crypto, Browser Data

New JaskaGO Malware Targets Mac and Windows for Crypto, Browser Data | ICT Security-Sécurité PC et Internet | Scoop.it
From www.hackread.com - December 20, 2023 12:02 PM

A recently discovered cross-platform malware, appropriately named JaskaGO, has surfaced, targeting both macOS and Windows systems.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

Gust MEES's insight:

A recently discovered cross-platform malware, appropriately named JaskaGO, has surfaced, targeting both macOS and Windows systems.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Free Download Manager site redirected Linux users to malware for years

Free Download Manager site redirected Linux users to malware for years | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - September 12, 2023 11:33 AM

A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.

The malware used in this campaign establishes a reverse shell to a C2 server and installs a Bash stealer that collects user data and account credentials.

Kaspersky discovered the potential supply chain compromise case while investigating suspicious domains, finding that the campaign has been underway for over three years.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

Gust MEES's insight:

A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.

The malware used in this campaign establishes a reverse shell to a C2 server and installs a Bash stealer that collects user data and account credentials.

Kaspersky discovered the potential supply chain compromise case while investigating suspicious domains, finding that the campaign has been underway for over three years.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Smart light bulbs could give away your password secrets

Smart light bulbs could give away your password secrets | ICT Security-Sécurité PC et Internet | Scoop.it
From nakedsecurity.sophos.com - August 22, 2023 2:55 PM

A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb.

The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] best seller on Amazon Italy,” so we don’t know how other smart bulbs stack up, but their report has plenty to teach us anyway.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?tag=Smart+Home

 

 

Gust MEES's insight:

A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb.

The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] best seller on Amazon Italy,” so we don’t know how other smart bulbs stack up, but their report has plenty to teach us anyway.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?tag=Smart+Home

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Researchers Leverage ChatGPT to Expose Notorious macOS Malware

Researchers Leverage ChatGPT to Expose Notorious macOS Malware | ICT Security-Sécurité PC et Internet | Scoop.it
From www.hackread.com - August 3, 2023 12:57 PM

Russian hackers and cybercrime forums are notorious for exploiting critical infrastructure. Last month, Hackread.com exclusively reported that a Russian-speaking threat actor was selling access to a US military satellite. Now, researchers have identified macOS malware being sold for $60,000.

 

 
 
 
 
Gust MEES's insight:

Russian hackers and cybercrime forums are notorious for exploiting critical infrastructure. Last month, Hackread.com exclusively reported that a Russian-speaking threat actor was selling access to a US military satellite. Now, researchers have identified macOS malware being sold for $60,000.

 

 
 
 
 
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Researchers jailbreak AI chatbots like ChatGPT, Claude

Researchers jailbreak AI chatbots like ChatGPT, Claude | ICT Security-Sécurité PC et Internet | Scoop.it
From mashable.com - July 27, 2023 5:39 PM

Researchers jailbreak AI chatbots, including ChatGPT
Like a magic wand that turns chatbots evil.

 

 
 
 
 
Gust MEES's insight:

Researchers jailbreak AI chatbots, including ChatGPT
Like a magic wand that turns chatbots evil.

 

 
 
 
 
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Critical TootRoot bug lets attackers hijack Mastodon servers

Critical TootRoot bug lets attackers hijack Mastodon servers | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - July 7, 2023 6:44 PM

Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, one of them critical that allows hackers to create arbitrary files on the server using specially crafted media files.

Mastodon has about 8.8 million users spread across 13,000 separate servers (instances) hosted by volunteers to support distinct yet inter-connected (federated) communities.

All the four issues fixed were discovered by independent auditors at Cure53, a company that provides penetration testing for online services. The auditors inspected Mastodon's code at Mozilla's request.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon

 

 

Gust MEES's insight:

Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, one of them critical that allows hackers to create arbitrary files on the server using specially crafted media files.

Mastodon has about 8.8 million users spread across 13,000 separate servers (instances) hosted by volunteers to support distinct yet inter-connected (federated) communities.

All the four issues fixed were discovered by independent auditors at Cure53, a company that provides penetration testing for online services. The auditors inspected Mastodon's code at Mozilla's request.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/social-media-and-its-influence/?&tag=Mastodon

 

 

more...
Scooped by Gust MEES
Scoop.it!

Infostealer malware have stolen 101,000 ChatGPT accounts

Infostealer malware have stolen 101,000 ChatGPT accounts | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - June 20, 2023 8:47 AM

​More than 101,000 ChatGPT user accounts have been stolen by information-stealing malware over the past year, according to dark web marketplace data.

Cyberintelligence firm Group-IB reports having identified over a hundred thousand info-stealer logs on various underground websites containing ChatGPT accounts, with the peak observed in May 2023, when threat actors posted 26,800 new ChatGPT credential pairs.

 

 
 
 
Gust MEES's insight:

​More than 101,000 ChatGPT user accounts have been stolen by information-stealing malware over the past year, according to dark web marketplace data.

Cyberintelligence firm Group-IB reports having identified over a hundred thousand info-stealer logs on various underground websites containing ChatGPT accounts, with the peak observed in May 2023, when threat actors posted 26,800 new ChatGPT credential pairs.

 

 
 
 
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

The ChatGPT bug exposed more private data than previously thought

The ChatGPT bug exposed more private data than previously thought | ICT Security-Sécurité PC et Internet | Scoop.it
From mashable.com - March 24, 2023 3:54 PM

A ChatGPT bug found earlier this week also revealed user's payment information, says OpenAI(Opens in a new tab).

The AI chatbot was shut down on March 20, due to a bug that exposed titles and the first message of new conversations from active users' chat history to other users.

Now, OpenAI has shared that even more private data from a small number of users was exposed.

"In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date," said OpenAI. "Full credit card numbers were not exposed at any time.

 

 
 
Gust MEES's insight:

A ChatGPT bug found earlier this week also revealed user's payment information, says OpenAI(Opens in a new tab).

The AI chatbot was shut down on March 20, due to a bug that exposed titles and the first message of new conversations from active users' chat history to other users.

Now, OpenAI has shared that even more private data from a small number of users was exposed.

"In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date," said OpenAI. "Full credit card numbers were not exposed at any time.

 

 
 
more...
Angela Gold's comment, March 24, 2023 9:43 PM
look nice
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Linux Support Expands Cyber Spy Group's Arsenal

Linux Support Expands Cyber Spy Group's Arsenal | ICT Security-Sécurité PC et Internet | Scoop.it
From www.darkreading.com - March 2, 2023 12:57 PM

A pervasive cyber-espionage group known as Iron Tiger, believed to be out of China, has updated one of its malware frameworks to attack Linux-based systems.


Researchers at Trend Micro recently discovered that Iron Tiger (aka Emissary Panda or APT27) had added new features to its so called SysUpdate malware family, which allows it to infect Linux platforms in addition to Windows. SysUpdate abuses system services, grabs screenshots, browses and terminates processes, retrieves drive information, executes commands, and can find, delete, rename, upload, and download files as well as peruse a victim's file directory.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

A pervasive cyber-espionage group known as Iron Tiger, believed to be out of China, has updated one of its malware frameworks to attack Linux-based systems.


Researchers at Trend Micro recently discovered that Iron Tiger (aka Emissary Panda or APT27) had added new features to its so called SysUpdate malware family, which allows it to infect Linux platforms in addition to Windows. SysUpdate abuses system services, grabs screenshots, browses and terminates processes, retrieves drive information, executes commands, and can find, delete, rename, upload, and download files as well as peruse a victim's file directory.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

ChatGPT: A New Wave of Cybersecurity Concerns?

ChatGPT: A New Wave of Cybersecurity Concerns? | ICT Security-Sécurité PC et Internet | Scoop.it
From www.infosecurity-magazine.com - February 1, 2023 11:20 AM

As 2022 ended, OpenAI made ChatGPT live to the world. It is an artificially intelligent research and deployment chatbot that interacts through text using realistic human responses. Its deep learning techniques can generate conversations that convince anyone they are interacting with an actual human. 

Like opening the jar and releasing the genie, its impact is relatively unknown, but grave intrigue and curiosity surrounded it. How will it be used; how does it work; is it for good or evil? No, this is not the next Terminator sequel…

Its intentions are certainly for positive use, and its articulate responses have led many to claim it as the best chatbot to be released. However, in a short period, ChatGPT has already been linked to cyber threats as cyber-criminals leverage its advanced capabilities for nefarious means. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=ChatGPT

 

 

Gust MEES's insight:

As 2022 ended, OpenAI made ChatGPT live to the world. It is an artificially intelligent research and deployment chatbot that interacts through text using realistic human responses. Its deep learning techniques can generate conversations that convince anyone they are interacting with an actual human. 

Like opening the jar and releasing the genie, its impact is relatively unknown, but grave intrigue and curiosity surrounded it. How will it be used; how does it work; is it for good or evil? No, this is not the next Terminator sequel…

Its intentions are certainly for positive use, and its articulate responses have led many to claim it as the best chatbot to be released. However, in a short period, ChatGPT has already been linked to cyber threats as cyber-criminals leverage its advanced capabilities for nefarious means. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=ChatGPT

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ

Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ | ICT Security-Sécurité PC et Internet | Scoop.it
From www.darkreading.com - January 27, 2023 2:45 PM

The Feds have disrupted the prolific Hive ransomware gang, saving victims from a collective $130 million in ransom demands. But it remains to be seen how much of a blow the effort will be to the overall ransomware landscape.

The group's operations have been buzzing with activity for months, racking up more than 1,500 victims in 80-plus countries around the world since it appeared in June 2021, according to an announcement from the US Justice Department. The gang has been operating with a ransomware-as-a-service (RaaS) model, engaging in data theft and double extortion, and delivering its venom indiscriminately to school districts, financial firms, critical infrastructure, and others. At least one affiliate has become a bit of a hospital specialist, disrupting patient care in some attacks.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
 
Gust MEES's insight:

The Feds have disrupted the prolific Hive ransomware gang, saving victims from a collective $130 million in ransom demands. But it remains to be seen how much of a blow the effort will be to the overall ransomware landscape.

The group's operations have been buzzing with activity for months, racking up more than 1,500 victims in 80-plus countries around the world since it appeared in June 2021, according to an announcement from the US Justice Department. The gang has been operating with a ransomware-as-a-service (RaaS) model, engaging in data theft and double extortion, and delivering its venom indiscriminately to school districts, financial firms, critical infrastructure, and others. At least one affiliate has become a bit of a hospital specialist, disrupting patient care in some attacks.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 
 
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 GitLab servers exposed to zero-click account takeover attacks | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - January 24, 1:23 PM

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.

The critical (CVSS score: 10.0) flaw allows attackers to send password reset emails for a targeted account to an attacker-controlled email address, allowing the threat actor to change the password and take over the account.

Although the flaw does not bypass two-factor authentication (2FA), it is a significant risk for any accounts not protected by this extra security mechanism.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=GitHub

 

 

Gust MEES's insight:

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.

The critical (CVSS score: 10.0) flaw allows attackers to send password reset emails for a targeted account to an attacker-controlled email address, allowing the threat actor to change the password and take over the account.

Although the flaw does not bypass two-factor authentication (2FA), it is a significant risk for any accounts not protected by this extra security mechanism.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=GitHub

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

4 key takeaways from NIST’s new guide on AI cyber threats

4 key takeaways from NIST’s new guide on AI cyber threats | ICT Security-Sécurité PC et Internet | Scoop.it
From www.scmagazine.com - January 12, 4:26 PM

An AI threat guide, outlining cyberattacks that target or leverage machine learning models, was published by the National Institute of Standards and Technology (NIST) on Jan. 4.

The nearly 100-page paper, titled “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations,” provides a comprehensive overview of the cybersecurity and privacy risks that come with the rapid development of both predictive and generative AI tools over the last few years.

 

 
 
 
 
Gust MEES's insight:

An AI threat guide, outlining cyberattacks that target or leverage machine learning models, was published by the National Institute of Standards and Technology (NIST) on Jan. 4.

The nearly 100-page paper, titled “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations,” provides a comprehensive overview of the cybersecurity and privacy risks that come with the rapid development of both predictive and generative AI tools over the last few years.

 

 
 
 
 
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Google Makes Passkeys Default for All Users

Google Makes Passkeys Default for All Users | ICT Security-Sécurité PC et Internet | Scoop.it
From www.hackread.com - October 12, 2023 3:38 PM

Google is making passkeys the default option, aiming to replace passwords altogether.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=PassKey

 

 

Gust MEES's insight:

Google is making passkeys the default option, aiming to replace passwords altogether.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=PassKey

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign

'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign | ICT Security-Sécurité PC et Internet | Scoop.it
From www.securityweek.com - September 7, 2023 10:08 AM

The fake TradingView website is hosted on trabingviews[.]com, with special font characters being used to make it look like the legitimate domain and help it avoid detection.

The malicious website is designed to look authentic, claiming to offer downloads for the TradingView app’s Windows, macOS and Linux versions.

While the Windows and Linux files deliver the NetSupport RAT, the Mac file delivers the AMOS malware. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

 

Gust MEES's insight:

The fake TradingView website is hosted on trabingviews[.]com, with special font characters being used to make it look like the legitimate domain and help it avoid detection.

The malicious website is designed to look authentic, claiming to offer downloads for the TradingView app’s Windows, macOS and Linux versions.

While the Windows and Linux files deliver the NetSupport RAT, the Mac file delivers the AMOS malware. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics

Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics | ICT Security-Sécurité PC et Internet | Scoop.it
From thehackernews.com - August 15, 2023 3:59 PM

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

Gust MEES's insight:

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

A New Attack Impacts ChatGPT—and No One Knows How to Stop It

A New Attack Impacts ChatGPT—and No One Knows How to Stop It | ICT Security-Sécurité PC et Internet | Scoop.it
From www.wired.com - August 3, 2023 9:13 AM

CHATGPT AND ITS artificially intelligent siblings have been tweaked over and over to prevent troublemakers from getting them to spit out undesirable messages such as hate speech, personal information, or step-by-step instructions for building an improvised bomb. But researchers at Carnegie Mellon University last week showed that adding a simple incantation to a prompt—a string text that might look like gobbledygook to you or me but which carries subtle significance to an AI model trained on huge quantities of web data—can defy all of these defenses in several popular chatbots at once.

 

 
 
 
Gust MEES's insight:

CHATGPT AND ITS artificially intelligent siblings have been tweaked over and over to prevent troublemakers from getting them to spit out undesirable messages such as hate speech, personal information, or step-by-step instructions for building an improvised bomb. But researchers at Carnegie Mellon University last week showed that adding a simple incantation to a prompt—a string text that might look like gobbledygook to you or me but which carries subtle significance to an AI model trained on huge quantities of web data—can defy all of these defenses in several popular chatbots at once.

 

 
 
 
more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

AVrecon malware infects 70,000 Linux routers to build botnet

AVrecon malware infects 70,000 Linux routers to build botnet | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - July 14, 2023 5:24 AM

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

This allows its operators to hide a wide spectrum of malicious activities, from digital advertising fraud to password spraying.

According to Lumen's Black Lotus Labs threat research team, while the AVrecon remote access trojan (RAT) compromised over 70,000 devices, only 40,000 were added to the botnet after gaining persistence.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

Gust MEES's insight:

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

This allows its operators to hide a wide spectrum of malicious activities, from digital advertising fraud to password spraying.

According to Lumen's Black Lotus Labs threat research team, while the AVrecon remote access trojan (RAT) compromised over 70,000 devices, only 40,000 were added to the botnet after gaining persistence.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

New StackRot Linux kernel flaw allows privilege escalation

New StackRot Linux kernel flaw allows privilege escalation | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - July 6, 2023 9:39 AM

Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "minimal capabilities." The security issue is being referred to as StackRot (CVE-2023-3269) and can be used to compromise the kernel and elevate privileges.

A patch is available for the affected stable kernels since July 1st and full details about the issue along with a complete exploit code are expected by the end of the month.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "minimal capabilities." The security issue is being referred to as StackRot (CVE-2023-3269) and can be used to compromise the kernel and elevate privileges.

A patch is available for the affected stable kernels since July 1st and full details about the issue along with a complete exploit code are expected by the end of the month.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

New Linux kernel NetFilter flaw gives attackers root privileges

New Linux kernel NetFilter flaw gives attackers root privileges | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - May 9, 2023 12:54 PM

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.

The CVE-2023-32233 identifier has been reserved for the vulnerability, but a severity level is yet to be determined.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Gust MEES's insight:

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.

The CVE-2023-32233 identifier has been reserved for the vulnerability, but a severity level is yet to be determined.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks

New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks | ICT Security-Sécurité PC et Internet | Scoop.it
From thehackernews.com - March 17, 2023 1:38 PM

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

Gust MEES's insight:

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Tor and I2P networks hit by wave of ongoing DDoS attacks

Tor and I2P networks hit by wave of ongoing DDoS attacks | ICT Security-Sécurité PC et Internet | Scoop.it
From www.bleepingcomputer.com - February 8, 2023 4:42 PM

If you've been experiencing Tor network connectivity and performance issues lately, you're not the only one since many others have had problems with onion and i2p sites loading slower or not loading at all.

Tor Project's Executive Director Isabela Dias Fernandes revealed on Tuesday that a wave of distributed denial-of-service (DDoS) attacks has been targeting the network since at least July 2022.

"At some points, the attacks impacted the network severely enough that users could not load pages or access onion services," Fernandes said on Tuesday.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

Gust MEES's insight:

If you've been experiencing Tor network connectivity and performance issues lately, you're not the only one since many others have had problems with onion and i2p sites loading slower or not loading at all.

Tor Project's Executive Director Isabela Dias Fernandes revealed on Tuesday that a wave of distributed denial-of-service (DDoS) attacks has been targeting the network since at least July 2022.

"At some points, the attacks impacted the network severely enough that users could not load pages or access onion services," Fernandes said on Tuesday.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/topic/securite-pc-et-internet

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

How to Delete Your Incognito Mode History and Protect Your Privacy

How to Delete Your Incognito Mode History and Protect Your Privacy | ICT Security-Sécurité PC et Internet | Scoop.it
From www.makeuseof.com - January 31, 2023 4:21 PM

If you're like most people, you use the incognito browsing mode when you want to keep your browsing history private. But did you know that incognito mode isn't actually private?

When using incognito mode in your web browser, you may think that your activities are completely anonymous and untraceable. Unfortunately, this is not always the case. Your Internet Service Provider (ISP) and other third-party entities may still be able to track your online activity, even when you are browsing in incognito mode. Not only that: if you share your device with others, even they can find out what you visited in incognito mode.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

 

Gust MEES's insight:

If you're like most people, you use the incognito browsing mode when you want to keep your browsing history private. But did you know that incognito mode isn't actually private?

When using incognito mode in your web browser, you may think that your activities are completely anonymous and untraceable. Unfortunately, this is not always the case. Your Internet Service Provider (ISP) and other third-party entities may still be able to track your online activity, even when you are browsing in incognito mode. Not only that: if you share your device with others, even they can find out what you visited in incognito mode.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

 

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn