Thursday, June 1, 2023

Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls

Enlarge (credit: Getty Images) Firewalls made by Zyxel are being wrangled into a destructive botnet, which is taking control of them by exploiting a recently patched vulnerability with a severity...

AI-expanded album cover artworks go viral thanks to Photoshop’s Generative Fill

Enlarge / An AI-expanded version of a famous album cover involving four lads and a certain road created using Adobe Generative Fill. (credit: Capitol Records / Adobe / Dobrokotov) Over...

Twitter value keeps falling under Musk, now worth a third of what he paid

Enlarge (credit: Getty Images | NurPhoto ) Twitter's value has reportedly dropped to about $15 billion, slightly more than one-third of the $44 billion that Elon Musk paid for it...

A Snap-based, containerized Ubuntu desktop could be offered in 2024

Enlarge / Some of the many Snap apps available in Ubuntu's Snap Store, the place where users can find apps and Linux enthusiasts can find deep-seated disagreement. (credit: Canonical) Ubuntu...

Critical Barracuda 0-day was used to backdoor networks for 8 months

Enlarge (credit: Getty Images) A critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been under active exploitation since October. The...

OpenAI execs warn of “risk of extinction” from artificial intelligence in new open letter

Enlarge / An AI-generated image of "AI taking over the world." (credit: Stable Diffusion) On Tuesday, the Center for AI Safety (CAIS) released a single-sentence statement signed by executives from...

Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days

Enlarge Smartphone malware sold to governments around the world can surreptitiously record voice calls and nearby audio, collect data from apps such as Signal and WhatsApp, and hide apps...

Green hills forever: Windows XP activation algorithm cracked after 21 years

Enlarge / With this background, potentially the most viewed photograph in human history, Windows XP always signaled that it was prepared for a peaceful retirement. Yet some would have us disturb...

Microsoft president declares deepfakes biggest AI concern

Enlarge / An AI-generated image of a "wall of fake images." (credit: Stable Diffusion) On Thursday, Microsoft President Brad Smith announced that his biggest apprehension about AI revolves around the...

Unearthed: CosmicEnergy, malware for causing Kremlin-style power disruptions

Enlarge (credit: Getty Images) Researchers have uncovered malware designed to disrupt electric power transmission and may have been used by the Russian government in training exercises for creating or responding...

OpenAI CEO raises $115M for crypto company that scans people’s eyeballs

Enlarge / Worldcoin's "Orb," a device that scans your eyeballs to verify that you're a real human. A company co-founded by OpenAI CEO Sam Altman has raised $115 million...

Minnesota enacts right-to-repair law that covers more devices than any other state

Enlarge / Minnesota's right-to-repair bill is the first to pass in the US that demands broad access to most electronics' repair manuals, tools, and diagnostic software. Game consoles, medical devices, and...

The lightning onset of AI—what suddenly changed? An Ars Frontiers 2023 recap

Enlarge / On May 22, Benj Edwards (left) moderated a panel featuring Paige Bailey (center), Haiyan Zhang (right) for the Ars Frontiers 2023 session titled, "The Lightning Onset of AI —...

Chinese state hackers infect critical infrastructure throughout the US and Guam

Enlarge (credit: peterschreiber.media | Getty Images) A Chinese government hacking group has acquired a significant foothold inside critical infrastructure environments throughout the US and Guam and is stealing network credentials...

Legit app in Google Play turns malicious and sends mic recordings every 15 minutes

Enlarge (credit: Getty Images) An app that had more than 50,000 downloads from Google Play surreptitiously recorded nearby audio every 15 minutes and sent it to the app developer, a...
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
The Register

Feds, you’ll need a warrant for that cellphone border search

Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Graham Cluley

Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?

height="315" class="aligncenter size-full wp-image-292324" /> ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"? All this and...