Monday, January 30, 2023

GitHub says hackers cloned code-signing certificates in breached repository

Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place...

MusicLM: Google AI generates music in various genres at 24 kHz

Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica) On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...

Massive Yandex code leak reveals Russian search engine’s ranking factors

Enlarge / The Russian logo of Yandex, the country's largest search engine and a tech company with many divisions, inside the company's headquarters. (credit: SOPA Images / Getty Images) Nearly...

Most criminal cryptocurrency is funneled through just 5 exchanges

Enlarge (credit: Eugene Mymrin/Getty Images) For years, the cryptocurrency economy has been rife with black market sales, theft, ransomware, and money laundering—despite the strange fact that in that economy, practically...

#GermanyRIP. Kremlin-loyal hacktivists wage DDoSes to retaliate for tank aid

Enlarge / An iteration of what happens when your site gets shut down by a DDoS attack. Threat actors loyal to the Kremlin have stepped up attacks in support...

Pivot to ChatGPT? BuzzFeed preps for AI-written content while CNET fumbles

Enlarge / An AI-generated image of a robot typewriter-journalist hard at work. (credit: Ars Technica) On Thursday, an internal memo obtained by The Wall Street Journal revealed that BuzzFeed is...

Deepfakes for scrawl: With handwriting synthesis, no pen is necessary

Enlarge / An example of computer-synthesized handwriting generated by Calligrapher.ai. (credit: Ars Technica) Thanks to a free web app called calligrapher.ai, anyone can simulate handwriting with a neural network that...

RSA’s demise from quantum attacks is very much exaggerated, expert says

Enlarge Three weeks ago, panic swept across some corners of the security world after researchers discovered a breakthrough that, at long last, put the cracking of the widely used...

With Nvidia Eye Contact, you’ll never look away from a camera again

Enlarge / Nvidia's Eye Contact feature automatically maintains eye contact with a camera for you. (credit: Nvidia) Nvidia recently released a beta version of Eye Contact, an AI-powered software video...

Fearing ChatGPT, Google enlists founders Brin and Page in AI fight

Enlarge / An illustration of a chatbot exploding onto the scene, being very threatening. (credit: Benj Edwards / Ars Technica) ChatGPT has Google spooked. On Friday, The New York Times...

OpenAI and Microsoft announce extended, multi-billion-dollar partnership

Enlarge / The OpenAI logo superimposed over the Microsoft logo. (credit: Ars Technica) On Monday, AI tech darling OpenAI announced that it received a "multi-year, multi-billion dollar investment" from Microsoft,...

Ransomware victims are refusing to pay, tanking attackers’ profits

Enlarge / Holding up corporations, utilities, and hospitals for malware-encrypted data used to be quite profitable. But it's a tough gig lately, you know? (credit: ifanfoto/Getty Images) Two new studies...

300+ models of MSI motherboards have Secure Boot turned off. Is yours affected?

Enlarge (credit: Getty Images) Secure Boot is an industry standard for ensuring that Windows devices don’t load malicious firmware or software during the startup process. If you have it turned...

Pioneering Apple Lisa goes “open source” thanks to Computer History Museum

Enlarge / The Apple Lisa 1, released in 1983. (credit: Apple, Inc.) As part of the Apple Lisa's 40th birthday celebrations, the Computer History Museum has released the source code...

Hacker group incorporates DNS hijacking into its malicious website campaign

Enlarge / DNS hijacking concept. Researchers have uncovered a malicious Android app that can tamper with the wireless router the infected phone is connected to and force the router...

GitHub says hackers cloned code-signing certificates in breached repository

Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place...
Security Affairs

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
The Register

Chromebook SH1MMER exploit promises admin jailbreak

Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…

MusicLM: Google AI generates music in various genres at 24 kHz

Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica) On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.