S3 Ep128: So you want to be a cybercriminal? [Audio + Text]
Credit to Author: Paul Ducklin| Date: Thu, 30 Mar 2023 14:43:50 +0000
Latest episode – listen now!
Read moreMicrosoft
Tech big wigs: Hit the brakes on AI rollouts
More than 1,100 technology luminaries, leaders and scientists have issued a warning against labs performing large-scale experiments with artificial intelligence (AI) more powerful than ChatGPT, saying the technology poses a grave threat to humanity.
In an open letter published by The Future of Life Institute, a nonprofit organization that aims is to reduce global catastrophic and existential risks to humanity, Apple co-founder Steve Wozniak, SpaceX and Tesla CEO Elon Musk, and MIT Future of Life Institute President Max Tegmark joined other signatories in saying AI poses “profound risks to society and humanity, as shown by extensive research and acknowledged by top AI labs.”
Microsoft assigns CVE to Snipping Tool bug, pushes patch to Store
Credit to Author: Paul Ducklin| Date: Mon, 27 Mar 2023 16:59:15 +0000
Microsoft says “successful exploitation requires uncommon user interaction”, but it’s the innocent and accidental leakage of private data you should be concerned about.
Read moreS3 Ep127: When you chop someone out of a photo, but there they are anyway…
Credit to Author: Paul Ducklin| Date: Thu, 23 Mar 2023 17:59:21 +0000
Listen now – latest episode. Full transcript inside.
Read moreWindows 11 also vulnerable to “aCropalypse” image data leakage
Credit to Author: Paul Ducklin| Date: Wed, 22 Mar 2023 17:59:10 +0000
Turns out that the Windows 11 Snipping Tool has the same “aCropalypse” data leakage bug as Pixel phones. Here’s how to work around the problem…
Read moreA week in security (March 13 – 19)
Categories: News Tags: Becky Holmes Tags: Lock and Code S04E06 Tags: ransomware Tags: WhatsApp Tags: AI chatbot Tags: investment fraud Tags: Clop Tags: Microsoft zero-day Tags: Microsoft Tags: STALKER 2 Tags: Facebook Tags: Microsoft OneNote Tags: LockBit Tags: Rubrik The most interesting security related news from the week of March 13 to 19. |
The post A week in security (March 13 – 19) appeared first on Malwarebytes Labs.
Read morePatch Office and Windows now to resolve two zero-days
Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month’s Patch Tuesday release to 84.
Unfortunately, we have two zero-day flaws in Outlook (CVE-2023-23397) and Windows (CVE-2023-24880) that require a “Patch Now” release requirement for both Windows and Microsoft Office updates. As it was last month, there were no further updates for Microsoft Exchange Server or Adobe Reader. This month the team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this cycle.
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
Credit to Author: Paul Ducklin| Date: Thu, 16 Mar 2023 17:56:56 +0000
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English… just like old times, with Duck and Chet!
Read moreUpdate now! Microsoft fixes two zero-day bugs
Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: March Tags: 2023 Tags: Microsoft Tags: Adobe Tags: Fortinet Tags: Android Tags: SAP Tags: CVE-2023-23397 Tags: CVE-2023-24880 Tags: CVE-2023-26360 Tags: CVE-2022-41328 This Patch Tuesday, Microsoft has released fixes for two actively exploited zero-days and Adobe has fixed one. |
The post Update now! Microsoft fixes two zero-day bugs appeared first on Malwarebytes Labs.
Read moreFeds to Microsoft: Clean up your security act — or else
The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily take basic security measures such as patching vulnerable systems to keep them updated.
Instead, it now wants to establish baseline security requirements for businesses and tech companies and to fine those that don’t comply.
It’s not just companies that use the systems who might eventually need to abide by the regulations. Companies that make and sell them, such as Microsoft, Apple, and others could be held accountable as well. Early indications are that the feds already have Microsoft in their crosshairs — they’ve warned the company that, at the moment, it doesn’t appear to be up to the task.