Leaked draft report says stated goals still come up short Google's Privacy Sandbox, which aspires to provide privacy-preserving ad targeting and analytics, still isn't sufficiently private.... [...]
While some other LLMs appear to flat-out suck AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.... [...]
$62 million settlement plan challenged over payments to progressive nonprofits Google's plan to pay $62 million to settle allegations that it tracked people even when their Location History setting was switched off may have to be renegotiated based on several objections.... [...]
Out of the PAN-OS and into the firewall, a Python backdoor this way comes Palo Alto Networks on Friday issued a critical alert for an under-attack vulnerability in the PAN-OS software used in its firewall-slash-VPN products.... [...]
Paying for browsers is no longer a memory from the 1990s Cloud Next Hoping to upsell freeloading corporate users of its Chrome browser, Google has announced Chrome Enterprise Premium – which comes with a dash of AI security sauce for just $6 per user per month.... [...]
Web devs advised to do their part to limit UI redress attacks Web browsers still struggle to prevent clickjacking, an attack technique first noted in 2008 that repurposes web page interface elements to deceive visitors.... [...]
This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy Analysis The discovery last week of a backdoor in a widely used open source compression library called xz could have been a security disaster had it not been caught by luck and atypical …
Code shines up nicely in production, says Chocolate Factory's Bergstrom Echoing the past two years of Rust evangelism and C/C++ ennui, Google reports that Rust shines in production, to the point that its developers are twice as productive using the language compared to C++.... [...]
Red Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES Red Hat on Friday warned that a malicious backdoor found in the widely used data compression software library xz may be present in instances of Fedora Linux 40 and in the Fedora Rawhide developer distribution.... [...]
Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that In-depth Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI.... [...]
We're dreaming of a white list, because we're just like the ones you used to know More than half of Americans are using ad blocking software, and among advertising, programming, and security professionals that fraction is more like two-thirds to three-quarters.... [...]
I ain't afraid of no ghosts, but in this case... To spy on rival Snapchat and get data on how the app was being used, Meta – when it was operating as Facebook – allegedly initiated a program called Project Ghostbusters, which intercepted data traffic from mobile apps. And it used …
Some of us would be happy being rated 7.5 out of 10, just sayin' Updated Two DNSSEC vulnerabilities were disclosed last month with similar descriptions and the same severity score, but they are not the same issue.... [...]
Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials At least 900 websites built with Google's Firebase, a cloud database, have been misconfigured, leaving credentials, personal info, and other sensitive data inadvertently exposed to the public internet, according to security researchers.... [...]
Rare occasion when you do want Big Tech to make a hash of it Google has enhanced its Safe Browsing service to enable real-time protection in Chrome for desktop, iOS, and soon Android against risky websites, without sending browsing history data to the ad biz.... [...]
Automated AI helper intended to make security more manageable Microsoft Copilot for Security, a subscription AI security service, will be generally available on April 1, 2024, the company announced on Wednesday.... [...]
Infosec folk aren’t thrilled that if you poke APIs enough, you learn AI's secrets Boffins have managed to pry open closed AI services from OpenAI and Google with an attack that recovers an otherwise hidden portion of transformer models.... [...]
Under New Management is an early-warning system for potential poisoning of add-ons with malware Millions of Chrome users now have a way to guard against the threat of extension subversion, that is, if they don't mind installing yet another browser extension.... [...]
Play Store commissions are a nice little earner, wherever they come from Google has been accused of profiting from gift card scams.... [...]
/ Hope no one ever reads these functions lmao / NSO Group, the Israel-based maker of super-charged snoopware Pegasus, has been ordered by a federal judge in California to share the source code for "all relevant spyware" with Meta's WhatsApp.... [...]
Cloned then compromised, bad repos are forked faster than they can be removed A malware distribution campaign that began last May with a handful of malicious software packages uploaded to the Python Package Index (PyPI) has spread to GitHub and expanded to reach at least 100,000 compromised repositories …
Those little popups may reveal location, device details, IP address, and more More than 130 petitions seeking access to push notification metadata have been filed in US courts, according to a Washington Post investigation – a finding that underscores the lack of privacy protection available to users of mobile devices …
Talk about gone in 60 seconds Computer scientists have developed an efficient way to craft prompts that elicit harmful responses from large language models (LLMs).... [...]
State government says it's thinking of the children A law firm acting on behalf of the Nevada Attorney General Aaron Ford has asked a state court to issue a temporary restraining order (TRO) denying minors access to encrypted communication in Meta's Messenger application.... [...]
We speak to professor who with colleagues tooled up OpenAI's GPT-4 and other neural nets AI models, the subject of ongoing safety concerns about harmful and biased output, pose a risk beyond content emission. When wedded with tools that enable automated interaction with other systems, they can act on …