CVE and CVSS systems suffer from misaligned incentives and inconsistency Aram Hovespyan, co-founder and CEO of security biz Codific, says that the rating systems for identifying security vulnerabilities and assessing threat risk need to be overhauled.... [...]
Microsoft Copilot, not so much Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even …
AMD Zen hardware and Intel Coffee Lake affected If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and Intel Coffee Lake processors by breaking virtualization boundaries.... [...]
Meta shrugs off allegations of improper dismissal, ignoring privacy and security WhatsApp's former head of security, Attaullah Baig, has filed a lawsuit against its parent company, Meta, alleging that the social media megalith retaliated against him for reporting security failings that violated legal commitments.... [...]
Popular npm packages debug, chalk, and others hijacked in massive supply chain attack Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two-factor authentication protecting his npm account.... [...]
AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.... [...]
Web browsing belongs to the people, not the bots Jon von Tetzchner, CEO of Norway-based browser maker Vivaldi, believes the tech industry's efforts to automate web browsing using generative AI models have gone too far.... [...]
Harvard researchers find model guardrails tailor query responses to user's inferred politics and other affiliations OpenAI's ChatGPT appears to be more likely to refuse to respond to questions posed by fans of the Los Angeles Chargers football team than to followers of other teams.... [...]
AI lowers the bar for cybercrime, Anthropic admits comment Anthropic, a maker of AI tools, says that AI tools are now commonly used to commit cybercrime and facilitate remote worker fraud.... [...]
Because savvy terrorists always use public internet services to plan their mischief, right? Anthropic says it has scanned an undisclosed portion of conversations with its Claude AI model to catch concerning inquiries about nuclear weapons.... [...]
Google’s Gemini-powered tools tripped up by image-scaling prompt injection Security researchers with Trail of Bits have found that Google Gemini CLI and other production AI systems can be deceived by image scaling attacks, a well-known adversarial challenge for machine learning systems.... [...]
Redmond doesn't bother informing customers about some security fixes UPDATED Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot.... [...]
High accuracy scores come from conditions that don't reflect real-world usage Facial recognition technology has been deployed publicly on the basis of benchmark tests that reflect performance in laboratory settings, but some academics are saying that real-world performance doesn't match up.... [...]
Sysadmins, your job is safe Automating IT operations using AI may not be the best idea at the moment.... [...]
Checkbox to make chatbot conversations appear in search engines deemed a footgun OpenAI has removed the option to make ChatGPT interactions indexable by search engines to prevent users from unwittingly exposing sensitive information.... [...]
Boffins insist your deepfake tracking tech won't work Computer scientists with the University of Waterloo in Ontario, Canada, say they've developed a way to remove watermarks embedded in AI-generated images.... [...]
No screenshots for you! In an effort to protect user privacy, Brave browser 1.81 will prevent Microsoft Recall from screenshotting it by default.... [...]
Wi-Fi spy with my little eye that same guy I saw at another hotspot Researchers in Italy have developed a way to create a biometric identifier for people based on the way the human body interferes with Wi-Fi signal propagation.... [...]
Computer scientist Peter Gutmann tells The Reg why it's 'bollocks' The US National Institute for Standards and Technology (NIST) has been pushing for the development of post-quantum cryptographic algorithms since 2016.... [...]
Maintainers struggle to handle growing flow of low-quality bug reports written by bots Daniel Stenberg, founder and lead developer of the open-source curl command line utility, just wants the AI slop to stop.... [...]
Rowhammer returns for more memory-meddling fun The Rowhammer attack on computer memory is back, and for the first time, it's able to mess with bits in Nvidia GPUs, despite defenses designed to protect against this kind of hacking.... [...]
Boffins outsmart smart contracts with evil automation Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.... [...]
You probably don't need one, but it's nice to have the option Let's Encrypt, a certificate authority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.... [...]
Gotta keep 'em separated so the marketers and snoops can't come out and play Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple's App Store, one day ahead of a report warning about the widespread use of browser fingerprinting for ad …
To stop AI scam callers, break automatic speech recognition systems Researchers based in Israel and India have developed a defense against automated call scams.... [...]