AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/16/2023

OpenAI co-founder on company’s past approach to openly sharing research: ‘We were wrong’ 

Yesterday, OpenAI announced GPT-4, its long-awaited next-generation AI language model. The system’s capabilities are still being assessed, but as researchers and experts pore over its accompanying materials, many have expressed disappointment at one particular feature: that despite the name of its parent company, GPT-4 is not an open AI model. OpenAI has shared plenty of benchmark and test results for GPT-4, as well as some intriguing demos, but has offered essentially no information on the data used to train the system, its energy costs, or the specific hardware or methods used to create it. 

 

The Biden administration demands that TikTok be sold, or risk a nationwide ban 

The Biden administration is demanding that Chinese-owned TikTok be sold, or the popular video app could face a ban in the U.S., according to a TikTok spokesperson. Whether federal officials have given TikTok a deadline to find a buyer remains unclear. Regardless, it is a major escalation by White House officials who have grown increasingly concerned about the safety of Americans’ data on the app used by more than 100 million Americans. It is the first time the Biden administration has explicitly threatened to ban TikTok.  

 

Facebook ‘Unlawfully’ Used Dutch Personal Data: Court 

Social media platform Facebook unlawfully processed Dutch users’ personal details without consent for advertising purposes for almost a decade, Amsterdam-based judges ruled on Wednesday. The judgement by the Amsterdam District Court said Facebook Ireland — custodians of Dutch users’ personal details — not only used the data for advertising, but also passed it to third parties without properly informing people or having legal grounds to do so. “Facebook Ireland has broken the law when processing personal data of Dutch Facebook users in the period from April 1, 2010 to January 1, 2020,” the judges said in a statement issued by the court. It “processed personal data without a legal basis — such as consent — for this,” the judges said. 

 

Microsoft Patch Tuesday, March 2023 Edition 

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability (CVE-2023-23397) affects all versions of Microsoft Outlook from 2013 to the newest. Microsoft said it has seen evidence that attackers are exploiting this flaw, which can be done without any user interaction by sending a booby-trapped email that triggers automatically when retrieved by the email server — before the email is even viewed in the Preview Pane. 

 

NEW CRYPTOJACKING MALWARE CAN HACK IN KUBERNETES CLUSTERS USING THIS EASY TRICK 

Dero is a relatively new cryptocurrency that places a strong emphasis on privacy. It utilizes directed acyclic graph (DAG) technology, which allows it to make the claim that its transactions are completely anonymous. The combination of anonymity and a greater rewards ratio makes it potentially attractive for cryptojacking organizations in comparison to Monero, which is the coin that is most often used by attackers or groups conducting miner operations. CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure.  

 

Related Posts