Google has released an emergency security update to address a critical zero-day vulnerability in its Chrome web browser. The vulnerability, CVE-2023-6345, stems from an integer overflow weakness within the Skia open-source 2D graphics library. The vulnerability could allow attackers to execute arbitrary code on affected systems, potentially taking control of devices or stealing personal information revealed by BleepingComputer.
A US congressional committee has questioned whether Chinese-made Light Detection and Ranging (LiDAR) devices might have a negative impact on national security, and suggested they may therefore be worthy of the same bans that prevent stateside adoption of other tech. The Select Committee on the Chinese Communist Party (CCP), spearheaded by US representative and committee chairman Mike Gallagher (R-WI), penned a letter to secretaries Gina Raimondo, Lloyd Austin, and Janet Yellen requesting an investigation of Chinese LiDAR manufacturers and the appropriateness of sanctions on those entities.
Sens. John Kennedy (R-La.) and Jeff Merkley (D-Ore.) introduced bipartisan legislation on Wednesday to end involuntary facial recognition screening at airports. The pair of senators are aiming to repeal the authorization of the Transportation Security Administration (TSA) to use facial recognition screening at airports, saying that the Travelers’ Privacy Protection Act (TPPA) would prevent the agency from “further exploiting the technology and storing traveler’s biodata.” The senators added that most Americans are unaware that they can opt out of the screening.
In a concerning development, initiatives taken by OpenAI to allow users to develop their personalized versions of the generative AI tool, ChatGPT, have taken a dark turn. Known as ‘GPTs’, these chatbots have been designed for personal use or publication on the web. While thousands of such personalized bots have been created, researchers have identified a gnawing flaw, as they are leaking the initial instructions provided. This puts sensitive data at risk, including proprietary data and personal information. Jiahao Yu has been researching Computer Science at Northwestern University. Researchers at the University, along with Yu, examined over 200 custom GPTs.
Threat actors from the Democratic People’s Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. “Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the regime’s ruling elite and its highly trained cadre of computer science professionals have privileged access to new technologies and information,” cybersecurity firm Recorded Future said in a report shared with The Hacker News.
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies. Dollar Tree is a discount retail company that operates the Dollar Tree and Family Dollar stores in 23,000 locations in the United States and Canada. According to a data breach notification shared with the Maine Attorney General, Dollar Tree’s service provider, Zeroed-In, suffered a security incident between August 7 and 8, 2023.