Researchers found three vulnerabilities affecting ChatGPT plugins

andreasc
-
0
Researchers found three vulnerabilities affecting ChatGPT plugins
[ad_1]

ChatGPT is much more useful now than it was when I first came out, and this is through the use of plugins and GPTs. Well, if you’re planning on using these, you may be putting your data and cybersecurity at risk. Researchers from Salt Security discovered several security vulnerabilities with plugins and GPTs that may have led to some ChatGPT users’ accounts being hacked

Plugins and GPTs add more utility to ChatGPT. They allow the chatbot to do more than just answer typical AI chatbot questions. Think of GPTs as smaller user-created versions of ChatGPT that are specialized to do specific tasks. Users create these GPTs and post them to the GPT store. So, think of them as Google Chrome extensions. Users create them and post them to the GPT store, where you can install them and use them within ChatGPT.

Security vulnerabilities were found with some ChatGPT plugins

Salt Security was able to find three different potential issues affecting users. These issues could give bad actors access to users’ accounts, which is never a good thing.

First vulnerability

The first security issue occurs when actually installing a plugin or GPT. Unfortunately, ChatGPT does not verify that a user has begun installing a plugin. This is a big issue that will be explained in a bit.

When you install a new plugin, ChatGPT needs to verify it. In order to do this, the plugin’s website will need to send you a code. You will then send that code to ChatGPT which will verify that code with the website. Once ChatGPT verifies that the code is legitimate, the plugin is then installed.

However, this is a way for bad actors to steal victims’ information. The secret code is stored within a link. After that, the plugin is installed with the user’s credentials. This means that the user has control over the plugin.

This is why it’s bad that ChatGPT does not verify that users have started the installation process. A bad actor can send anyone a link containing a code to install the plugin on your account using the attacker’s credentials. Since ChatGPT doesn’t verify that the account holder has started the installation process, any person who sends the code can have the plugin installed.

Once installed, the attacker will have control over the GPT on the victim’s account. At that point, the attacker can have the malicious plugin redirect all of your chat conversations and information to it. This will put all of your sensitive information in the attacker’s hands.

Second vulnerability

The next vulnerability is a major threat if you use the AskTheCode plugin. This is a plugin that connects your ChatGPT account with your GitHub account. When you install this plugin, it actually creates a separate account to store your GitHub credentials.

Well, hackers are able to break into users’ GitHub accounts and steal their GitHub repositories through a vulnerability. According to the report, this action is done by sending the victim a special link. The link will reveal a key piece of information about the user, called their memberId, and send it to the attacker.

Well, the memberId of a person is extremely crucial. After that point, the attacker goes to ChatGPT and installs the AskTheCode plugin. At that point, they will install the plugin and use the victim’s member ID to authenticate it. When that happens, the attacker will gain access to the victim’s AskTheCode account and the victim’s GitHub account. This will give the attacker access to the repositories.

Third vulnerability

Lastly, the third vulnerability is similar to the second one. The attacker would send a malicious link to the victim that will install the plugin but using the victim’s credentials. This will give the attacker control over the victim’s account.

Hopefully, these issues will be ironed out before more victims pop up.


[ad_2]
Source link

Nissan Confirms Data Breach Affected 100,000 Customers and Employees

andreasc
-
0
Nissan Confirms Data Breach Affected 100,000 Customers and Employees
[ad_1]

Following a cyberattack in December 2023, Nissan confirms a data leak impacting customers, dealers, and employees. Information potentially compromised includes names, contact details, and even government-issued IDs for up to 10% of those affected. Nissan is notifying individuals and offering support services.

Nissan Confirms Data Breach Affected 100,000 Customers and Employees

Nissan Motor Corporation’s Oceania region has confirmed a data breach impacting roughly 100,000 individuals. The breach, linked to a December 2023 cyberattack claimed by the Akira ransomware group, exposed the personal information of customers, dealers, and some current and former employees.

For your information, Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand were impacted by a cyberattack on December 5, 2023.

“On 5 December 2023, a malicious third party obtained unauthorised access to our local IT servers. We took immediate action to contain the breach, and promptly alerted the relevant government authorities, including the Australian and New Zealand national cyber security centres and privacy regulators” Nissan revealed in an update released on 13 March 2024.

Akira ransomware group claimed to have stolen 100 GB of information including corporate files and personal information. Other impacted businesses included Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM. Hackers then published files stolen from Nissan systems, indicating the company refused ransom demands.

Nissan detected the ‘disruptive incident’ the same month and notified customers but crucial details about data exfiltration weren’t confirmed until now. While the exact nature of the compromised data remains under investigation, Nissan acknowledges the possible leak of government-issued identification documents, names, and contact details. The company emphasizes that they are still validating contact information and removing duplicates, so the final number affected might be slightly lower.

Nissan Oceania has now started contacting the 100,000 affected individuals. The carmaker has reported that the type of information compromised in the breach might be different for each affected individual.

The company estimates that up to 10% of individuals may have had their government identification compromised, with the data set including 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports, and 1,300 tax file numbers. The remaining 90% of the affectees Nissan is notifying have had other personal information impacted, including loan-related transaction statement copies, employment or salary information, and general information like dates of birth. 

The company is providing support services to affected individuals and enhancing cybersecurity measures to prevent future incidents, while also offering free identity theft and credit services.

Nissan advises customers to remain vigilant and be cautious of any suspicious emails, calls, or text messages. They recommend monitoring financial statements for unauthorized activity and considering placing a fraud alert on their credit reports.

Experts Comments

Commenting on the news and providing insight, Erfan Shadabi, a cybersecurity expert at comforte AG said, “This data breach on Nissan demonstrates just how important it is for every organization to rethink data security. Nissan must now assess just how much sensitive information has been released.”

“Hopefully, they can navigate this situation effectively with minimal damage. The distressing fact is that ordinary individuals and users invariably find themselves at the mercy of organizations failing to fortify their data against potential breaches. The fallout from such incidents can range from identity theft to financial losses, leaving users vulnerable to a myriad of cyber threats,” Shadabi warned.

“The ironic thing is that enterprises can avoid the threat of leaked hijacked data simply by taking a data-centric approach to protecting sensitive information. Using tokenization or format-preserving encryption, businesses can obfuscate any sensitive data within their data ecosystem, rendering it incomprehensible no matter who has access to it. These reports should all be treated as cautionary tales, as any enterprise might find itself in the same boat without the proper data-centric approach,” he stressed.

  1. Cybercriminals Exploit CAN Injection Hack to Steal Cars
  2. Nissan Leaf Maybe At Threat Because of Vulnerable APIs
  3. App Flaw Allowed Nissan Cars Hack by Knowing VIN number
  4. Nissan Canada cyber attack; millions of customer accounts stolen
  5. Nissan source code leaked, “admin” was its as username, password

[ad_2]
Source link

BOE’s new double-layer OLED display increases screen life by 6 times

andreasc
-
0
BOE’s new double-layer OLED display increases screen life by 6 times
[ad_1]

BOE has a new screen to offer, and HONOR will be the first to use it. BOE’s new double-layer OLED screen actually increases screen life by 6 times, the company claims.

BOE has a new double-layer OLED display to offer, with major improvements

HONOR confirmed as much via a post on Weibo (Chinese social media network). The image that the company shared (shown below), and the caption that accompanies it, clearly states a 600% improvement in terms of screen life.

BOE double layer display HONOR coming

That’s not all, though. A 40% boost in power efficiency is also noted here. Needless to say, that’s another huge benefit to this display. It seems like the HONOR Magic6 Ultimate will be the phone to feature this panel.

That handset will launch on March 18, the company confirmed recently. It will launch in China, during the same event where we’ll see the Porsche Design HONOR Magic6 RSR. It’s actually possible the two phones will share their design.

We don’t really have any more information about this display. These two tidbits that the two companies shared are more than enough to get us excited about BOE’s new panel, that’s for sure.

The HONOR Magic6 Ultimate will seemingly be the first phone to use that panel

The HONOR Magic6 Ultimate will look a bit different than the HONOR Magic6 Pro, even though their internals will be almost identical. It will have a different camera shape on the back, and a different backplate in general.

HONOR already confirmed the design, basically, so there’s not much to hide in that regard… at least from the looks perspective. The size of the phone will not change, we’re looking at the HONOR Magic6 Pro dimensions.

The HONOR Magic6 Ultimate likely won’t launch globally, but the Porsche Design HONOR Magic6 RSR is expected to arrive to global markets. The Snapdragon 8 Gen 3 will fuel both smartphones, most likely, while you’ll be getting a whole range of high-end specifications as part of the package.


[ad_2]
Source link

Apple bought AI startup Darwin AI

andreasc
-
0
Apple bought AI startup Darwin AI
[ad_1]

Right now, some of the biggest companies in the world are releasing their ambitious AI products. This includes Google, Microsoft, and Meta. However, one company is missing from all the actions, and that is Apple. This won’t be the case for long, as it is getting its AI game into order. Apple has purchased an AI startup called Darwin AI in order to boost its AI endeavors.

Right now, information on the type of AI that Apple is going to launch is extremely scarce. The company is really good at keeping its information close to the chest. As anyone can guess, Apple’s AI will possibly be closely integrated into the company’s products like iOS, iPadOS, and macOS. As such, if Apple’s AI doesn’t usher in a paradigm shift in generative AI technology, it will at least drive additional sales of its hardware.

Apple buys AI startup Darwin AI

According to the report, this acquisition isn’t exactly new. Apple purchased Darwin AI earlier this year. So, the company has been planning on boosting its AI for some time. In case you don’t know what Darwin AI is, it is a Waterloo-based AI software development company. It’s a visual quality inspection company that provides end-to-end AI solutions for several top brands. Its technology is used by manufacturers to visually inspect components during the manufacturing process.

AI researcher Dr. Alexander Wong is one of the folks responsible for building Darwin AI. It was reported that several Darwin AI employees are being moved to Apple’s AI team, and Dr. Wong is one of them. At this point, we don’t know exactly how many members are being moved over. Also, we don’t know how much money Apple bought the company for. However, we are certain it was a multi-million-dollar deal.

We don’t have a timeline for when Apple is going to start revealing information about its AI. All we can do at this point is wait for more information to come out. In any case, we know that when Apple eventually does launch its AI, it’s going to give current AI companies that run for their money.


[ad_2]
Source link

ASUS Zenfone 11 Ultra goes Official with Huge Display Upgrade

andreasc
-
0
ASUS Zenfone 11 Ultra goes Official with Huge Display Upgrade
[ad_1]

The ASUS Zenfone 11 Ultra was announced this morning as a sort of successor to the Zenfone 10, but not really. That is because the one feature that made the Zenfone 10 so famous, is no longer available on the Zenfone 11 Ultra. And that’s the size of the phone.

For the last couple of years, ASUS has gone with a more compact phone that features a 5.9-inch display. But this year, ASUS has gone big, literally. The Zenfone 11 Ultra sports a 6.78-inch AMOLED 144Hz display. That puts it on par with most of the other flagship smartphones in the market today.

Unfortunately, for those who loved the compact phones, ASUS has told us that this is the only Zenfone model they plan to release this year.

ASUS has stuck with a no-frills approach for Zenfone 11 Ultra

The Zenfone 11 Ultra doesn’t have a lot of tricks up its sleeve. Instead, ASUS has opted to go with the approach of letting the specs speak for themselves. Don’t get me wrong, there are some AI features included in the Zenfone 11 Ultra, but not as many as you might expect.

On the specs front, this phone sports a Snapdragon 8 Gen 3 processor, 12GB of RAM and 256GB of storage, or 16GB of RAM and 512GB of storage. There is also a 5,500mAh capacity battery inside, which can be charged at up to 65W. However, the charger is no longer available in the box.

ASUS also upgraded the cameras this year. Sporting a 50-megapixel primary sensor, a 13-megapixel ultrawide, and a 32-megapixel telephoto lens that can do 3x optical zoom. There’s also a 32-megapixel front-facing camera for those selfies.

As mentioned before, it does have a 6.78-inch display with a 144Hz refresh rate. However, 144Hz is only available in-game. The rest of the time, it will intelligently move between 1Hz and 120Hz since it is an LTPO display. It also has a peak brightness of around 2,500 nits, which is pretty respectable.

ASUS is including its GlideX software on the Zenfone 11 Ultra, allowing you to connect your phone to your Windows PC without even using WiFi. You can use a USB-C cable to do so and be able to screen mirror, stream apps, drag and drop files, and so much more.

The usual AI features are here as well, including AI Noise Cancellation, so you can take a call in a bar or at a game and no longer worry about the other person being able to hear you. Generative AI wallpapers and AI transcripts are also here, and they will convert voice memos to text for you.

When can I buy the ASUS Zenfone 11 Ultra?

Pre-orders for the ASUS Zenfone 11 Ultra are available now on ASUS eShop, Mobile Advance, and Amazon. The Zenfone 11 Ultra will officially launch on April 14. Those who pre-order a Zenfone 11 Ultra will also receive a pair of ROG Cetra True Wireless Earbuds in the Moonlight White color, which is a $99 value.

Now, what about the price? Well, the Zenfone 11 Ultra did get a price increase this year, as expected, with the much larger size of the phone. It starts at $899. That’s $200 more than the starting price of the Zenfone 10.


[ad_2]
Source link

Google Home Web gains camera history and download features

andreasc
-
0
Google Home Web gains camera history and download features
[ad_1]

The Google Home web interface is being greatly improved, closing the gap between its desktop iteration and mobile applications. To improve performance and experiences, Google has introduced camera history as well as video playback features in its Google Home web app which will launch within the next few days.

Google Home web app now lets you download and preview camera footage

Before now, the web interface was only good for managing smart home routines and connected cameras but lacked basic functionalities like camera history and video playback. With the newly announced updates, users will be able to get into their camera’s history, access recorded videos, and download personalized clips from their browsers.

The newly designed Google Home for Web interface is accessible through home.google.com on desktop web browsers. It provides a more encompassing range of tools for managing connected cameras within the Google Home ecosystem. Nest Aware Plus subscribers can view their entire 24/7 video history including downloading custom clips of any length thereby increasing the utility of this web interface.

Public Preview for Google Home’s web interface is already out. Users can test upcoming features earlier than the app’s wider launch. Though the specific changes brought by Public Preview are yet to unravel, Google has indicated that it will include more web-specific functions in the future.

Public preview beta is out for people who want to test the upcoming features

This expansion of the Public Preview program shows how much commitment Google puts into constantly improving its Google Home web interface and providing advanced features to users. Through these improvements, Google hopes to allow users to control smart home gadgets smoothly and easily access camera footage straight from the browser.

With further investments in its web interface, we could expect more enhancements and optimizations for users’ browsing experience thus making interactions with smart devices easier. So watch out for more updates on the new capabilities of Google Home’s web application from the company.


[ad_2]
Source link

Webinar recap: 6 critical cyberthreats in 2024 and how to counter them

andreasc
-
0
Webinar recap: 6 critical cyberthreats in 2024 and how to counter them
[ad_1]

Our webinar on the 2024 State of Malware report is now available on-demand. Featuring cybersecurity experts Mark Stockley and Jérôme Segura, this webinar unpacks 2024’s most critical cyberthreats, including big game ransomware, malvertising, and emerging challenges to mobile and Mac security.

Key highlights:

  • Expert insights: Stockley and Segura explain how the cybercrime landscape has shifted significantly in the past year, outlining the six most critical cyberthreats to watch out for in 2024.
  • Practical defense strategies: Learn about how layered defense systems, including EDR, MDR, and web protection, can protect your data, devices and your business from emerging cyber threats.
  • Why it’s essential: The webinar equips IT and security teams with a new threat prevention playbook that they can leverage today to prepare for 2024 cyberthreats of all types–not just malware.

Don’t let evolving threats catch your organization off guard—watch the webinar and arm yourself with the latest insight.


[ad_2]
Source link

Podcasts on YouTube Music soon to have ‘Trim Silence’

andreasc
-
0
Podcasts on YouTube Music soon to have ‘Trim Silence’
[ad_1]

After killing Google Podcasts and making YouTube Music the main venue for listening to podcasts, Google is now introducing new features to make the podcast experience on YouTube Music even more enjoyable. As 9to5Google reports, Google is preparing to introduce the “Trim Silence” option to YouTube Music.

YouTube Music features Trim Silence for podcasts

The information obtained via YouTube Music, v6.43.52, indicates that Google is laying the groundwork for adding the Trim Silence feature to the app. As the name implies, the feature could remove unnecessary and redundant podcast silence moments. This allows podcast hosts to have a handy and professional editing tool in place.

The Trim Silence feature is still under development and has not yet been released on YouTube Music. Hopefully, it will be available on the app in the coming months.

Back in September, Google announced that its podcasting app would be shut down in 2024. The move didn’t come as a surprise. Because Google has a long history of killing its services and sending them to its infamous Graveyard. At the time, the tech giant said podcasting features would be incorporated into YouTube Music.

YouTube Music comes as a worthy replacement for Google Podcasts

While YouTube Music wasn’t initially quite prepared to host podcasts, the company added new features to prepare the app for listeners and podcasters. It first added the ability to add podcasts via RSS and later brought an automatic downloading feature for new episodes.

Compared to popular podcasting apps like Spotify, YouTube Music is still missing many features. However, Google’s massive user base and regular updates can turn YouTube Music into a worthy rival to Spotify. Both platforms’ primary focus is now music. Meanwhile, the growing number of podcast listeners could not also be ignored.

While YouTube Music is adding new features to stoke more interest in its services, its parent company, YouTube, is ditching some of its most beloved features. Recently, Xiaomi announced it will no longer let users play YouTube videos in the background, declaring “compliance requirements” as the reason for the change. The move allegedly stems from Google’s plans to sell more YouTube Premium subscriptions.


[ad_2]
Source link

Caviar added Cybertruck design to Galaxy S24 Ultra & S23 Ultra

andreasc
-
0
Caviar added Cybertruck design to Galaxy S24 Ultra & S23 Ultra
[ad_1]

Alongside Apple Vision Pro-inspired iPhone 15 Pro and iPhone 15 Pro Max, Caviar made customized versions of Samsung‘s Galaxy S24 Ultra and Galaxy S23 Ultra inspired by Tesla’s Cybertruck. The phones have a unique rear design resembling the electric pickup truck. The firm precisely crafted the design and used premium materials to give the devices a luxurious finish. The internals remain unchanged.

Caviar launches Cybertruck-inspired Galaxy S24 Ultra and S23 Ultra

Caviar is known for making ridiculously expensive customizations of flagship smartphones, predominantly the iPhone and Samsung Galaxy. Based in Dubai, the firm uses premium materials such as gold and titanium in its products. It also crafts unique designs so the devices stand out in the crowd. It has just added Cybertruck-inspired Galaxy S24 Ultra and Galaxy S23 Ultra to its collection.

Like Tesla’s futuristic electric truck, the Caviar-made phones have a clean metallic body with sharp lines and a geometrical shape. The company has paid attention to incorporating the truck’s windshield and headlight designs into the body. The frame is made of aerospace-grade titanium, which should make the devices stronger. Samsung used poor-quality titanium that gets damaged easily.

Caviar Galaxy S23 S24 Ultra Cybertruck edition 2

Caviar’s Galaxy S24 Ultra and Galaxy S23 Ultra have red and white decorative accents created using colored enamel. “Every aspect of this device reflects the spirit of innovation that unites Tesla and Samsung,” the company says. “The car of the future in your hands.” The devices come in limited quantity, with the company offering 99 units each. After all, these are super-expensive and luxurious products.

Speaking of the cost, the Cybertruck-inspired Galaxy S24 Ultra costs $8,770 for the 256GB variant. The 512GB and 1TB variants come at $9,130 and $9,490, respectively. If you grab last year’s Galaxy S23 Ultra, the three storage variants cost $8,490, $8,840, and $9,200, respectively. Like with other products, Caviar offers a 15% discount on the bill amount when paying with cryptocurrency.

Caviar also offers bespoke options

If Caviar’s luxurious customizations aren’t enough for you, the company offers bespoke options for its products. You can get personalized engraving on the side edges, add your logo or initials to the body, modify the design with custom shapes and elements, replace the material, and even customize the packaging. Caviar will charge extra for this personalization.

It will only alter the aesthetics of the devices, though. You will get a unique product but only on the outside. It will function like a regular Galaxy S23 Ultra or Galaxy S24 Ultra that costs just over $1,000. Caviar has also made these kinds of luxurious modifications to the two Samsung flagships in the past. The Cybertruck edition is the newest variant in its collection. The devices are available to purchase from Caviar’s website.


[ad_2]
Source link

TikTok faces ban in US unless it parts ways with Chinese owner ByteDance

andreasc
-
0
TikTok faces ban in US unless it parts ways with Chinese owner ByteDance
[ad_1]

The House of Representatives has passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app.

TikTok is an immensely popular social media platform that allows users to create, share, and discover, short video clips. It’s experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5 billion users, with an estimated 170 million of them in the US.

Since 2020, several governments and organizations have banned, or considered banning, TikTok from their staff’s devices, but a complete ban of an internet app would be a first in the US.

Other countries have done this before. In 2020, India was the first country to ban TikTok, along with around 200 other Chinese apps that were all blocked from operating within the country. The ban cost TikTok some 200 million users.

General Paul Nakasone, Director of the National Security Agency (NSA) certainly fueled the feeling of necessity for such a ban. Speaking at a US Senate hearing in March 2023, the general said “one third of Americans get their news from TikTok”, adding “one sixth of American youth say they’re constantly on TikTok. That’s a loaded gun.”

And a former executive at TikTok’s parent company ByteDance claimed in court documents that the Chinese Communist Party (CCP) had access to TikTok data, despite the data being stored in the US. The allegations were made in a wrongful dismissal lawsuit which was filed in May in the San Francisco Superior Court.

Ever since then, TikTok has been battling to convince politicians that it operates independently of ByteDance, which has deep ties to the CCP. For example, TikTok has repeatedly claimed the Chinese government never demanded access to US data and that TikTok would not comply if it did.

All this, and the fear of foreign influence on the upcoming elections, led to the bipartisan legislation introduced in the House with the expectation to send it to the Senate later this week.

Essentially, the bill says that TikTok has to find a new owner that is not based in a foreign adversarial country within the next 180 days or face a ban until it does comply.

The Electronic Frontier Foundation (EFF), an international non-profit digital rights group based in the US, says it opposes this bill, mainly because it is afraid that TikTok will not be the last app to face this type of ban. It mentions Tencent’s WeChat app as an example of what could be the next target.

A year ago, supporters of digital rights across the country successfully stopped the federal RESTRICT Act aka the “TikTok ban.” The RESTRICT Act was introduced in the United States Senate on March 7, 2023 and requires federal actions to identify and mitigate foreign threats to information and communications technology products and services (e.g., social media applications). It also establishes civil and criminal penalties for violations under the bill.

The EFF argues that the bill will not stop the sharing of data but it will reduce online rights in a way that is unconstitutional. And it says the focus should be on the common practice of data collection in the first place, rather than single out one app.

The point made by the EFF stipulates that data brokers will continue to sell our information to whomever is willing to pay. And the apps providing brokers with data are certainly not limited to those that hail from a foreign adversarial country.

Chinese officials reportedly said the government would “firmly oppose” any forced sale of TikTok because it would “seriously undermine the confidence of investors from various countries, including China, to invest in the United States.”

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.


[ad_2]
Source link
1...317318319...1,474Page 318 of 1,474