Google’s Bard is one of the most powerful AI chatbots on the internet. When you ask it a question, it gives you a solid block of text all at once. This process is pretty timely, but Google pushed an update to its chatbot. According to a new report, Bard will generate its responses in real time rather than at once.
Generating responses in real time is something that chatbots like ChatGPT and Bing AI do. You’ll see your response being typed out word by word, and this process can take quite some time. Comparing the speed of ChatGPT and Bard, the latter left the former in the dust. However, speed is only one factor of what makes a good chatbot.
Bard will generate its responses in real time
Generating text at once and in real time both have their benefits. If you need your response in the blink of an eye, then you’ll want the first option. It’s a great way to expedite your chatbot experience. However, what if you want to see your response actively being worked on to see if it’s what you want before it’s finished?
This is something that you get to do with ChatGPT and Bing AI. Google sees the value in this, so the company updated Bard to type out its responses in real time. This means that you’ll see the response being typed out word by word.
Say, you wanted it to generate a whole story. Well, you could get a headstart reading it while it’s being made. This would give you an idea of whether it’s in the right format or if it’s starting off in the right direction that you want. You’ll be able to stop it early and make adjustments before it’s finished.
In the long run, this could actually speed up the process. Just know that Bard produces the responses rather quickly; it might be finished before you can reach for the Stop generating button.
But, you can change it back
In any case, if you don’t like this new addition, you can change this in the settings. There’s also a popup that appears at the top of the screen that will lead you to that setting.
Explore insights into the rise of Quishing attacks, the risks associated with QR code exploitation, and crucial preventive measures to protect against this growing cybersecurity threat.
Check Point’s Harmony Email team has reported a startling increase of 587% in QR code phishing or Quishing attacks. This shocking rise was observed between August and September 2023. Researchers noted thousands of QR code-related attacks each month.
In the company’s blog post, authored by Check Point’s cybersecurity researcher/analyst Jeremy Fuchs, explained that hackers lure users with QR codes, redirecting them to credential-harvesting websites. In the UK and Europe, around 86.66% of smartphone users have scanned one QR code at least in their lifetime, and 36.40% scanned a code at least once a week.
It isn’t surprising though because in October, Hackread.com reported the findings of SaaS-base cloud messaging security firm SlashNext, according to which a sudden spike was witnessed in QR code-based phishing attacks.
QR codes are easier to exploit because these encode complex data and a compromised code can quickly redirect users to malicious websites. SlashNext researchers noted that attackers prefer two prominent attack methods to exploit QR codes: Quishing and QRLJacking. Now, Check Point has reported that a massive rise in Quishign attacks has been noticed.
Quishing is a type of phishing attack. Unsuspecting users are tricked into accessing malicious websites or downloading malware after scanning a QR code. There are several reasons why Quishing attacks are on the rise, such as their widespread nature, as millions use them to make payments, scan menus, and access information, which makes them an attractive target for threat actors.
Moreover, QR codes can be exploited to hide malicious links, which can lead users to any website the attacker wants them to without alerting them about suspicious activity.
Harmony Email’s team found that lately, attackers are redirecting users to credential-harvesting sites through QR code lures using social engineering to target end-users with emails that can look like this:
Image credit: Check Point
The lure used in the email is that Microsoft multi-factor authentication is expiring, and the users must re-authenticate. It is worth noting that the email’s body content claims to be sent by Microsoft, but the sender’s address is different.
To combat Quishing, you must add the OCR (Optical Character Recognition) feature in security solutions to detect malicious QR codes. OCR can help you translate the codes into the URL behind the code, and then you can run the URL through a URL analysis tool. However, suspicion should be raised right when you observe that a QR code is present in the email message body.
Since Quishing attacks are becoming a solid threat, it is essential to exercise caution. Never scan without checking the sender’s source, and avoid scanning codes provided with emails unless you have verified the sender. Security professionals must implement email security that leverages OCR for all attacks. They must implement AL, ML, and NLP-based security to understand the real intentions of a message.
YouTube Music looks completely different from how it looked just a year ago because the company is always pushing new visual updates to the app. Just last month, it brought several visual changes. Now, according to a new report, the Now Playing screen in YouTube Music is getting a new gradient look to it.
Right now, when you’re using YouTube Music, you’ll see a solid color background that resembles the color of the album art. It gives the UI a little bit of flair and keeps things fresh. It does the same thing with the color for the widget.
But, YouTube Music is going to change that with the new gradient look
The interface looks nice as is, but the company is now testing a new look that might make it look better. Looking at the screenshot below, we see a gradient where the top of the interface is a lighter shade of the color that gradually gets darker. The color gets pretty dark pretty quickly, but you’re still able to get a good feel for the color aesthetic of the background.
Another thing you’ll notice about the interface is the bottom bar. This houses the Up Next, Lyrics, and Related buttons. Currently, that bar has a different shade of color compared to the rest of the background. In the screenshot, we see that it completely blends into the background. So, the text of the buttons will float in the interface.
Right now, we don’t know when YouTube is going to launch this feature to the public. We weren’t able to see the change just yet at Android Headlines. So, it’s either being tested among a limited audience or just now rolled out widely yet.
If you want to make sure that you can see it, be sure that your app is fully updated. Go to the Play Store and find the YouTube Music app (or you can access the Play Store through the App Info screen). Update the app if the option is there.
A team of researchers comprising Georgia Tech’s cybersecurity professors, Daniel Genkin and Jason Kim, University of Michigan’s Stephan van Schaik, and Ruhr University Bochum’s Yuval Yarom have published a research paper explaining a vulnerability they discovered in Apple devices that affects Macs and iPhones.
Researchers explained in the paper titled “iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices,” that the vulnerability, dubbed iLeakage, has been affecting Macs and iPhones since 2020. The attack mainly affects those devices that were built with Apple’s Arm-based A-series and M-series chips.
Researchers devised an attack that forced Apple’s Safari browser to divulge passwords, Gmail content, and other sensitive data by exploiting a side channel vulnerability in the CPUs.
This vulnerability is built off an existing attack technique used on CPUs for over six years. Back in 2018, security researchers reported that all modern CPUs can be exploited to leak sensitive data by exploiting an integral feature on the processor called Speculative Execution.
In this technique, modern CPUs try to improve performance by executing instructions before they know it is needed. iLeakage is a browser-based attack exploiting a timerless speculative execution flaw in Apple devices. Timerless speculative execution lets the CPU execute instructions even without any time running. The attackers can exploit this to perform malicious operations without getting detected.
What happens in iLeakage attacks is that the CPU is tricked into executing speculative code that reads sensitive data from memory. The attacker can exfiltrate this data without alerting the user. It is a dangerous attack because adversaries can perform them without needing the victim to click on malicious links or open infected documents/attachments.
The flaw exists in the way the Safari browser handles JavaScript timers. This allows attackers to create malicious JavaScript code and use it to steal sensitive data from the device. The stolen data may include passwords, PII (personal identification information), and credit card numbers. Using this data, attackers can commit crimes like identity theft and fraud.
Researchers noted that iLeakage attacks are currently effective on Apple devices running Safari. However, other platforms or browsers may also be vulnerable. Therefore, it is essential to exercise caution to prevent iLeakage attacks. Always keep your software up-to-date and use a security solution that can detect/block speculative execution attacks.
The findings were disclosed to Apple on 12 September 2022. The company acknowledged this issue, and Apple’s Product Security team and Safari browser development team collaborated with the researchers to develop countermeasures. As a result, Apple refactored Safari’s multi-process architecture. These changes are currently under active development and are available in Safari Technology Preview versions 173 and above.
Apple has released a new inter-process communication API to spawn new processes for pages launched with window.open(). Researchers have confirmed that the patch mitigates iLeakage attacks by preventing the consolidation of domains across security boundaries but it has limitations.
“We have empirically verified that this patch mitigates our attack by preventing the consolidation of domains across security boundaries. This means that while it is still possible to escape the speculative JavaScript sandbox, an attacker will only be able to read their own address space and therefore their own data,” researchers concluded.
The full report can be accessed here (PDF), and there is a dedicated site available to demonstrate the iLeakage attack.
Regarding this research, Lionel Litty, Chief Security Architect at Menlo Security, a Mountain View, Calif.-based provider of browser security stated that this attack shows browsers are the new OS.
“This attack illustrates how for both attackers and defenders, the browser is the new OS, with web primitives such as origins and web workers that parallel OS primitives, such as applications and threads. Security practitioners must educate themselves on this attack surface.”
John Gallagher, Vice President of Viakoo Labs at Viakoo, a Mountain View, Calif.-based provider of automated IoT cyber hygiene noted that this attack method is not as significant as is the realization that threats are continually evolving.
“The significance is not necessarily in this as an attack method, but more in how threats are evolving based on the tradeoff between speed and security. Prefetching of information to speed up CPU execution has been around for a while, and equally has been exploited for a while. This is just a further “tit for tat”, and will be remediated in future CPU development.”
Gallagher, however, claims that in this attack, organizations aren’t at high risk because this attack requires a high degree of sophistication and there aren’t any reports that it has been exploited in the wild.
“Organizations are not at high risk, given that this attack method requires a high degree of sophistication by the threat actor and has not been seen exploited yet in the wild (or at least not reported). Organizations concerned (or high-value individual targets) should consider enabling lockdown mode, or using the MacOS (unstable) patch available,” Gallagher stated.
After it started testing a $1-per-year subscription for new users in select countries X (previously Twitter) announced over the weekend that it has decided to launch an even more expensive tier than the one that gets users verified on the platform.
In an attempt to stop the deep dive of its revenue to abysmal numbers, X is now launching the Premium Plus tier, which costs no less than $16 per month. The information was confirmed by the X Premium account, along with details about the benefits that those who are willing to pay for it will receive.
For starters, Premium Plus will completely remove ads from the For You and Following feed tabs. More importantly, X promises to offer Premium Plus subscribers the largest boost for their replies in comparison with other Premium tiers or unverified users.
Premium Plus benefits
Finally, X says that Premium Plus subscribers will have access to its full suite of creator tools. All of these benefits are now available for those who subscribe to Premium Plus on the web. It’s not possible to subscribe to Premium Plus on mobile yet, but that’s probably going to be added very soon.
However, Android and iOS users might be forced to pay for X’s Premium Plus plan due to the fees the company must pay to Apple and Google. Those fees are non-existent on the web because the distribution is handled directly by X.
Currently, X has three different subscriptions plans: Basic, Premium, and Premium Plus. The cheapest tier costs $3 per month, while the Premium and Premium Plus are now available for $11 and $16, respectively. For more details about the benefits of each of these tiers, make sure to visit X’s dedicated page.
Google has started rolling out a new feature for the Clock app that integrates weather information along with the time. Per 9to5Google, this is now being offered to those with a Pixel 8 series phone or who have a Pixel subscribed to the Android 14 QPR1 beta program. One word of caution, the feature is still rolling out and is not on all eligible Pixel models at this time. For example, my Pixel 6 Pro is running the latest Android 14 QPR1 Beta 2 release but still does not have this feature yet.
In the Clock tab of the Clock app, you will see the current temperature and the day’s high and low for each city you track on the app. To enable this feature, you’ll see a button that says “Add local weather” under the local time and date. Tapping that button will not only allow you to set up the weather data, but it also will help you give your Pixel the necessary location permission to add the weather to the Clock app. Once you’ve enabled the weather integration on the Clock app, there is no way to disable it.
The Clock app’s World widget will also show the weather for the cities you’ve set on the app. But the problem here is that this widget will take up some real estate on your Pixel screen as it requires space for a 4×3 widget or larger.
Weather integration comes to the Pixel’s Clock app. Image credit-9to5Google
Suppose you live in a country that uses Celsius instead of Fahrenheit or vice versa. You can dive into the Clock app’s settings by tapping the three-button icon on the upper right of the screen and clicking on Settings. Under the “Clock” section there is (or will be, if you haven’t received the update yet) a listing that says “Change temperature units.” Tap on it and you’ll be sent to the Android Regional preferences page where you can choose to see the temperature in Fahrenheit or Celsius.
Pixel users will be able to see a full-page weather forecast when a scheduled alarm goes off
With the update, you’ll be able to set the Clock app to show you a full-screen weather forecast whenever a scheduled alarm goes off. After setting a new alarm by pressing “OK” on the alarm setting screen, you’ll see choices to schedule the alarm to repeat on certain days. In that list, there is an option called “Weather forecast.” Tap on that option and whenever that specific alarm goes off, you’ll see a description on the screen of the current conditions and temperature, the forecast for the current day with the expected high and low, and the forecast for the next day. You can set this to occur on every alarm you set or schedule.
Since this feature is showing up on Pixel phones running Android 14 QPR1 Beta 2, those not using a Pixel 8 or Pixel 8 Pro, or have a Pixel running the stable version of Android 14, won’t see the weather integration on the Clock app until the December Pixel Feature Drop is disseminated later this year.
Apple has released security updates for its phones, iPads, Macs, watches and TVs.
Apple has released security updates for its phones, iPads, Macs, watches and TVs.
Updates are available for these products:
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later get iOS 17.1 or iPadOS 17.1.
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later get iOS 16.7.2 or iPadOS 16.7.2.
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) get iOS 15.8 or iPadOS 15.8.
The important vulnerabilities that have been addressed in this raft of updates are:
CVE-2023-40423, a critical vulnerability in IOTextEncryptionFamily that could allow an app to execute arbitrary code with kernel privileges. Arbitrary code execution means an attacker could run any commands or code of their choice on a target machine or in a target process. Kernel privileges means the attacker would have the highest level of access to all machine resources.
CVE-2023-40413, a vulnerability in Find My that could allow another to read sensitive location information.
CVE-2023-40416, a vulnerability in ImageIO which means processing an image could result in disclosure of process memory.
CVE-2023-42847, a vulnerability in Passkeys could allow an attacker to access passkeys without authentication. A passkey is a way to sign in to an app or website account, without needing to create and remember a password.
CVE-2023-42841, a vulnerability in Pro Res could allow an app to execute arbitrary code with kernel privileges.
CVE-2023-41982, CVE-2023-41997, and CVE-2023-41988 are a set of vulnerabilities in Siri that would allow an attacker with physical access to use Siri to access sensitive user data.
CVE-2023-40447 and CVE-2023-42852 are vulnerabilities in WebKit that could be used for arbitrary code execution. Visiting a specially crafted website could cause WebKit to perform operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVE-2023-32434 is a vulnerability that could allow an app to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
CVE-2023-41989 could allow an attacker to execute arbitrary code as root from the Lock Screen due to a vulnerability in Emoji. The issue was addressed by restricting options offered on a locked device. Root is the superuser account in many opeating systems. It is a user account for administrative purposes, and typically has the highest access rights on the system.
CVE-2023-38403 is a vulnerability in iperf3 before 3.14 that could allow peers to cause an integer overflow and heap corruption via a crafted length field. iPerf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks. An integer overflow is a programming error that allows an attacker to manipulate a number the program uses in a way that might be harmful. If the number is used to set the length of a data buffer (an area of memory used to hold data), an integer overflow can lead to a buffer overflow, a vulnerability that allows an attacker to overloaded a buffer with more data than it’s expecting, which creates a route for the attacker to manipulate the program. Heap corruption occurs when a program modifies the contents of a memory location outside of the memory allocated to the program. The outcome can be relatively benign and cause a memory leak, or it may be fatal and cause a memory fault, usually in the program that causes the corruption.
CVE-2023-42856 could be used to trigger unexpected app termination or arbitrary code execution due to a vulnerability in Model I/O. Model I/O provides the ability to access and manage 3D models.
CVE-2023-40404 could allow an app to execute arbitrary code with kernel privileges due to a vulnerability in Networking.
CVE-2023-41977 is a vulnerability in Safari that could allow a malicious website to reveal browsing history.
Notably absent from the bugs that have been fixed is iLeakage, a sophisticated side-channel attack in the Spectre family.
The updates above may already have reached you, but it doesn’t hurt to check if your device is at the latest update level. If a Safari update is available for your device, you can get it by updating or upgrading your iPhone or iPad or your Mac.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
A group of cybercriminals known for advanced social engineering attacks has joined one of the biggest ransomware groups as an affiliate.
Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world.
Initially the group made a name for itself by SIM swapping. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but the most common ones involve social engineering attacks on the victim’s carrier.
“Octo Tempest monetized their intrusions in 2022 by selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals to steal their cryptocurrency.”
Since then the group has expanded its range of activities to include targeting organizations providing cable telecommunications, email, and tech services, and partnering with the ALPHV/BlackCat ransomware group.
ALPHV was the third most used RaaS between October 2022 – September 2023
ALPHV is a typical RaaS group where several criminal organizations work together to extort victims for data theft and/or encryption of important files. ALPHV provides the ransomware, the infrastructure for negotiating ransoms, and a dark web site where stolen data is leaked. The service is used by criminal gangs called affiliates who actually carry out attacks.
As an ALPHV affiliate, Octo Tempest focused its deployments primarily on VMWare ESXi servers and other complex hybrid environments.
Microsoft reports that in doing so, Octo Tempest progressively broadened the number of industries it targeted for extortion, including natural resources, gaming, hospitality, consumer products, retail, managed service providers, manufacturing, law, technology, and financial services.
Having Octo Tempest as an affiliate brings specialized knowledge to ALPHV, such as SMS phishing, SIM swapping, and advanced social engineering techniques. The group includes members with extensive technical knowledge and multiple hand-on-keyboard operators.
Its social engineering attacks target accounts that have sufficient administrator rights to build out an impactful attack. For example, to keep their tracks hidden, Octo Tempest will target the accounts of security personnel, which allows them to disable security products and features.
The group uses all kinds of social engineering attacks and, as a last resort, they do not shy away from threatening targets with physical violence if they fail to comply.
A unique technique used by Octo Tempest is to use the data movement platform Azure Data Factory, and automated pipelines, to extract data to external servers, aiming to blend in with typical big data operations.
Similar to that the group uses many Living off the land (LOTL) techniques that make it hard to spot its activities. One of Microsoft’s recommendations is to keep close tabs on administrative changes in your environment.
Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes Managed Detection and Response (MDR) simply and effectively closes your security resources gap, reduces your risk of unknown threats, and increases your security efficiency exponentially. Malwarebytes MDR staffs highly experienced Tier 2 and Tier 3 analysts who are hands-on with customer endpoints, ensuring critical threats are quickly identified and a thorough response is rapidly deployed.
Want to learn more about MDR? Get a free trial below.
A security flaw called SQL injection has been uncovered in the D-Link DAR-7000 device.
SQL injection is a malicious attack that exploits vulnerabilities in web applications to inject malicious SQL statements and gain unauthorized access to the database.
This technique allows an attacker to view, modify, and delete data from the database, which can be a significant threat to the confidentiality, integrity, and availability of the data.
SQL injection attacks can target various types of databases, including MySQL, MSSQL, Oracle, and many others.
Malicious actors can exploit the vulnerability to obtain administrative privileges and execute unauthorized commands on the affected devices.
An official CVE number, CVE-2023-42406, has been assigned to identify and track a newly discovered vulnerability.
The severity level of this vulnerability is currently under analysis to determine the potential impact it could have.
On GitHub, a Proof-of-Concept (PoC) has been published to demonstrate how the vulnerability can be exploited.
CVE-2023-42406 – Proof of concept
According to the reports shared with Cyber Security News, this vulnerability exists in the /sysmanage/editrole.php endpoint, which is vulnerable to SQL injection.
A potential hacker can exploit a vulnerability by sending a specifically crafted payload, such as “hid_id=(select*from(select(sleep(3)))a)”, to the target endpoint. This can result in a successful exploitation of the system.
Exploited Response (Source: GitHub)
A complete report on this proof-of-concept has been published by GitHub, which provides detailed information about the exploitation.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.
Amazon has a fantastic deal on the Sony HT-A5000 Dolby Atmos soundbar, which can be yours for just $698 now. That’s going to save you $300 off of its regular price, and it does bring it down to an all-time low. So if you’ve had your eye on this soundbar, this is a great time to pick one up.
The Sony HT-A5000 is a crowd-favorite soundbar because it offers such incredible audio, in a very small package. It has Dolby Atmos, so you can make your home feel like a movie theater – at least from a sound perspective. There is also support for DTS:X and 360 Spatial Sound Mapping. Finally, it’ll give you 5.1-channel surround sound. All of this in a single soundbar, without any subwoofer needed.
Sony has included support for your favorite voice assistants, like the Google Assistant and Amazon Alexa. And it also has support for Spotify Connect, Chromecast built-in and Apple AirPlay 2. Making this a pretty impressive soundbar for the price.
You can pick up the Sony HT-A5000 Dolby Atmos soundbar from Amazon at the link below.