MakeUseOf: “A major vulnerability, CVE-2023-4863, can give hackers remote access to your whole system. Here’s what to do. A critical vulnerability in the WebP Codec has been discovered, forcing major browsers to fast-track security updates. However, widespread use of the same WebP rendering code means countless apps are also affected, until they release security patches. So what is the CVE-2023-4863 vulnerability? How bad is it? And what can you to? What Is the WebP CVE-2023-4863 Vulnerability? The issue in the WebP Codec has been named CVE-2023-4863. The root lies within a specific function of the WebP rendering code (the “BuildHuffmanTable”), making the codec vulnerable to heap buffer overflows. A heap buffer overload occurs when a program writes more data to a memory buffer than it’s designed to hold. When this happens, it can potentially overwrite adjacent memory and corrupt data. Worse still, hackers can exploit heap buffer overflows to take over systems and devices remotely. Hackers can target apps known to have buffer overflow vulnerabilities and send them malicious data. For example, they could upload a malicious WebP image that deploys code on the user’s device when they view it in their browser or another app. This kind of vulnerability existing in code as widely used as the WebP Codec is a serious issue. Aside from major browsers, countless apps use the same codec to render WebP images. At this stage, the CVE-2023-4863 vulnerability is too widespread for us to know how big it really is and the cleanup is going to be messy…”
Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002
Category Archives: Cybercrime
Pete Recommends – Weekly highlights on cyber security issues, September 16, 2023
Via LLRX – Pete Recommends – Weekly highlights on cyber security issues, September 16, 2023 – Privacy and cybersecurity issues impact every aspect of our lives – home, work, travel, education, finance, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on the increasingly… Continue Reading
Contextualizing Deepfake Threats to Organizations
Joint CSI – Contextualizing Deepfake Threats to Organizations – Executive summary. “Threats from synthetic media, such as deepfakes, present a growing challenge for all users of modern technology and communications, including National Security Systems (NSS), the Department of Defense (DoD), the Defense Industrial Base (DIB), and national critical infrastructure owners and operators. As with many… Continue Reading
Google Dropped the ChatGPT killler!?
Steve Nouri, LinkedIn – Google Dropped the ChatGPT killler!? Microsoft announced a game-changer(PyEx). How to teach using AI and more: Google dropped the new AI-powered assistant (#chatgpt rival). Duet AI assistant across its Workspace apps: Gmail, Drive, Slides, Docs, etc. It assists users in various tasks, such as converting a Docs outline into a Slides… Continue Reading
The Atlantic’s Guide to Privacy
The Atlantic’s Guide to Privacy [read free]: “In 2023, digital privacy is, in many ways, a fiction: Knowingly or not, we are all constantly streaming, beaming, being surveilled, scattering data wherever we go. Companies, governments, and our fellow citizens know more than we could ever imagine about our body, our shopping habits, even our kids.… Continue Reading
Pete Recommends – Weekly highlights on cyber security issues, September 9, 2023
Via LLRX – Pete Recommends – Weekly highlights on cyber security issues, September 9, 2023 – Privacy and cybersecurity issues impact every aspect of our lives – home, work, travel, education, finance, health and medical records – to name but a few. On a weekly basis Pete Weiss, highlights articles and information that focus on the… Continue Reading
Pete Recommends – Weekly highlights on cyber security issues, September 2, 2023
Via LLRX – Pete Recommends – Weekly highlights on cyber security issues, September 2, 2023 – Privacy and cybersecurity issues impact every aspect of our lives – home, work, travel, education, finance, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on… Continue Reading
Essential Apps for Ironclad Online Privacy
PC Mag: “Sitting in a comfy chair in your own home, checking social media and surfing the web, you may feel you’re in a quiet, private place. Nothing could be further from the truth. Any time you’re online, your privacy is under siege by data brokers, trackers, and hackers. It’s not like having your wallet… Continue Reading
New LC Report on Safety, Security of Artificial Intelligence Systems
In Custodia Legis: “The use of artificial intelligence (AI) has increased exponentially and is permeating every aspect of our lives, from personal to professional. While it can be used in many positive ways to solve global challenges, there are also security risks to be considered, such as fundamental rights infringements, personal data security, and harmful… Continue Reading
Pete Recommends – Weekly highlights on cyber security issues, August 26, 2023
Via LLRX – Pete Recommends – Weekly highlights on cyber security issues, August 26, 2023 – Privacy and cybersecurity issues impact every aspect of our lives – home, work, travel, education, finance, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on the… Continue Reading
The 7 Best Online Password Generators for Strong Random Passwords
MakeUseOf: “These days, a strong password is essential on the web. Whether it’s your email accounts, social media accounts, Amazon accounts, or otherwise, using your birthday or cat’s name as a password is a bad idea. However, creating the perfect password is tricky. Thankfully, you can use online password generators to help create strong and… Continue Reading
Anatomy of an AI-powered malicious social botnet
ArXiv – Anatomy of an AI-powered malicious social botnet. Kai-Cheng Yang, Filippo Menczer. [Submitted on 30 Jul 2023] “Large language models (LLMs) exhibit impressive capabilities in generating realistic text across diverse subjects. Concerns have been raised that they could be utilized to produce fake content with a deceptive intention, although evidence thus far remains anecdotal.… Continue Reading
