Blog

Does terrible code drive you mad? Wait until you see what it does to OpenAI’s GPT-4o

Model was fine-tuned to write vulnerable software – then suggested enslaving humanity Computer scientists have found that fine-tuning notionally safe large language models to do one thing badly can negatively impact the AI’s output across a range of topics.…

Wallbleed vulnerability unearths secrets of China’s Great Firewall 125 bytes at a time

Boffins poked around inside censorship engines for years before Beijing patched hole Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for years.…

With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare

244M purloined passwords added to Have I Been Pwned thanks to govt tip-off A tip-off from a government agency has resulted in 284 million unique email addresses and plenty of passwords snarfed by credential-stealing malware being added to privacy-breach-notification service Have I Been Pwned (HIBP).…

Bybit declares war on North Korea’s Lazarus crime-ring to regain $1.5B stolen from wallet

Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.…

Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)

Starting with Snapdragon 8 Elite and 'droid 15 It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said it'll provide Android software updates, including vulnerability fixes, for its latest chipsets for eight years instead…

Signal will withdraw from Sweden if encryption-busting laws take effect

Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.…

200-plus impressively convincing GitHub repos are serving up malware

Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack Infosec bytes  Kaspersky says it has found more than 200 GitHub repos hosting fairly convincing-looking fake projects laced with malicious software.…

Incoming deputy boss of Homeland Security says America’s top cyber-agency needs to be reined in

Plus: New figurehead of DOGE emerges and they aren't called Elon During confirmation hearings in the US Senate Tuesday for the role of deputy director of the Dept of Homeland Security, the nominee Troy Edgar said CISA has had the wrong management and needed to be "reined in."…

Drug-screening biz DISA took a year to disclose security breach affecting millions

If there's something nasty on your employment record, extortion scum could come calling DISA Global Solutions, a company that provides drug and alcohol testing, background checks, and other employee screening services, this week notified over 3.3 million people that their sensitive information may have been stolen by miscreants.…

Xi know what you did last summer: China was all up in Republicans’ email, says book

Of course, Microsoft is in the mix, isn't it Chinese spies reportedly broke into the US Republication National Committee's Microsoft-powered email and snooped around for months before being caught.…

Copyright © 2024 Lugapel