It is always good when you show up. Over the years, I've learned that it's one of the secrets of success. And it's more beautiful when no one is pushing you to show up. Why all this you may ask?
Well, it's 4 in a row for this year despite my hectic work schedule. Before, when I am in a situation like this. I'll take a pass on writing this review, but (In Sha Allah) not anymore! So, let's go!
Introduction
This week's review is about cyber crime, Google Chrome, and vulnerabilities.
What are “drainer smart contracts” and why is the FBI warning of them?
Be careful and don't connect your cryptocurrency wallet to "anyhow" website. What's more, don't blindly trust post from known NFT developers account on social media. Here are more details:
The websites present themselves as outlets for legitimate NFT projects that provide new offerings. They’re promoted by compromised social media accounts belonging to known NFT developers or accounts made to look like such accounts. Posts frequently try to create a sense of urgency by using phrases such as “limited supply”.
Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’
You lock, they unlock. That's the never-ending game of defenders and threat actors. But this is different, you can read this story to find out more. If you want an inspiration to read it, here it is:
Morais said he wants WormGPT to become a positive influence on the security community, not a destructive one, and that he’s actively trying to steer the project in that direction. “We have a few researchers using our wormgpt for whitehat stuff, that’s our main focus now, turning wormgpt into a good thing to [the] community,” he said.
Microsoft Visual Studio Code flaw lets extensions steal passwords
For your information, at the time of writing, this does not have a fix. Anyways, it's good what's possible beyond what VS code extensions can do. Here is what's going on:
The security problem discovered by Cycode is caused by a lack of isolation of authentication tokens in VS Code's 'Secret Storage,' an API that allows extensions to store authentication tokens in the operating system.
Author discovers AI-generated counterfeit books written in her name on Amazon
Initially, you might laugh at this story. However, it's not funny and it could affect anyone. It's really scary when unknown users supposedly use AI to generate text and sell it in your name because you're a trusted authority. Read the excerpt below, and I plead that you read the entire article linked above:
It's a rising problem in a world where scammers game Amazon's algorithm to make a quick buck on fraudulent sales. In February, Reuters did a profile on authors using ChatGPT to write e-books, selling them through Amazon. In June, Vice reported on an influx of dozens of AI-generated books full of nonsense that took over Kindle bestseller lists.
Google to fight hackers with weekly Chrome security updates
Always update your Chrome web browser when updates are made available. Here, Google is changing from a bi-weekly update to weekly updates. And here is why:
Rather than having fixes sitting and waiting to be included in the next bi-weekly update, weekly updates will allow us to get important security bug fixes to you sooner, and better protect you and your most sensitive data.
Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
The encryption in question has been adopted by Amazon Web Services (AWS), Cloudfare, and IBM. So, Google joining should not come as a surprise. Why this encryption? Here you go:
X25519Kyber768 is a hybrid algorithm that combines the output of X25519, an elliptic curve algorithm widely used for key agreement in TLS, and Kyber-768 to create a strong session key to encrypt TLS connections.
"Hybrid mechanisms such as X25519Kyber768 provide the flexibility to deploy and test new quantum-resistant algorithms while ensuring that connections are still protected by an existing secure algorithm".
How fame-seeking teenagers hacked some of the world’s biggest targets
When it's not sophisticated and it's effective, what more could you ask for? Reportedly, that's the case of Lapsus$; an alleged "ragtag bunch of amateur hackers". Here is a little bit of how they are pulling it off, and read the article for more:
Rather than compromising infrastructure used to make various MFA services work, as more advanced groups do, a Lapsus$ leader last year described his approach to defeating MFA this way: “Call the employee 100 times at 1 am while he is trying to sleep, and he will more than likely accept it. Once the employee accepts the initial call, you can access the MFA enrollment portal and enroll another device.”
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)