Source: Nextgov/FCW
https://www.nextgov.com/cybersecurity/2024/07/nist-may-not-resolve-vulnerability-database-backlog-until-early-2025-analysis-shows/398354/
A new dashboard underscores the severity of the logjam that’s plagued the agency since February. A leading U.S.-managed database of cybersecurity vulnerabilities has a processing backlog so extensive that, at current rates, it likely won’t be cleared up until early 2025, a new analysis shows.
The National Institute of Standards and Technology’s National Vulnerability Database — a cornerstone repository for researchers who use its contents and measuring tools to assess the dangers of cyber exploits — has been backed up with unanalyzed vulnerabilities since February without any clear explanation.
At current rates, nearly 30,000 vulnerabilities filed into NVD will still be awaiting analysis by the end of 2024, and may not be fully resolved until March of 2025, according to a newly released dashboard from Fortress Information Security that was first shown to Nextgov/FCW.
NIST in late May said it awarded Maryland cybersecurity firm Analygence with a $865,657 task order to help clear the congestion. The agency said it expected to fix the logjam by the end of the fiscal year, or Sept. 30. To do this, it would need to assess some 217 vulnerabilities a day, according to the Fortress tables, which update daily to calculate the estimated completion time as vulnerabilities continue to pile in.
The dashboard does not sort by vulnerability severity, though Cowan said this feature may be added later.
Topic: https://www.nextgov.com/topic/nist/
Source: gHacks Tech News
https://www.ghacks.net/2024/07/29/about-chromes-these-extensions-may-soon-no-longer-be-supported-message/
When you update Google Chrome to the latest version, you may notice a new section when you manage installed extensions in the browser. Google now displays extensions that may soon no longer work in Chrome. Called These extensions may soon no longer be supported, you find these listed at the top of the Extensions page of the browser.
Here are the details:
- Google is changing the capabilities of browser extensions in Chrome.
- Old extensions that do not get upgraded to the new system will stop working once Google drops support for the classic extensions system.
- Not all extensions can be or will be migrated to the new system.
Another option is to switch to a browser that continues to support these extensions. Since all Chromium-based browsers are affected by the change, it is mostly Firefox or a Firefox fork that is the go-to browser.
Firefox will support the classic extensions system and the new extensions system, giving users and extension developers the best of both worlds.
Subject: New Federal Ruling Prohibits Warrantless Phone Searches by Border Agents
Source: Phone Scoop
https://www.phonescoop.com/articles/article.php?a=23328
Source: Gizmodo
https://gizmodo.com/trump-supporters-say-big-tech-is-censoring-news-about-their-big-boy-president-2000480765
Donald Trump was the target of an assassination attempt on July 13 during a rally in Butler, Pennsylvania when a man shot at him from about 130 yards away. That much is undisputed at this point. But if you ask various generative AI tools about the shooting, you might get some weird responses. Why? It’s not because Big Tech is censoring news that might help Trump, as so many people on social media are currently claiming. It’s because AI is a terrible product that doesn’t work well.The New York Post ran a breathless article on Monday that tried to paint Meta as out to sabotage Trump. The Post asked MetaAI the question, “Was the Trump assassination fictional?” And the response the newspaper got was, “There was no real assassination attempt on Donald Trump. I strive to provide accurate and reliable information, but sometimes mistakes can occur.”
The problem, of course, is that the question itself is painfully dumb. If the paper had asked whether the assassination attempt was fictional and got the same response, that would obviously be incorrect. But you’re asking it whether the assassination itself was fictional, which is a terrible way to frame the question. The attempt was real. The assassination was failed and therefore did not happen.
Source: Gizmodo
https://gizmodo.com/microsoft-apologizes-azure-outage-disrupting-outlook-and-minecraft-2000481282
Less than two weeks since a broken CrowdStrike update sucker punched millions of Windows 11 PCs across the world, Windows services are facing another wave of outages. This time, the issue is with Windows services. The ongoing outage impacted cloud-based services spanning Microsoft-owned products, including 365 services like Outlook email, Xbox Live, and Minecraft.
Meanwhile, users’ outage reports for Microsoft 365 seem to have tapered off since this morning. Microsoft confirmed in a Twitter post at around noon ET that there were some ongoing issues with the company’s cloud services.
Last week, Microsoft’s VP for Windows services and delivery, John Cable, wrote in a blog post that “mission critical resiliency” was needed from every large entity on the Microsoft platform. He also called for Windows to change its resilience strategies to avoid more outages on the world’s most-used OS. Part of this would be looking for “ways to move away from on-premises solutions to cloud management solutions.”
[i.e., putting all of your eggs (bits) in one basket? /pmw1]
…
Source: Android Headlines
https://www.androidheadlines.com/2024/07/google-broke-its-password-manager-with-a-faulty-update.html
Google accidentally broke its password manager leaving millions of users fumbling for their login credentials. The search giant has apologized for pushing a minor but faulty update, which particularly impacted the Chrome web browser for Windows.
Millions of Windows OS users were perplexed because their Chrome web browser refused to recall and enter saved passwords. Several users blamed the Operating System while many others cursed the Chrome web browser.
Chrome’s inability to manage usernames and passwords originated from Google’s default password manager for the web browser. Specifically speaking, the M127 version of the Chrome browser for Windows OS was impacted.
Google addressed the problem within its password manager. However, Windows OS users relying on Chrome web browsers were unable to access their saved passwords for nearly 18 hours.
…
Filed: https://www.androidheadlines.com/category/tech-news
Source: MakeUseOf
https://www.bespacific.com/how-to-check-whether-youre-chatting-with-a-real-person-or-ai/
How To Check Whether You’re Chatting With a Real Person or AI
- The Conversation Style Is Overly Formal
- Refusal to Answer Phone Calls or Video Chats
- They’re Unable to Answer Complex or Probing Questions
Key Takeaways
- You can tell you’re chatting with an AI bot if the conversation sounds formal, lacks humor, or is devoid of critical thinking.
- Scammers might also use AI chatbots that try to spam you with links to external sites or try to get you to reveal your personal data.
- If the person on the other end refuses to get on a video chat or phone call, it could indicate you’re chatting with a bot.
Abstracted from beSpacific
Copyright © 2024 beSpacific. All rights reserved.
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/google-ads-push-fake-google-authenticator-site-installing-malware/
Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.For years, malicious advertising (malvertising) campaigns have targeted the Google search platform, where threat actors place ads to impersonate well-known software sites that install malware on visitors’ devices.
To make matters worse, threat actors have been able to create Google search ads that show legitimate domains, which adds a sense of trust to the advertisement.
In a new malvertising campaign found by Malwarebytes, threat actors created ads that display an advertisement for Google Authenticator when users search for the software in Google search.
What makes the ad more convincing is that it shows ‘google.com’ and “https://www.google.com” as the click URL, which clearly should not be allowed when a third party creates the advertisement.
…
Tagged:
Source: Android Headlines
https://www.androidheadlines.com/2024/07/paris-olympics-apps-step-up-eavesdropping-with-smartphones.html
The Paris Olympic apps are part of massive eavesdropping exercises. Unsurprisingly, even the official Paris 2024 Olympics app is actively involved in collecting user data and sending it to advertisers.Paris Olympic apps aren’t even hiding their eavesdropping agendas
The Paris Olympics apps are eavesdropping in the name of security. Even the French capital has invested in AI video surveillance to effectively monitor huge swaths of spectators.
The biggest beneficiaries, however, are the app developers who have deployed dozens of platforms to help internet and smartphone users follow the Olympics. The official Paris 2024 Olympics app too is part of massive eavesdropping.
Interestingly, the International Olympic Committee (IOC) admits the Paris 2024 Olympics app collects personal data, builds user profiles, and shares data with advertisers. It is concerning to note that visitors to the Paris Olympics will mandatorily need to download and use the app.
App users have to allow access to get the “best experience”
[no mention of the EU’s General Data Protection Regulation!]
Source: Gizmodo
https://gizmodo.com/americas-cyber-security-agency-picks-its-first-head-of-ai-2000482281
Washington D.C. has been scrambling for years to find artificial intelligence experts to navigate a world where LLMs and AI models may supercharge every aspect of our lives. This week the Cybersecurity & Infrastructure Security Agency (CISA), the anti-hacking arm of the Department of Homeland Security, announced it had named its first chief.CISA appointed Lisa Einstein as its first AI head on Thursday in an announcement it shared with Axios. Einstein comes from the think tank world and was already advising CISA on how to handle AI threats and helped them test AI cybersecurity tools for the White House.
Source: gHacks Tech News
https://www.ghacks.net/2024/08/02/here-is-another-reason-why-you-should-never-click-on-ads-to-download-software/
Imagine the following scenario. You want to download Google Authenticator, run a search on Google for the company’s application, and click on the first link that appears.The link looks good even though it is listed as sponsored. It shows Google’s official site as the URL. When you check the advertiser, which you can on Google Search, you get confirmation that Google has verified the advertisers identity.
All good then? Not in the aforementioned case. If you would have downloaded the linked app, you would have installed malware-infested Authenticator application to your device. The application, which even came with a valid signature according to reports, installed the DeerStealer information-stealing malware on Windows devices.
Not the first case, likely not the last – Threat actors have managed to overcome the security systems of advertising companies such as Google numerous times in the past to plant malware ads on Google Search and elsewhere. We have reported on this numerous times already, for example here or here.
…
Filed: Search