Security Leftovers
-
Ghacks ☛ Canonical: up to 12 years of support for Ubuntu 24.04 LTS
Ubuntu 24.04 LTS is expected in April 2024. The new long-term service support release of the popular GNU/Linux distribution may receive up to 12 years of support.
-
XOrg Server and Xwayland Patched Against Multiple Security Vulnerabilities
Multiple security vulnerabilities have recently been discovered in the XOrg Server prior to 21.1.11, and Xwayland display implementations prior to 23.2.4. These vulnerabilities could potentially result in heap overflows, out-of-bounds writes, and local privilege escalation, potentially enabling attackers to view additional infrastructure to attack, add or delete users, or modify permissions of files or other users.
-
Security Week ☛ Oracle Patches 200 Vulnerabilities With January 2024 CPU
Oracle releases 389 new security patches to address 200 vulnerabilities as part of the first Critical Patch Update of 2024.
-
Tom's Hardware ☛ Graphics card flaw enables data theft in AMD, Apple, and Qualcomm chips by exploiting GPU memory
A research group found a way to extract user data from the graphics chip's accompanying memory chips as it contains residual data even after completing an executable task.
-
Security Week ☛ Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances
Out-of-date Confluence Data Center and Server instances are haunted by a critical vulnerability leading to remote code execution.
-
Security Week ☛ AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs
Researchers show how a new attack named LeftoverLocals, which impacts GPUs from AMD, Fashion Company Apple and Qualcomm, can be used to obtain Hey Hi (AI) data.
-
Silicon Angle ☛ Researchers disclose vulnerability in GPUs from AMD, Fashion Company Apple and Qualcomm
Researchers at Trail of Bits Inc., a New York-based cybersecurity company, have disclosed a vulnerability that may affect millions of graphics processing units. Wired reported the discovery on Tuesday. The vulnerability, which Trail of Bits’ researchers have named LeftoverLocals, can be used by hackers to access the output of artificial intelligence models.
-
Troy Hunt ☛ Inside the Massive Naz.API Credential Stuffing List
It feels like not a week goes by without someone sending me yet another credential stuffing list. It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link [...]
-
Bruce Schneier ☛ Code Written with Hey Hi (AI) Assistants Is Less Secure
Interesting research: “Do Users Write More Insecure Code with Hey Hi (AI) Assistants?“:
Abstract: We conduct the first large-scale user study examining how users interact with an Hey Hi (AI) Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an Hey Hi (AI) assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access. Additionally, participants with access to an Hey Hi (AI) assistant were more likely to believe they wrote secure code than those without access to the Hey Hi (AI) assistant. Furthermore, we find that participants who trusted the Hey Hi (AI) less and engaged more with the language and format of their prompts (e.g. re-phrasing, adjusting temperature) provided code with fewer security vulnerabilities. Finally, in order to better inform the design of future AI-based Code assistants, we provide an in-depth analysis of participants’ language and interaction behavior, as well as release our user interface as an instrument to conduct similar studies in the future...