Security News > 2023 > January

Over 29,000 QNAP devices vulnerable to code injection attacks
2023-01-31 23:14

Remote threat actors can exploit this SQL injection vulnerability to inject malicious code in attacks targeting Internet-exposed and unpatched QNAP devices. While QNAP hasn't tagged this flaw as being actively exploited in the wild, customers are advised to update to the latest available software version as soon as possible since NAS devices have a long history of being targeted in ransomware attacks.

Over 29,000 QNAP devices unpatched against new critical flaw
2023-01-31 23:14

Tens of thousands of QNAP network-attached storage devices exposed online are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious code in attacks targeting Internet-exposed and unpatched QNAP devices.

Microsoft stops selling Windows 10 licenses a day early
2023-01-31 23:03

Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. It appears Microsoft pulled the switch a day early, as going to both the Windows 10 Home and Windows 10 Pro product pages now redirects users to the Windows 11 product page.

Microsoft upgrades Defender to lock down Linux gear for its own good
2023-01-31 20:45

Organizations using Microsoft's Defender for Endpoint will now be able to isolate Linux devices from their networks to stop miscreants from remotely connecting to them. Users can get to the device page of the Linux systems through the Microsoft 365 Defender portal, where they will see an "Isolate Device" tab in the upper right among other response actions.

OpenAI releases tool to detect AI-written text
2023-01-31 19:57

OpenAI has released an AI text classifier that attempts to detect whether input content was generated using artificial intelligence tools like ChatGPT. "The AI Text Classifier is a fine-tuned GPT model that predicts how likely it is that a piece of text was generated by AI from a variety of sources, such as ChatGPT," explains a new OpenAI blog post. OpenAI released the tool today after numerous universities and K-12 school districts banned the company's popular ChatGPT AI chatbot due to its ability to complete students' homework, such as writing book reports and essays, and even finishing programming assignments.

#AI
Microsoft releases emergency updates to fix XPS display issues
2023-01-31 19:48

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

GitHub code-signing certificates stolen (but will be revoked this week)
2023-01-31 19:35

Simply put: someone used a pre-generated access code acquired from who-knows-where to leech the contents of various source code repositories that belonged to GitHub itself. In the case of stolen source code databases, whether they're stored on GitHub or elsewhere, there's always the risk that a private repository might include access credentials to other systems, or let cybercriminals get at code signing certificates that are used when actually building the software for public release.

Microsoft: Over 100 threat actors deploy ransomware in attacks
2023-01-31 19:03

Microsoft revealed today that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families that were actively used until the end of last year.

PoS malware can block contactless payments to steal credit cards
2023-01-31 18:48

New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC chips embedded in credit cards and mobile devices to conduct close-proximity payments via credit cards, smartphones, or even smartwatches.

CIOs hold greater organizational leadership status
2023-01-31 17:48

38% of line of business respondents view the CIO as a strategic advisor, proactively identifying business needs and opportunities, and 25% view the CIO as a consultant who evaluates and advises on business needs and tech choices. "CIOs are balancing the persistent focus on transformation and modernization with a maturing leadership role, embracing responsibilities outside of the traditional IT domain and cementing status as a valued and strategic partner to the business,'' the report states."