Security News > 2023 > August

Reduced traffic to your website or app becomes problematic, as users getting answers directly through ChatGPT and its plugins no longer need to find or visit your pages. Worried about ChatGPT scraping your content? Learn how to outsmart AI bots, defend your content, and secure your web traffic.

The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by specially crafted FBI software. The Qakbot administrators use a system of tiered servers to control the Qakbot malware installed on infected computers.

An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and configuration files from victim machines, a sign of how threats lurk consistently in open-source repositories. They have continuously published malicious packages."

Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports. "This flaw allows an unauthorized user to exploit the unauthenticated Openfire Setup Environment within an established Openfire configuration," cloud security firm Aqua said.

VMware has patched one critical and one high-severity vulnerability in Aria Operations for Networks, its popular enterprise network monitoring tool. It could allow an attacker with network access to Aria Operations for Networks to bypass SSH authentication to gain access to the Aria Operations for Networks command-line interface.

Google is launching a beta version of SynthID, a tool that identifies and watermarks AI-generated images. The tool will initially be available to a limited number of customers that use Imagen, Google's cloud-based AI model for generating images from text.

Block Unwanted Calls With AI for Just $50 Until Labor Day Sale Ends 11:59 PM PST 9/4 AI-powered personalization rescues you from unwanted calls and texts, providing protection and stopping spam calls and texts waste your time. If your business has been plagued by unwanted callers, it's time to give yourself a break.

VMware has released software updates to correct two security vulnerabilities in Aria Operations for Networks that could be potentially exploited to bypass authentication and gain remote code execution."A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI," the company said in an advisory.

The OWASP API Security Project leaders had their work cut out when deciding how to group and prioritize the threats. It no longer makes sense to monitor for API attacks and bot attacks separately: bot mitigation has to become part of API security.

A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that's estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware. QakBot administrators are said to have received fees corresponding to approximately $58 million in ransoms paid by victims between October 2021 and April 2023.