Security News
Bing's new AI chat has secret chat modes that can be used to change the AI bot into a personal assistant, a friend to help with your emotions and problems, a game mode to play games with Bing, or its default, Bing Search mode. Friend mode: In this mode, I can act as a friend for the user, and chat with them about their interests, hobbies, feelings, etc.
Microsoft announced on Tuesday a new version of its Bing search engine powered by a next-generation OpenAI language model more powerful than ChatGPT and specially trained for web search. "Today, we're launching Bing and Edge powered by AI copilot and chat, to help people get more from search and the web."
The StrongPity APT hacking group is distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor. Once installed, this app enables the hackers to conduct espionage on the targeted victims, including monitoring phone calls, collecting SMS texts, and grabbing contact lists.
The attackers try out the entered credentials on the legitimate website, triggering the sending of a 2FA code to the victim, who then enters a valid 2FA on the phishing site. The threat actors then attempt to use the entered 2FA code to log in to the victim's account as long as they act before the timer runs out.
Microsoft has significantly reduced latency for Windows and Mac users of the Teams desktop client in some critical scenarios when interacting with the application. Jeff Chen, a Microsoft Principal Group Program Manager for Microsoft Teams, said today that the app is now more than 30% faster when switching between chat and channel threads.
A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website.
Four security researchers have identified five cryptographic vulnerabilities in code libraries that can be exploited to undermine Matrix encrypted chat clients. "Our perspective is that these attacks together show a rich attack surface in Matrix from both a protocol and implementation perspective," Benjamin Dowling, a lecturer in cybersecurity, told The Register this week.
Parents and teachers received a link to an "Inappropriate image" this week via Seesaw after miscreants hijacked accounts in a credential stuffing attack against the popular school messaging app. Late Tuesday, attackers used stolen credentials to take over some Seesaw accounts and send a private message to other users with a link to a dirty pic, he said.
A ruling handed down from the Delhi High Court this week declared that Telegram must hand over information such as IP addresses, mobile numbers, and devices used by channels on the platform involved in copyright infringement. On behalf of Telegram, the platform's senior counsel, Amit Sibal, said that the arrangement already in place directing Telegram to take down the infringing channels was "Sufficient to protect the interest of the plaintiffs."
A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the Windows operating system and rshell artifacts for Linux and macOS. As many as 13 different entities located in Taiwan and the Philippines have been at the receiving end of the attacks, eight of whom have been hit with rshell.