Security
Evil counterparts of NPM package noblox.js attack Roblox fans
Someone regularly creates malicious copies of the noblox.js package and gives them names that are very similar to the real one.
Since the beginning of September this year, Josh Muir, along with five other developers of the noblox.js package, has been trying hard to prevent cybercriminals from spreading ransomware through malicious libraries with similar names.
Noblox.js is a Roblox API wrapper that allows players to automate interactions on the popular Roblox gaming platform. However, in recent months, someone has been regularly creating malicious copies of the package and giving them names that are very similar to the real one.
Attackers use the so-called typesquatting – they come up with names that differ from the original by one or two characters, and hope for the inattention of potential victims. The malicious packages are uploaded to NPM (an open source JavaScript library repository), and then the files infected by them are distributed through Discord.
Last month, specialists from the information security company Sontatype reported on the malicious “counterparts” of noblox.js. According to them, there is no question of an attack on the supply chain in this case, and the malicious packages were created for fun. Muir, however, disagrees.
“I know Sonatype described this attack as a likely ‘joke’, but I assure you, this is not a joke, but a sustained and ongoing attack on our library and its users,” Muir told The Register.
The developer is aware of the existence of six malicious “twins” of the noblox.js library: noblox.js-rpc, noblox.js-proxy, noblox.js-beta, noblox.js-promise, noblox.js-promises, and discord.buttons-js. They have all been removed by now.
Sonatype Senior Security Researcher Ax Sharma confirmed to The Register that the company continues to capture more and more malicious NPM packages, including those with names similar to noblox.js. The last package uploaded was noblox.js-rpc, and was authored by the same person who previously uploaded the “evil counterparts” of noblox.js to NPM, which distributed ransomware. The same person runs the Discord server to exchange information about infected repositories and receive a ransom from the victims.
Muir is particularly concerned about the fact that most of the users downloading these malicious packages are children. Attackers distribute malware by registering on Discord servers where very young players “sit” (some are under 13) and rubbing their trust.
According to the developer, he has reason to believe that at least one minor was blackmailed using files stolen from him (the Discord administration was notified of this). And if NPM reacts to reports of malicious libraries and removes them, Discord doesn’t show much responsibility. As Muir explained, if an attacker deleted his original message, then bribes are smooth from him. If he regularly deletes his posts or uses alternative accounts, then Discord will not catch him.
…
Security
Italy has blocked ChatGPT. This is a temporary solution related to the security of user data.
In Italy, they decided to block the popular chat bot ChatGPT. A government body called the Privacy Guarantor has issued an order temporarily restricting the processing of Italian users’ data in relation to the company OpenAI, which is the creator of ChatGPT.
At the same time, these actions are not at all due to the capabilities of the chatbot, but to the recent leak of confidential user data. In addition, the regulator notes the lack of a legal framework that justifies the massive collection and storage of personal data in order to train the algorithms underlying the platform.
Also Privacy Guarantor that sometimes ChatGPT may provide incorrect or completely false data. According to the regulator, OpenAI is also not worried about children’s access to the service. Even though the ChatGPT rules state that only people over the age of 13 can use the chatbot, the platform does not have any age verification tool.
According to the ruling, OpenAI must report within 20 days on the measures taken to comply with the requirements. Otherwise, the company faces a fine of up to 20 million euros or up to 4% of the company’s annual turnover.
Electric Cars
Hackers hacked Tesla twice, for which they received 350 thousand dollars and Tesla Model 3
As part of Pwn2Own’s Vancouver-based commercial vulnerability finding event, a French team called Synacktiv managed to hack into Tesla systems twice.
On the first day, Synacktiv successfully performed a TOCTOU (Time-of-check to time-of-use) attack on the Tesla Gateway, and the group was rewarded with a $100,000 cash reward and a Tesla Model 3 car. And the next day hackers broke into the Tesla infotainment system, and received another 250 thousand dollars for this.
The Tesla cybersecurity team is already analyzing the actions of hackers in order to eliminate the vulnerabilities found with a firmware update.
Security
Scissors undercut: Windows 11 vulnerability reveals sensitive information from screenshots, including deleted parts
A dangerous vulnerability has been discovered in one of the standard Windows 11 applications that could lead to the disclosure of sensitive information to the user. Moreover, at the moment the vulnerability is not closed and attackers can use it.
We are talking about the application Snipping Tool (Scissors). The vulnerability, called aCropalypse, allows you to undo changes made by a user when editing a screenshot, including cropped or blurred parts that hide sensitive data.
When you edit a screenshot, you can save it with the same name as the original file by overwriting it. However, as it turns out, the Windows 11 Snipping Tool does not remove the original information from the file, but simply leaves it added at the end, which is usually invisible to users. With some trickery, a potential attacker can extract hidden information from a file and see what information has been edited.
As you can see, edited screenshots are usually much larger due to the inclusion of information from the original image.
This is a pretty serious vulnerability. For example, if you share a screenshot of an order confirmation page on Amazon, it may contain an address, the same goes for credit card numbers and other sensitive data.
Friday: Irish farmer learns how to mine bitcoins using cow dung
An Irish dairy farmer has found an unusual way to use the excess energy produced on his farm – he...
AI Specialist Calls for Bombing Too Powerful Data Centers to Limit AI Training
In the world, more and more people are talking about the need to control the development of artificial intelligence (AI)....
Italy has blocked ChatGPT. This is a temporary solution related to the security of user data.
In Italy, they decided to block the popular chat bot ChatGPT. A government body called the Privacy Guarantor has issued...
Among the Radeon RX 7900 and GeForce RTX 40, there is no such offer. Radeon RX 6950 XT sells for just $656
All the latest news regarding the reduction in the price of AMD video cards concerned the latest RX 7900 models....
-
Electric Cars5 days agoThe first Geely crossover with Meizu Flyme Auto interface, Harman Kardon acoustics and a 92-inch projection screen. Lynk & Co 08 introduced
-
Components6 days agoResident Evil 4 favors Radeon RX 7000 graphics cards. Even with ray tracing, the RX 7900 XTX is faster than the RTX 4080
-
Components7 days ago10-core processor Intel Core i5-12600K fell in price in the US by almost a third
-
Electric Cars6 days agoThe car brainchild of Changan, Huawei and CATL has a new version available. Presented 313-horsepower crossover Avatr 11 with acceleration to 100 km / h in 6.6 seconds