News of the Cyber World

[kyonides]

Google Asks You to Upgrade Chrome

Update Chrome NOW: Google Releases Critical Security Update for Browser
version 123.0.6312.86 or later.

Malwarebytes reports that Google has released a new version of its Chrome browser for Windows, Mac, and Linux, which includes fixes for seven security vulnerabilities. The most critical of these flaws, identified as CVE-2024-2883, is a use-after-free (UAF) vulnerability in the browser’s Angle component, which handles WebGL (Web Graphics Library) content.
According to the limited information provided by Google, the vulnerability could allow a remote attacker to potentially exploit heap corruption via a maliciously crafted HTML page. Heap corruption occurs when a program modifies the contents of a memory location outside of the allocated memory, which can lead to memory leaks, faults, or even the execution of malicious code.

Pieter Arntz, a Malware Intelligence Researcher at Malwarebytes, explains that “UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation.” He further notes that if an attacker can manipulate the program after it has freed a memory location without clearing the pointer, it can cause the program to “crash, use unexpected values, or execute code.”

Google considers Chromium vulnerabilities as critical if they “allow an attacker to read or write arbitrary resources (including but not limited to the file system, registry, network, etc.) on the underlying platform, with the user’s full privileges.” This means that a successful exploit of this vulnerability could potentially compromise a user’s system.

To protect users from this and other vulnerabilities addressed in the update, Google encourages Chrome users to update their browsers to version 123.0.6312.86 or later. The easiest way to do this is to allow Chrome to update automatically, which can be done by clicking on Settings > About Chrome or by navigating to

Mr. Crypto-Scammer Sentenced Today

Sam Bankman-Fried Sentenced to 25 Years in Prison for Fraud

Judge Lewis Kaplan, who sentenced Bankman-Fried said that SBF committed witness tampering before he was remanded into custody when he communicated with former FTX general counsel. Kaplan also found that he committed perjury during his trial testimony; he reportedly falsely testified that he had no knowledge that Alameda Research, FTX’s sister company and hedge fund, had spent FTX customer deposits before the fall of 2022.

Kaplan also said that Bankman-Fried “wanted to be a hugely politically influential person in this country” and that led to his financial crimes.

The 25-year sentence pales in comparison to the potential 100 years SBF faced based on his crimes, perjury, and witness tampering.

Prosecutor Nicolas Roos said “Sam Bankman-Fried stole over $8 billion in customer money, and I emphasize stole because it was not a liquidity crisis, or an active mismanagement, or poor oversight from the top. It was not a bloodless financial loss on paper.”

Bankman-Fried’s attorney, Marc Mukasey, told the court on Thursday, “Sam was not a ruthless financial serial killer who set out every morning to hurt people.”

Social Media

Communism 101: China’s TikTok Launches Global ‘Youth Council’ to Advise Platform on Safety

The Chinese app said the Youth Council has already met twice, with one of the meetings including TikTok CEO Shou Chew, according to a report by Daily Mail.

The group reportedly claims it will focus on the wellbeing and inclusion of teenagers to help ensure TikTok is a safe platform for young people.

At its most recent meeting in February, the Youth Council reportedly provided input into a redesign of the TikTok’s Youth Portal, a virtual help center for younger users of the Chinese app, and requested more information from on how the reporting and blocking process is handled on the app.

As Breitbart News reported, TikTok, owned by the Chinese tech giant ByteDance, a company beholden to a hostile foreign country, is widely known as being a danger for kids and teens, getting them to participate in trends that are physically dangerous and life-threatening, sometimes resulting in death.


One trend for example, involved urging users to take large doses of the allergy medication Benadryl (diphenhydramine) to induce hallucinations. The “challenge” resulted in reports of teens being rushed to the hospital, and in some cases, dying.

In 2022, the FDA warned parents of a deadly new TikTok challenge involving children cooking chicken in NyQuil, “presumably to eat.” The trend on the China-owned app was just the latest example of a dangerous stunt spread to young Americans.

Earlier this month, an 11-year-old boy in the United Kingdom died after taking part in a dangerous TikTok trend called “chroming,” one of the latest trends circulating on the app, which involves inhaling toxic fumes.

Propaganda Experts: China’s TikTok Buys $2.1 Million in TV Ads as Senate Reviews Bill to Ban App

TikTok, an app owned by company beholden to a hostile foreign country, has reserved TV advertising in the key battleground states of Nevada, Montana, Wisconsin, Pennsylvania, and Ohio, data from AdImpact reveals, according to a report by CNBC.

The advertisements reportedly feature people wondering what they would do without TikTok.

“Think about the five million small business owners that rely on TikTok to provide for their families,” one individual says in the commercial, while another adds, “To see all of that disappear would be so sad.”

“It’s gonna affect a lot of people’s livelihoods,” one woman says in an ad obtained by CNBC.


Notably, the five states that the Chinese app has chosen to run these advertisements in are each represented by vulnerable Senate Democrats seeking reelection this November.

The commercials are also set to run in New York, Massachusetts, and Minnesota, the report adds, noting that New York and Massachusetts are “key ad markets for reaching young people and journalists,” and that Minnesota is represented by Sen. Amy Klobuchar (D-MN), a fierce critic of TikTok, who is also up for reelection this year.

While the people in the TikTok ads lament over the app being banned, the legislation that recently overwhelmingly passed the House of Representatives does not call for an outright ban, but gives ByteDance an ultimatum, saying the U.S. government would only ban the app if the Chinese tech giant doesn’t sell it.

EU Launches Antitrust Investigations into Apple, Google, Mark Zuckerberg’s Meta

The Verge reports that the European Union’s antitrust chief, Margrethe Vestager, expressed concerns that the solutions proposed by the three tech giants may not fully comply with the DMA. “We will now investigate the companies’ compliance with the DMA, to ensure open and contestable digital markets in Europe,” Vestager stated.
The investigations will focus on various aspects of the companies’ practices. For Google and Apple, the Commission plans to examine their anti-steering rules within their respective app stores and whether Google is engaging in self-preferencing its own services in its search engine. Apple’s browser choice screen for iOS will also be under scrutiny, along with Meta’s “pay or consent model” for ad targeting.

EU Commissioner Thierry Breton emphasized the importance of compliance, stating, “We are not convinced that the solutions by Alphabet, Apple and Meta respect their obligations for a fairer and more open digital space for European citizens and businesses.” He added that if the investigation concludes that there is a lack of full compliance with the DMA, the gatekeepers could face substantial fines.

Under the DMA, the Commission has the authority to fine each company up to 10 percent of their annual global revenue for non-compliance, or even 20 percent in cases of repeated infringement. The investigations are expected to be concluded within the next 12 months, after which the Commission will inform each gatekeeper of the necessary measures to address concerns and the actions the regulator plans to take.

The announcement comes after criticism from various stakeholders regarding the companies’ compliance with the DMA. Spotify called Apple’s compliance “a complete and total farce,” while Epic CEO Tim Sweeney referred to the changes as “a new instance of Malicious Compliance.” Meta’s “pay or consent model” has also been the subject of complaints from EU watchdogs.

AI Section

Latest Google Gaffe: Search Giant’s AI Points Users Towards Scam and Malware Sites

BleepingComputer reports that earlier this month, Google began rolling out its new AI-powered search feature, SGE, which provides quick summaries and site recommendations related to users’ search queries. However, the new system appears to have some significant flaws that cybersecurity experts are now bringing to light.

SEO consultant Lily Ray was among the first to notice that Google’s SGE was recommending spammy and malicious sites within its AI-generated responses. Upon further investigation by BleepingComputer, it was found that the suspicious sites shared similarities in their TLD usage (.online), HTML templates, and redirect practices, suggesting they are part of a coordinated SEO poisoning campaign.
When users click on these Google AI-recommended sites, they are taken through a series of redirects leading to various scams. Common destinations include fake captchas, YouTube-mimicking pages that trick visitors into subscribing to browser notifications, tech support scams, and fake giveaways. Browser notification scams are particularly problematic, as they allow the scammers to send a barrage of unwanted ads directly to the user’s desktop.

Some of the malicious redirects even attempt to push unwanted browser extensions that perform search hijacking and other potentially harmful actions. Meanwhile, the fake giveaway sites, such as those claiming to offer free iPhone 15 Pros, are designed to harvest personal information that can be sold to other scammers and marketers.

The conversational nature of Google’s AI-generated answers can make these malicious site recommendations seem more trustworthy to unsuspecting users. As AI becomes increasingly integrated into our online search experiences, it is clear that the information provided by these algorithms cannot be trusted blindly, and users must exercise caution before visiting any recommended sites.

OpenAI Wooing Hollywood Studios, Talent Agencies to Encourage Filmmakers to Use AI

OpenAI is pitching Sora to Hollywood in advance of the application’s release later this year, according to a Bloomberg report. Sora will theoretically enable filmmakers to generate entire scenes — featuring “actors,” virtual sets, and even camera-like tracking shots — simply by typing in a text description of what they want.

That spells bad news for blue-collar Hollywood, which is responsible for the physical side of TV and movie production. Crews are already being slammed by the economic downturn in the entertainment industry as studios reduce the number of TV shows they are churning out.

In a sign of how serious things are getting, OpenAI CEO Sam Altman reportedly attended parties in Los Angeles during Oscars weekend.

When asked by Bloomberg to elaborate on OpenAI’s ambitions in Hollywood, a spokesperson offered a rather vague response.

“OpenAI has a deliberate strategy of working in collaboration with industry through a process of iterative deployment – rolling out AI advances in phases – in order to ensure safe implementation and to give people an idea of what’s on the horizon. We look forward to an ongoing dialogue with artists and creatives.”

Tech Firm Nvidia Unveils AI-Powered, Potentially Self-Reliant Robots

Nvidia debuted the new creations after the Figure O1 demonstration as part of Project GR00T, which Fox News billed as a “major upgrade to Nvidia’s AI initiatives and a significant step deeper into the AI field overall.” The project focuses on “foundation models,” otherwise known as robots using generative AI for self-supervised learning free of instruction or training.

“Nvidia CEO Jensen Huang showcased a number of robots, including small knee-high Star Wars-themed Disney robots, at the company’s GTC conference last week. The GR00T, or Generalist Robot 00 Technology system, is built to handle the operation of robots,” noted the outlet.


“Nvidia’s robot utilizes a new computer system called Jetson Thor, which is designed to perform complex tasks and interact “safely and naturally with people and machines,” including a “system-on-a-chip” to handle the immense demands on processors to run AI models,” it later added.

David Pinto, a senior PR manager for the company, told Fox News that advances in generative AI have made for a “steady stream of developments across the ecosystem where foundation models for robotic tasks have shown the ability to improve the productivity and performance of robotics developers.”

Pinto said the robotics industry will not be able to scale upwards until robots become self-reliant in developing skillsets.

“These productivity gains extend from developing code for the robots to generating new simulations to test and train the robots in unstructured environments,” Pinto said. “For the robotics industry to scale, the robots themselves have to become more generalizable.

“That is, they need to add skills more quickly or to bring these skills to new environments,” he added. “The foundation models will make the robots better understand complex environments and execute a breadth of robot skills and tasks in both simulation and real world.”

RoboTaxis

New York City Welcomes Robotaxis to the Big Apple – with One Catch

The Verge reports that Mayor Eric Adams (D) announced the city’s proactive approach to regulating the testing of self-driving vehicles, acknowledging that the technology is inevitable but must be implemented correctly. The new permitting program aims to ensure that applicants are prepared to safely and proficiently test their technology in the challenging urban environment of New York City.

The permitting process includes several strict requirements that companies must meet to be eligible for testing. Applicants must provide information from previous tests conducted in other cities, including details on crashes and instances where safety drivers had to intervene. Notably, the city will not allow fully driverless vehicles to be tested on public roads; only vehicles with human safety drivers will be permitted.

This decision comes as cities like San Francisco grapple with issues related to fully driverless for-hire vehicles, such as traffic obstruction and safety concerns. New York City hopes to avoid similar problems by requiring safety drivers to remain behind the wheel at all times.

In addition to obtaining a permit from the state Department of Motor Vehicles, companies must provide details on their safety driver hiring and training processes. They must also attest to following best practices set forth by the Society of Automotive Engineers and submit assurance protocols for compensating for any AV system limitations or failures.

Data from autonomous vehicle (AV) testing will eventually be made available on the city’s Open Data portal, with the Department of Transportation reviewing requests from applicants to withhold certain data on the basis of confidentiality.

Solar Farm

Texans Concerned Over Potential Chemical Leakage from Solar Farm Damaged in Hailstorm

A hail storm that devastated a Texas solar farm has sparked concern within the surrounding community and among energy experts, who are questioning if “green” energy is really that safe.

The March 15 storm shattered “hundreds of panels” at the Fighting Jays Solar farm in Fort Bend County, Fox News reported.

Aviator Ryan Ashcraft captured aerial footage showing the baffling extent of the damages.

Resident Nick Kaminski expressed worry about the broken solar panels potentially leaking harmful chemicals, such as cadmium telluride, a semiconducting material commonly used in panels that can cause “major health problems in inhalation and ingestion,” according to an iCliniq medical report.

“My concern is, with the hail damage that came through and busted these panels up, we now have some highly toxic chemicals that could be potentially leaking into our water tables,” Kaminski, of Needville, told KRIV-TV.


“I have a family — two children and a wife. My neighbors have kids, and a lot of other residents in the area who are on well water are concerned that the chemicals are now leaking into our water tables,” he added.

Needville Mayor Chas Nesvadba told Fox News that the Fort Bend County Environmental Health Department is investigating the incident and that the Texas Commission on Environmental Quality has been contacted regarding the potential health risks.

Rep. Troy Nehls (R-TX), who represents the community around the solar farm, has been engaged with local property owners who were also impacted by the hailstorm and could be affected by chemical leakage.