ChatGPT is improving again—or at least it is if you’re paying $20 a month to access the Plus version of the AI chatbot. While free users can’t access them for now, two major new features promise to make a huge difference to the capabilities of ChatGPT. Here’s how to use web access and plugins with ChatGPT Plus.
A misconfiguration of Swiss real estate agency Neho’s systems exposed sensitive credentials to the public. Neho, a Switzerland-based real estate agency, leaked credentials recently, potentially allowing threat actors to prey on sensitive data about the company and its clients. The Cybernews research team discovered a misconfiguration in the Neho.ch website that exposed sensitive credentials to […]
The post Swiss real estate agency Neho fails to put a password on its systems appeared first on Security Affairs.
At the very heart of enterprise security is the tension between convenience and safety. The business longs for the ease of users, in competition with the demands of security. Authentication is a main theater for this tension, directly impacting the onboarding and login experience. Federated identity is at the forefront in addressing this tension, affording a good user experience without sacrificing security.
Federated identity management (FIM) makes it possible to share a single digital identity across many services. As end users, we are familiar with the experience of logging into an application using an account from a third party: for example, logging into Twitter using your Google account. This is one form of FIM.
Cybersecurity vendors Trellix and Netskope have announced new support for Amazon Security Lake from AWS, which became generally available on May 30. Trellix customers can now integrate their security data lake into the Trellix XDR security operations platform to enhance detection and response capabilities for their AWS environments. Meanwhile, Netskope customers can export logs from the Netskope Intelligent Security Service Edge (SSE) platform to Amazon Security Lake to improve visibility and threat remediation.
AWS launched Amazon Security Lake in November last year at the AWS re:Invent 2022 conference. The service automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account. It uses the Open Cybersecurity Schema Framework (OCSF) standard to normalize security data from AWS and combine it with dozens of pre-integrated third-party security data sources.
Barracuda has patched a zero-day vulnerability that had been exploited since October to backdoor customers’ Email Security Gateway (ESG) appliances with custom malware and steal data, the company said on Tuesday.
“On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability (CVE-2023-2868) present in the Barracuda Email Security Gateway (appliance form factor only) versions 5.1.3.001-9.2.0.006,” the company said, adding that the vulnerability stemmed from incomplete input validation of user-supplied .tar files as it pertains to the names of the files contained within the archive.
The plugin is deployed on nearly a million websites worldwide, enabling users to
quickly generate custom forms, such as those used for file upload, signing up,
payment, surveys, or contact, on their websites.
Website security and monitoring platform PatchStack found the vulnerability,
which affects all plugin versions earlier than 2.73, on March 27, and Gravity
Forms’ vendor ad
Researchers discovered an Apple vulnerability that threat actors can use to deploy undeletable malware. In order to exploit CVE-2023-32369, hackers need to previously gain root privileges over the device. The Apple bug enables them to bypass System Integrity Protection (SIP) and access the victim`s private data by evading Transparency, Consent, and Control (TCC) security checks. […]
The post MacOS Vulnerability Enables Hackers to Bypass SIP Root Restrictions appeared first on Heimdal Security Blog.
