Cybersecurity News Digest [April 2023]
Spring is in full swing! This means that cybersecurity news has already been collected and prepared for our readers.
If you missed something important, our team has prepared an overview of the most significant events that took place in our cybersecurity news digest [April 2023.]
The previous digest is here.
Cybersecurity news digest
1. China checks the American manufacturer of the Micron microchips for hidden threats
The Cyberspace Administration of China has announced that it has begun testing products sold on the Chinese market by the American manufacturer of memory chips Micron. This is necessary to ensure the security of the supply chain of key information infrastructure and to prevent cybersecurity risks.
The inspection is being conducted following China’s national security law, cybersecurity law, and cybersecurity verification measures.
Zuo Xiaodong, vice president of the China Information Security Research Institute, said that whenever the government discovers a potential threat that could jeopardize or compromise national security, an investigation should be conducted, so verification is reasonable and appropriate.
Meanwhile, Micron’s revenues in the second fiscal quarter ending on March 2 fell by 53 percent to $3.7 billion, as weak demand for PCs and smartphones continues to affect the company’s results, according to the latest financial report.
2. Twitter posted the source code on GitHub
Twitter has published part of its source code on GitHub, including the code of the recommendation algorithm. The company has made two repositories publicly available: main repo and ml report.
Instructions for working with the recommendation algorithm code from Twitter engineers. It talks about the recommendation pipeline, which is allegedly executed about five billion times a day.
“We’re trying to extract the top 1,500 tweets from a pool of hundreds of millions… Today, the chronology of the “For You” feed consists on average of 50% In-Network tweets (from users you follow) and 50% Out-of-Network tweets (from users you do not follow), although this may vary from user to user,” Twitter clarified.
“The rating of tweets is achieved using a neural network with around 48 million parameters, which is constantly trained to interact with tweets in order to optimize positive interaction, for example, likes, retweets, and responses,” according to Twitter.
Twitter asked the developer community to study the algorithm code, create their issue, and pull requests to improve and refine this project.
The developers explained that the current release of the algorithm does not include the code that activates the advertising recommendations of the social network. There is also no information about training data for the recommendation algorithm in open repositories.
3. 13 million websites at risk due to critical Elementor Pro vulnerability
A vulnerability has been found in the paid plugin Elementor Pro for WordPress — one of the most popular platforms for creating websites. The plugin is installed on 12 million sites, which is why the vulnerability severity rating is 8.8 out of 10.
Elementor Pro is needed, among other things, for simplified development of site elements and their management. In addition, it contains tools for interacting with the WooCommerce plugin, which is widely used in online stores.
The danger may affect resources where both plugins are used simultaneously. The developer of Elementor Pro managed to release an update (3.11.7), in which he closed the loophole.
To put it simply, due to this vulnerability, attackers could (and still can, if the resource owners do not update the plugins) get administrator rights and redirect traffic to external resources. Attacks using this vulnerability have been detected coming from the IP addresses 184.108.40.206, 220.127.116.11, and 18.104.22.168.
Files with the names wp-resortpack.zip, wp-rate.php, and lll.zip often appear on the hacked sites.
4. Windows 11 users began to be notified about surveillance through a microphone and webcam
In the new version of the Microsoft Windows 11 operating system, a function has been found that notifies users of the application’s requirement to give access to the microphone and webcam of the computer.
It is noted that Microsoft has started implementing the function in test mode and not for all users. The feature, called “Privacy Auditing,” will show the user which applications accessed the microphone, camera, and other computer equipment.
The tool is part of the “Privacy and Security” section in Windows 11 settings. The tool will also indicate exactly when and for how long the programs had access to screenshots, messages, location data.
5. Chameleon is a new Android malware that simulates several household applications
A new Trojan for Android called “Chameleon” has been attacking users in Australia and Poland since the beginning of the year, imitating the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank.
The mobile malware was discovered by the Cyber cybersecurity company, which reported the spread of the virus through compromised websites, Discord attachments, and Bitbucket hosting services.
Chameleon has a wide range of malicious functions, including stealing user credentials by entering overlays and registering keys, cookies, and SMS text messages from an infected device.
After launching, the malware performs several checks to bypass detection by antivirus programs.
Cybersecurity experts have advised Android users to be careful when installing apps on their devices, only download apps from official stores, and always turn on Google Play Protect.
6. Elon Musk is developing an alternative to ChatGPT — TruthGPT, focusing on the search for truth
Elon Musk told Fox News in an interview that he is working on an alternative to ChatGPT, which will be “AI with an emphasis on finding the truth.” The chatbot was named TruthGPT.
The businessman noted that humanity needs an alternative approach to creating AI in order to avoid its destruction.
“I’m going to launch something that I call TruthGPT or maximum truth-seeking AI that tries to understand the nature of the universe,” Musk said. In his opinion, this kind of AI “is unlikely to destroy people, because we are an interesting part of the universe.”
The entrepreneur hinted that OpenAI is striving for profit, and this may hinder the development of ethical AI models. He positioned TruthGPT as a more transparent option.
This isn’t the first time Musk has contemplated creating an alternative AI. In February, he already wrote on Twitter that “we need TruthGPT,” and also drew attention to the risks of large-scale models.
In March, Musk, along with other AI researchers, signed an open letter calling on companies to suspend experiments with models that their creators cannot “understand, predict, or reliably control.”
It is unclear how far the work on TruthGPT has progressed and whether this model exists at the moment.
7. Telegram challenges the court’s decision in Brazil and defends the right to privacy
Telegram is appealing against the decision of a court in Brazil requesting the data of its users, said the founder of the messenger, Pavel Durov, in the Telegram channel.
He noted that the court’s requirement cannot be fulfilled technically.
“We will appeal this decision … Regardless of the price, we will protect our users in Brazil and their right to private communication,” Durov assured.
He clarified that Telegram’s mission is to preserve freedom of speech around the world. In addition, Durov mentioned that if local laws contradict Telegram’s mission, then sometimes you have to leave such markets.
“In the past, countries such as China, Iran, and Russia banned Telegram because of our principled position on human rights,” the founder of the messenger added.
Earlier, Telegram was blocked in Brazil due to insufficient provision of data on riots. It is noted that the messenger provided some of the data after the court demanded it. However, the Telegram management refused to transfer the phone numbers of community administrators who are suspected of organizing riots.