Every day we scan the tech world for interesting news in the world of technology and sometimes from outside the world of technology. Every Wednesday, we feature some news articles that grabbed our attention over the past week. We hope you find this week’s\u00a0 ‘Wednesday Newsbytes’ informative and interesting!<\/span><\/p>\n Windows 10 users encounter \u2018blue screen of death\u2019 after latest Patch Tuesday update<\/span><\/strong><\/span><\/a><\/p>\n Microsoft said it is working on a fix for the issue and has offered users a temporary workaround<\/span><\/strong><\/span><\/p>\n Microsoft has warned that some Windows 10 users may encounter the infamous \u2018blue screen of death\u2019 (BSOD) after installing its latest ‘Patch Tuesday’ security updates.<\/span><\/p>\n In an update on the Windows Health Dashboard, the company revealed that the blue screen issue could affect selected users who downloaded the KB5021233 update in this month\u2019s recent raft of security fixes.<\/span><\/p>\n KB5021233 was initially intended to resolve an issue affecting the Camera app after users reported that the app stops responding when memory is low.<\/span><\/p>\n The issue has so far affected users operating several different versions of Windows 10, the firm revealed, including 22H2, 21H2, 21H1, and 20H2.<\/span><\/p>\n Impacted users have been met with the BSOD and error code 0xc000021a upon startup, and have been unable to access devices.<\/span><\/p>\n \u201cAfter installing KB5021233, there might be a mismatch between the file versions of hidparse.sys in c:\/windows\/system32 and c:\/windows\/system32\/drivers (assuming Windows is installed to your C: drive), which might cause signature validation to fail when cleanup occurs,\u201d Microsoft confirmed in its update over the weekend.<\/span><\/p>\n How to fix the issue<\/span><\/strong><\/span><\/p>\n Microsoft revealed it is currently \u201cworking on a resolution\u201d for the issue and said it will provide an update in an upcoming release…<\/span><\/p><\/blockquote>\n Read more at ITPro.<\/span><\/strong><\/span><\/a><\/p>\n Microsoft finds macOS bug that lets malware bypass security checks<\/span><\/strong><\/a><\/p>\n Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions.<\/span><\/strong><\/span><\/p>\n Found and reported by Microsoft principal security researcher Jonathan Bar Or, the security flaw (dubbed Achilles) is now tracked as CVE-2022-42821.<\/span><\/p>\n Apple addressed the bug in macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur) one week ago, on December 13.<\/span><\/p>\n Gatekeeper bypass via restrictive ACLs<\/span><\/strong><\/span><\/p>\n Gatekeeper is a macOS security feature that automatically checks all apps downloaded from the Internet if they are notarized and developer-signed (approved by Apple), asking the user to confirm before launching or issuing an alert that the app cannot be trusted.<\/span><\/p>\n This is achieved by checking an extended attribute named com.apple.quarantine which is assigned by web browsers to all downloaded files, similar to Mark of the Web in Windows.<\/span><\/p>\n The Achilles flaw allows specially-crafted payloads to abuse a logic issue to set restrictive Access Control List (ACL) permissions that block web browsers and Internet downloaders from setting the com.apple.quarantine attribute for downloaded the payload archived as ZIP files.<\/span><\/p>\n As a result, the malicious app contained within an archived payload launches on the target’s system instead of getting blocked by Gatekeeper, allowing attackers to download and deploy malware…<\/span><\/p><\/blockquote>\n Read more at Bleeping Computer.<\/span><\/strong><\/span><\/span><\/a><\/p>\n Critical Windows code-execution vulnerability went undetected until now<\/span><\/strong><\/a><\/p>\n Microsoft elevates security rating for vulnerability resembling EternalBlue.<\/span><\/strong><\/span><\/p>\n Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue, the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017.<\/span><\/p>\n Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it\u2019s wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems. The wormability of EternalBlue allowed WannaCry and several other attacks to spread across the world in a matter of minutes with no user interaction required.<\/span><\/p>\n But unlike EternalBlue, which could be exploited when using only the SMB, or server message block, a protocol for file and printer sharing and similar network activities, this latest vulnerability is present in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability.<\/span><\/p>\n \u201cAn attacker can trigger the vulnerability via any Windows application protocols that authenticates,\u201d Valentina Palmiotti, the IBM security researcher who discovered the code-execution vulnerability, said in an interview. \u201cFor example, the vulnerability can be triggered by trying to connect to an SMB share or via Remote Desktop. Some other examples include Internet exposed Microsoft IIS servers and SMTP servers that have Windows Authentication enabled. Of course, they can also be exploited on internal networks if left unpatched.”…<\/span><\/p><\/blockquote>\n Read more at<\/span> Ars Technica.<\/span><\/strong><\/span><\/a><\/p>\n How AI-generated text is poisoning the internet<\/span><\/strong><\/a><\/p>\n Plus: A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?<\/span><\/strong><\/span><\/p>\n This has been a wild year for AI. If you\u2019ve spent much time online, you\u2019ve probably bumped into images generated by AI systems like DALL-E 2 or Stable Diffusion, or jokes, essays, or other text written by ChatGPT, the latest incarnation of OpenAI\u2019s large language model GPT-3.<\/span><\/p>\n Sometimes it\u2019s obvious when a picture or a piece of text has been created by an AI. But increasingly, the output these models generate can easily fool us into thinking it was made by a human. And large language models in particular are confident bull********: they create text that sounds correct but in fact may be full of falsehoods.<\/span><\/p>\n While that doesn\u2019t matter if it\u2019s just a bit of fun, it can have serious consequences if AI models are used to offer unfiltered health advice or provide other forms of important information. AI systems could also make it stupidly easy to produce reams of misinformation, abuse, and spam, distorting the information we consume and even our sense of reality. It could be particularly worrying around elections, for example…<\/span><\/p><\/blockquote>\n Read more at MIT TECHNOLOGY REVIEW<\/span><\/strong><\/span><\/span>.<\/span><\/strong><\/span><\/span><\/a><\/span><\/p>\n Google Introduces End-to-End Encryption for Gmail<\/a><\/span><\/strong><\/p>\n A new encryption software update is being rolled out in a beta test for eligible Google Workspace users<\/span><\/strong><\/span><\/p>\n Google Workspace is rolling out a new security update on Gmail, adding end-to-end encryption that aims to provide an added layer of security when sending emails and attachments on the web. Customers will continue to have control over encryption keys and identity services that provide access to those keys.<\/span><\/p>\n The update is still in the beta stages, but eligible Workspace customers with Enterprise Plus, Education Standard, and Education Plus accounts can fill out an application to test the program through Google\u2019s support center. Once the encryption update has been completed, Gmail Workspace customers will find that any sensitive information or data delivered cannot be decrypted by Google\u2019s servers.<\/span><\/p>\n According to the support center, the application window will be open until January 20, 2023, and once users have accessed the feature, they will be able to choose to turn on the additional encryption by selecting the padlock button when drafting their email. But once activated, some features will be disabled, including emojis, signatures, and Smart Compose…<\/span><\/p><\/blockquote>\n Read more at Gizmodo<\/span><\/strong><\/span><\/span>.<\/span><\/strong><\/span><\/span><\/a>\u00a0\u00a0<\/b><\/span><\/p>\n Billionaires Are A Security Threat<\/span><\/strong><\/a><\/p>\n Elon Musk\u2019s Twitter takeover is a case study in destruction. It doesn\u2019t have to be this way.<\/span><\/strong><\/span><\/p>\n Elon Musk\u2019s acquisition of Twitter is particularly hard to swallow because every report of internal chaos reminds us that we may have sacrificed the most promising mode of online communication invented in decades by failing to identify it for what it was back when we had the chance. Musk\u2019s purchase should never have been possible in the first place because Twitter should never have been an asset. It is \u201cthe public conversation layer of the internet,\u201d as founder Jack Dorsey once put it, and consequently has functioned as the de facto center of our global alert system through the pandemic. It is astonishing that it is even still possible for one person to own this. It\u2019s like owning email.<\/span><\/p>\n In the field of information security, there\u2019s a kind of vulnerability known as the evil maid attack whereby an untrusted party gains physical access to important hardware, such as the housekeeping staff coming into your hotel room when you\u2019ve left your laptop unattended, thereby compromising it. We have here a new analog, just as capable of wrecking systems and leaking data. Call it the \u201cevil billionaire attack\u201d if you\u2019d like. The weapon is money, and more specifically, the likelihood that when the moment arrives you won\u2019t have enough of it to make a difference. The call is coming from inside the house.<\/span><\/p>\n The reason this strategy works is that most ideas of any consequence are owned by people with more money than you…<\/span><\/p><\/blockquote>\n Read more at Wired.<\/span><\/strong><\/span><\/a><\/p>\n Thanks for reading this week’s Wednesday Newbytes. We hope you found these articles informative, interesting, fun, and\/or helpful. Merry Christmas! Darcy & TC<\/span><\/em><\/strong><\/span><\/p>\n Wednesday Newsbytes: Another Buggy Windows Update, Microsoft Finds Apple Flaw, AI-Generated Text Poisoning the Internet, Billionaires are a Security Risk…and more! Every day we scan the tech world for interesting news in the world of technology and sometimes from outside the world of technology. Every Wednesday, we feature some news articles that grabbed our attention over\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":23363,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4421,1751,2247,1678,1669,2509,1674,4372,4353,2366],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/24702"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=24702"}],"version-history":[{"count":3,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/24702\/revisions"}],"predecessor-version":[{"id":24709,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/24702\/revisions\/24709"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media\/23363"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=24702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=24702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=24702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"Our](\"https:\/\/thundercloud.net\/infoave\/images\/2023\/christmassale.png\")
<\/a><\/p>\n
\n\n
\n
\n
\n\n
\n
\n
\n![\"\"](\"https:\/\/www.thundercloud.net\/infoave\/new\/wp-content\/uploads\/2022\/11\/holiday22big.png\")
<\/p>\n","protected":false},"excerpt":{"rendered":"