#amazon

By Waqas The cybercrime platform 16shop sold hacking tools and other malicious tools used to compromise more than 70,000 users in 43 countries. This is a post from HackRead.com Read the original post: INTERPOL Dismantles Infamous ’16shop’ Phishing-as-a-Service Platform

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES’s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later.

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.

By Waqas Microsoft Bids Farewell to Standalone Cortana App on Windows 11, Welcomes Windows Copilot. This is a post from HackRead.com Read the original post: Microsoft Bids Farewell to Cortana App on Windows 11

The US Congress is trying to tame the rapid rise of artificial intelligence. But senators’ failure to tackle privacy reform is making the task a nightmare.

A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.

Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

Generative AI won't just flood the internet with more lies—it may also create convincing disinformation that's targeted at groups or even individuals.

Meta most recently entered the AI race with Llama 2, an open-source version of their chatbot. IBM has also re-branded its watson tool (formerly known as capital “W” Watson who was really good at “Jeopardy”) to be a ChatGPT-like.