Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

If you’ve ever posted something to the internet—a pithy tweet, a 2009 blog post, a scornful review, or a selfie on Instagram—it has most likely been slurped up and used to help train the current wave of generative AI. Large language models, like ChatGPT, and image creators are powered by vast reams of our data. And even if it’s not powering a chatbot, the data can be used for other machine-learning features.

Tech companies have scraped vast swathes of the web to gather the data they claim is needed to create generative AI—with little regard for content creators, copyright laws, or privacy. On top of this, increasingly, firms with reams of people’s posts are looking to get in on the AI gold rush by selling or licensing that information. Looking at you, Reddit.

However, as the lawsuits and investigations around generative AI and its opaque data practices pile up, there have been small moves to give people more control over what happens to what they post online. Some companies now let individuals and business customers opt out of having their content used in AI training or being sold for training purposes. Here’s what you can—and can’t—do.

**There’s a Limit**

Before we get to how you can opt out, it’s worth setting some expectations. Many companies building AI have already scraped the web, so anything you’ve posted is probably already in their systems. Companies are also secretive about what they have actually scraped, purchased, or used to train their systems. “We honestly don't know that much,” says Niloofar Mireshghallah, a researcher who focuses on AI privacy at the University of Washington. “In general, everything is very black-box.”

Mireshghallah explains that companies can make it complicated to opt out of having data used for AI training, and even where it is possible, many people don’t have a “clear idea” about the permissions they’ve agreed to or how data is being used. That’s before various laws, such as copyright protections and Europe’s strong privacy laws, are taken into consideration. Facebook, Google, X, and other companies have written into their privacy policies that they may use your data to train AI.

While there are various technical ways AI systems could have data removed from them or “unlearn,” Mireshghallah says, there’s very little that’s known about the processes that are in place. The options can be buried or labor-intensive. Getting posts removed from AI training data is likely to be an uphill battle. Where companies are starting to allow opt-outs for future scraping or data sharing, they are almost always making users opt-in by default.

“Most companies add the friction because they know that people aren’t going to go looking for it,” says Thorin Klosowski, a security and privacy activist at the Electronic Frontier Foundation. “Opt-in would be a purposeful action, as opposed to opting out, where you have to know it’s there.”

While less common, some companies building AI tools and machine learning models don't automatically opt-in customers. “We do not train our models on user-submitted data by default. We may use user prompts and outputs to train Claude where the user gives us express permission to do so, such as clicking a thumbs up or down signal on a specific Claude output to provide us feedback,” says Jennifer Martinez, a spokesperson for Anthropic. In this situation, the most recent iteration of the company’s Claude chatbot is built on public information online and third-party data—content people posted elsewhere online—but not user information.

The majority of this guide deals with opt-outs for text, but artists have also been using “Have I Been Trained?” to signal their images shouldn't be used for training. Run by startup Spawning, the service allows people to see if their creations have been scraped and then opt out of any future training. “Anything with a URL can be opted out. Our search engine only searches images, but our browser extension lets you opt out any media type,” says Jordan Meyer, cofounder and CEO of Spawning. Stability AI, the startup behind a text-to-image tool called Stable Diffusion, is among companies that say they are honoring the system.

The list below only includes companies currently with an opt-out process. For example, Microsoft’s Copilot does not offer users with personal accounts the option to have their prompts not used to improve the software. “A portion of the total number of user prompts in Copilot and Copilot Pro responses are used to fine-tune the experience,” says Donny Turnbaugh, a spokesperson for Copilot. “Microsoft takes steps to deidentify data before it is used, helping to protect consumer identity.” Even if the data is deidentified, privacy-minded users may want more potential control over their information.

**How to Opt Out of AI Training**

Adobe

Adobe via Matt Burgess

If you store your files in Adobe’s Creative Cloud, the company may use them to train its machine-learning algorithm. “When we analyze your content for product improvement and development purposes, we first aggregate your content with other content and then use the aggregated content to train our algorithms and thus improve our products and services,” reads the company’s FAQ. This doesn’t apply to any files stored only on your device.

If you’re using a personal Adobe account, it’s easy to opt out. Open up Adobe’s **privacy page**, scroll down to the **Content analysis** section, and click the toggle to turn it off. For business or school accounts, the opt-out process is not available on the individual level, and you’ll have to reach out to your administrator.

Amazon: AWS

AI services from Amazon Web Services, like Amazon Rekognition or Amazon CodeWhisperer, may save customer data to improve the company’s tools. Head’s up, this is the most complicated opt-out process included in the roundup, so you likely need help from an IT professional at your company or an AWS representative to perform it successfully. Outlined on this support page from Amazon, the process includes enabling the option for your organization, creating a policy, and attaching that policy where necessary.

Google: Gemini

For users of Google’s chatbot, Gemini, conversations may sometimes be selected for human review to improve the AI model. Opting out is simple, though. Open up Gemini in your browser, click on **Activity**, and select the **Turn Off** drop-down menu. Here you can just turn off the Gemini Apps Activity, or you can opt out as well as delete your conversation data. While this does mean in most cases that future chats won’t be seen for human review, already selected data is not erased through this process. According to Google’s privacy hub for Gemini, these chats may stick around for three years.

Grammarly

Grammarly does not currently offer an opt-out process for personal accounts, but self-serve business accounts can choose to opt out from having their data used to train Grammarly’s machine-learning model. Turn it off by opening up your **Account Settings**, clicking on the **Data Settings** tab, and toggling off **Product Improvement & Training**. If you have a managed business account, which includes accounts for classroom education and accounts bought through a Grammarly sales representative, you are automatically opted out from AI model training.

HubSpot

HubSpot, a popular marketing software, automatically uses data from customers to improve its machine-learning model. Unfortunately, there’s not a button to press to turn off the use of data for AI training. You have to **send an email** to privacy@hubspot.com with a message requesting that the data associated with your account be opted out.

OpenAI: ChatGPT and Dall-E

OpenAI via Matt Burgess

People reveal all sorts of personal information while using a chatbot. OpenAI provides some options for what happens to what you say to ChatGPT—including allowing its future AI models not to be trained on the content. “We give users a number of easily accessible ways to control their data, including self-service tools to access, export, and delete personal information through ChatGPT. That includes easily accessible options to opt out from the use of their content to train models,” says Taya Christianson, an OpenAI spokesperson. (The options vary slightly depending on your account type, and data from enterprise customers is not used to train models).

On its help pages, OpenAI says ChatGPT web users without accounts should navigate to **Settings** and then uncheck **Improve the model for everyone**. If you have an account and are logged in through a web browser, select **ChatGPT, Settings, Data Controls,** and then turn off **Chat History & Training**. If you’re using ChatGPT’s mobile apps, go to **Settings**, pick **Data Controls,** and turn off **Chat History & Training**. Changing these settings, OpenAI’s support pages say, won’t sync across different browsers or devices, so you need to make the change everywhere you use ChatGPT.

OpenAI is about a lot more than ChatGPT. For its Dall-E 3 image generator, the startup has a **form that allows you to send images** to be removed from “future training datasets.” It asks for your name, email, whether you own the image rights or are getting in touch on behalf of a company, details of the image, and any uploads of the image(s). OpenAI also says if you have a “high volume” of images hosted online that you want removed from training data, then it may be “more efficient” to add GPTBot to the robots.txt file of the website where the images are hosted.

Traditionally a website’s robots.txt file—a simple text file that usually sits at websitename.com/robots.txt—has been used to tell search engines, and others, whether they can include your pages in their results. It can now also be used to tell AI crawlers not to scrape what you have published—and AI companies have said they’ll honor this arrangement.

Perplexity

Perplexity is a startup that uses AI to help you search the web and find answers to questions. Like all of the other software on this list, you are automatically opted in to having your interactions and data used to train Perplexity’s AI further. Turn this off by clicking on your **account name**, scrolling down to the **Account** section, and turning off the **AI Data Retention** toggle.

Quora

Quora via Matt Burgess

Quora says it “currently” doesn’t use answers to people’s questions, posts, or comments for training AI. It also hasn’t sold any user data for AI training, a spokesperson says. However, it does offer opt-outs in case this changes in the future. To do this, visit its **Settings** page, click to **Privacy,** and turn off the “**Allow large language models to be trained on your content**” option. Despite this choice, there are some Quora posts that may be used for training LLMs. If you reply to a machine-generated answer, the company’s help pages say, then those answers may be used for AI training. It points out that third parties may just scrape its content anyway.

Rev

Rev, a voice transcription service that uses both human freelancers and AI to transcribe audio, says it uses data “perpetually” and “anonymously” to train its AI systems. Even if you delete your account, it will still train its AI on that information.

Kendell Kelton, head of brand and corporate communications at Rev, says it has the “largest and most diverse data set of voices,” made up of more than 6.5 million hours of voice recording. Kelton says Rev does not sell user data to any third parties. The firm’s terms of service say data will be used for training, and that customers are able to opt out. People can opt out of their data being used by **sending an email** to support@rev.com, its help pages say.

Slack

All of those random Slack messages at work might be used by the company to train its models as well. “Slack has used machine learning in its product for many years. This includes platform-level machine-learning models for things like channel and emoji recommendations,” says Jackie Rocca, a vice president of product at Slack who’s focused on AI.

Even though the company does not use customer data to train a large language model for its Slack AI product, Slack may use your interactions to improve the software’s machine-learning capabilities. “To develop AI/ML models, our systems analyze Customer Data (e.g. messages, content, and files) submitted to Slack,” says Slack’s privacy page. Similar to Adobe, there’s not much you can do on an individual level to opt out if you’re using an enterprise account.

The only real way to opt out is to have your administrator email Slack at feedback@slack.com. The message must have the subject line “Slack Global model opt-out request” and include your organization's URL. Slack doesn’t provide a timeline for how long the opt-out process takes, but it should send you a confirmation email after it’s complete.

Squarespace

Website-building tool Squarespace has built in a toggle to stop AI crawlers from scraping websites it hosts. This works by updating your website’s robots.txt file to tell AI companies the content is off limits. To block the AI bots, open **Settings** within your account, find **Crawlers**, and turn off **Artificial Intelligence Crawlers**. It points out this should work for the following crawlers: Anthropic, OpenAI’s GPTBot and ChatGPT-User, Google Extended, and CCBot.

Substack

If you use Substack for blog posts, newsletters, or more, the company also has an easy option to apply the robots.txt opt-out. Within your **Settings** page, scroll to the **Publication** section and turn on the toggle to **Block AI training**. Its help page points out: “This will only apply to AI tools that respect this setting.”

Tumblr

Blogging and publishing platform Tumblr—owned by Automattic, which also owns WordPress—says it is “working with” AI companies that are “interested in the very large and unique set of publicly published content” on the wider company’s platforms. This doesn’t include user emails or private content, an Automattic spokesperson says.

Tumblr has a “prevent third-party sharing” option to stop what you publish being used for AI training, as well as being shared with other third parties such as researchers. If you’re using the Tumblr app, go to account S**ettings**, select your blog, click on the **gear icon**, select **Visibility**, and toggle the “**Prevent third-party sharing**” option. Explicit posts, deleted blogs, and those that are password-protected or private, are not shared with third-party companies in any case, Tumblr’s support pages say.

WordPress

Wordpress via Matt Burgess

Like Tumblr, WordPress has a “prevent third-party sharing” option. To turn this on, visit your website’s dashboard, click on **Settings**, **General**, and then through to **Privacy**, select the **Prevent third-party sharing** box. “We are also trying to work with crawlers (like https://commoncrawl.org/) to prevent content from being scraped and sold without giving our users choice or control over how their content is used,” an Automattic spokesperson says.

Your Website

If you are hosting your own website, you can update your robots.txt file to tell AI bots not to scrape the pages. Most news websites don’t allow their articles to be crawled by AI bots. WIRED’s robots.txt file, for example, doesn’t allow bots from OpenAI, Google, Amazon, Facebook, Anthropic, or Perplexity, among others. This opt-out isn’t just for publishers though: Any website, big or small, can alter its robots file to exclude AI crawlers. All you need to do is add a disallow command; working examples can be found here.

How to Stop Your Data From Being Used to Train AI

The Change Healthcare ransomware attack as suffered a third cruel twist.

The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of “highly selective data,” which relates to “all Change Health clients that have sensitive data being processed by the company.”

The announcement follows a series of events that require some unpacking.

Change Healthcare is one of the largest healthcare technology companies in the USA, responsible for the flow of payments between payers, providers, and patients. It was attacked on Wednesday February 21, 2024, by a criminal “affiliate” working with the ALPHV ransomware group, which led to huge disruptions in healthcare payments. Patients were left facing enormous pharmacy bills, small medical providers teetered on the edge of insolvency, and the government scrambled to keep the money flowing and the lights on.

American Hospital Association (AHA) President and CEO Rick Pollack described the attack as “the most significant and consequential incident of its kind against the US health care system in history.”

The notorious ALPHV ransomware group claimed responsibility, chalking up Change Healthcare as one of a raft of healthcare victims in what looked like a deliberate campaign against the sector at the start of 2024.

ALPHV used the ransomware-as-a-service (RaaS) business model, selling the software and infrastructure used to carry out ransomware attacks to criminal gangs known as affiliates, in return for a share of the ransoms they extorted.

On March 3, a user on the RAMP dark web forum claimed they were the affiliate behind the attack, and that ALPHV had stolen the entirety of a $22 million ransom paid by Change Healthcare. Shortly after, the ALPHV group disappeared in an unconvincing exit scam designed to make it look as if the group’s website had been seized by the FBI.

ALPHV’s exit left Change Healthcare with nothing to show for its $22 million payment, a disgruntled affiliate looking for a ransom, and very possibly two different criminal gangs—ALPHV and its affiliate—in possession of a huge trove of stolen data.

Now, a month later, a newcomer ransomware group, RansomHub has listed Change Healthcare as a victim on its website.

Change Healthcare is listed as a victim on the RansomHub dark web leak site

While some have speculated that Change Healthcare has suffered a second attack, the RansomHub site itself makes the connection to the events surrounding February 21 quite clear:

> As an introduction we will give everyone a fast update on what happened previously and on the current situation.
> 
> ALPHV stole the ransom payment (22 Million USD) that Change Healthcare and United Health payed in order to restore their systems and prevent the data leak.
> 
> HOWEVER we have the data and not ALPHV.

RansomHub first appeared in late February and its arrival dovetails neatly with ALPHV’s disappearance in very early March, leading some to think they are the same group under two different names.

The statement also pours water on the idea that RansomHub is a rebrand of the ALPHV group with its suggestion that “we have the data and not ALPHV.” However, any public statement like this has to be tempered by the fact that ransomware groups are prolific liars.

It’s not uncommon for affiliates to work with multiple RaaS providers, so the most likely explanation is that having lost its money to ALPHV, the affiliate that ransacked Change Healthcare has paired up with a different ransomware group.

Whatever the reason, there is no comfort in it for Change Healthcare. Having apparently already paid a ransom thirty times greater than the average demand, it now has to decide whether it’s going to pay out again.

For everyone else, it’s a lesson in how devastating ransomware can be, and how badly things can go even when you pay a ransom.

**How to avoid ransomware**

*   **Block common forms of entry.** Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
*   **Prevent intrusions.** Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
*   **Detect intrusions.** Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption.** Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 New ransomware group demands Change Healthcare ransom 

We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems?
Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think.
Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers

Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical."

Source: redbrickstock.com via Alamy Stock Photo

Microsoft outdid itself with this month's Patch Tuesday releases, which contain no zero-day patches, though at least one of the patches addresses a flaw already being actively exploited.

Products affected by the most recent Patch Tuesday updates include Windows and Windows Components; Azure; .NET Framework and Visual Studio; SQL Server; DNS Server; Windows Defender; Bitlocker; and Windows Secure Boot.

Microsoft's April update included 147 CVEs, three rated "Critical," 142 categorized as "Important," and two listed as "Moderate" in severity. That number swells to 155 CVEs if third-party flaws are included. The number represents a record high for Patch Tuesday fixes.

"Microsoft patched 147 CVEs in April, the largest number of CVEs patched in a month since we began tracking this data in 2017," Satnam Narang, senior staff researcher engineer at Tenable, said in a statement. "The last time there were over 100 CVEs patched was October 2023, when Microsoft addressed 103 CVEs." The previous high was in July 2023, with 130 CVEs patched, Narang added.

Microsoft did not indicate any of the April Patch Tuesday CVEs are zero-day threats, a welcome departure from last year's brisk clip of zero-day disclosures.

"This time last year, there were seven zero-day vulnerabilities exploited in the wild," Narang said. This year, there have only been two zero-days exploited and both were in February. "It's difficult to pinpoint why we've seen this decrease, whether it's just a lack of visibility or if it signifies a trend with attackers utilizing known vulnerabilities as part of their attacks on organizations."

However, Dustin Childs of the Zero Day Initiative noted in his April Microsoft Patch Tuesday analysis that his organization has evidence of a known exploited flaw in the list of this month's fixes.

**Patch Tuesday Fixes to Prioritize**

Childs pointed to the max-severity vulnerability in SmartScreen Prompt Security Feature Bypass (CVE-2024-29988) with a CVSS score of 8.8, which was discovered by ZDI but wasn't listed as exploited in Microsoft's Patch Tuesday update.

"However, the bug reported by ZDI threat hunter Peter Girrus was found in the wild," Childs added. "We have evidence this is being exploited in the wild, and I'm listing it as such."

Another max-severity bug impacting the Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2024-20678) was given a CVSS score of 8.8 and patched this month by Microsoft.

A spoofing vulnerability (CVE-2024-20670), listed as max-severity with a base CVSS of 8.1, was fixed in Outlook for Windows. And a Windows DNS Server Remote Code Execution, also listed as max-severity (CVE-2024-26221) with a CVSS score of 7.2, was patched as well.

**Microsoft SQL Gets Plenty of Patches**

Microsoft SQL Server vulnerabilities make up a large share of this month's Patch Tuesday fixes, according to Kev Breen, senior director threat research for Immersive Labs.

"While at first glance, it may appear that Microsoft has called out a large number of vulnerabilities in its latest notes, 40 of them are all related to the same product — Microsoft SQL Server," Breen said in a statement. "The main issue is with the Clients used to connect to an SQL server, not the server itself."

Breen went on to explain that all of these would require social engineering, making the SQL flaws difficult to exploit in any useful capacity.

"All the reported vulnerabilities follow a similar pattern: For an attacker to gain code execution, they must convince an authenticated user inside an organization to connect to a remote SQL server the attacker controls," Breen added. "While not impossible, this is unlikely to be exploited at scale by attackers."

Security teams concerned about these types of attacks should look for anomalous activity and block outbound connections except to trusted servers.

**Microsoft SmartScreen Prompt and Secure Boot Flaws**

Tenable's Narang noted this month's fix for the SmartScreen Prompt security feature bypass (CVE-2024-29988), with its CVSS score of 8.8, likewise relies on social engineering to make exploitation possible. A similar zero-day bug (CVE-2024-21412), discovered by the same researchers was used in a DarkGate campaign impersonating popular brands like Apple iTunes.

"Microsoft Defender SmartScreen is supposed to provide additional protections for end users against phishing and malicious websites," Narang said. "However, as the name implies, these flaws bypass these security features, which leads to end users being infected with malware."

Narang also suggested security teams take a look at the 24 Windows Secure Boot flaw fixes included in Microsoft's April Patch Tuesday release.

"The last time Microsoft patched a flaw in Windows Secure Boot (CVE-2023-24932) in May 2023 had a notable impact as it was exploited in the wild and linked to the BlackLotus UEFI bootkit, which was sold on Dark Web forums for $5,000," he said.

BlackLotus malware is able to block security protections while booting up.

"While none of these Secure Boot vulnerabilities addressed this month were exploited in the wild, they serve as a reminder that flaws in Secure Boot persist, and we could see more malicious activity related to Secure Boot in the future," Narang stressed.

Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk

PRESS RELEASE

SAN DIEGO, April 9, 2024/PRNewswire/ -- ESET, a global leader in digital security, is pleased to announce the introduction of ESET Small Business Security, which has been specifically designed to meet the cybersecurity needs of Small Office/Home Office business owners.

According to the Small Business Administration, out of the 33.3 million small businesses in the United States, over 27 million are managed solely by their owners and do not employ any additional personnel. Over 5 million small businesses have under 19 employees1. ESET's new comprehensive security solution is engineered to provide seamless, user-friendly protection, enabling these smaller SMBs to thrive in an increasingly digital landscape.

"This new offering is a testament to ESET's commitment to innovation and its dedication to supporting the growth and security of entrepreneurs, small businesses and home offices," said Brent McCarty, President of ESET North America. "Small businesses have long demanded the power of ESET in a right-sized offering. With this launch, we provide SOHO business owners with a simple yet powerful solution for their businesses that is easily manageable, highly reliable, and tailored to their needs, enabling them to focus on their growth without compromising on security."

The ESET Small Business Security solution supports up to 25 devices and offers an array of features tailored to safeguard online banking transactions and browsing, secure devices, manage passwords, protect Windows servers, encrypt sensitive data, guard against ransomware and counter phishing scams. Furthermore, the offering facilitates safe and anonymous browsing alongside unlimited VPN security where applicable, ensuring both work and personal devices are shielded from cyber threats. This new offering guarantees reliable security with a minimal system footprint, ensuring efficient protection across multiple operating systems, including Windows, Android, and macOS.

ESET Small Business Security includes ESET HOME, security management platform that enables users to have complete security management with information about security status, devices, subscriptions and features currently in use.

ESET HOME is available via a web portal and a mobile application, allowing users to have security of their devices under control anywhere they go.

For more detailed information about ESET Small Business Security, visit here.

About ESET  
For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure, and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET's high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET's R&D centers worldwide, working in support of our shared future. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter (X).

ESET Launches a New Solution for Small Office/Home Office Businesses

Scans showed that 91,000 devices are exposed and at risk for unauthorized access and TV set takeover.

Source: Askar Karimullin via Alamy Stock Photo

Researchers at Bitdefender have discovered four vulnerabilities in LG webOS, the operating system for multiple models of its smart television line.

According to the researchers, even though the now vulnerable LG webOS service is supposed to be used in local area networks, scans show that there are reportedly roughly 91,000 exposed devices that are vulnerable to the bugs.

The bugs are a mix of command injection, privilege escalation, and bypass vulnerabilities and are tracked as CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320. For instance, CVE-2023-6317 can allow an attacker to add an extra user to the TV set, and CVE-2023-6318 can allow a user to use the access "gained in the first step to root and fully take over the device."

They impact webOS 4.9.7-5.30.40 running on LG43UM7000PLA, webOS 5.5.0-04.50.51 running on OLED55CXPUA, webOS 6.3.3-442 (kisscurl-kinglake)-03.36.50 running on OLED48C1PUB, and webOS 7.3.1-43 (mullet-mebin)-03.33.85 running on OLED55A23LA.

The researchers reported their findings to LG in November 2023, but it was only last month that the vendor released security updates. Affected users who have not been alerted to the vulnerabilities or the updates to fix them should go to the TV "Settings," then "Support," and "Software Update," and then click on "Check for Update."

**About the Author(s)**

LG Smart TVs at Risk of Attacks, Thanks to 4 OS Vulnerabilities

If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147 flaws in Windows and related software.

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for **Microsoft** to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in **Windows** and related software.

Yes, you read that right. Microsoft today released updates to address 147 security holes in Windows, **Office**, **Azure**, **.NET Framework**, **Visual Studio**, **SQL Server**, **DNS Server**, **Windows Defender**, **Bitlocker**, and **Windows Secure Boot**.

“This is the largest release from Microsoft this year and the largest since at least 2017,” said **Dustin Childs**, from **Trend Micro’s Zero Day Initiative** (ZDI). “As far as I can tell, it’s the largest Patch Tuesday release from Microsoft of all time.”

Tempering the sheer volume of this month’s patches is the middling severity of many of the bugs. Only three of April’s vulnerabilities earned Microsoft’s most-dire “critical” rating, meaning they can be abused by malware or malcontents to take remote control over unpatched systems with no help from users.

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

**Ben McCarthy**, lead cyber security engineer at **Immersive Labs** called attention to CVE-2024-20670, an **Outlook for Windows** spoofing vulnerability described as being easy to exploit. It involves convincing a user to click on a malicious link in an email, which can then steal the user’s password hash and authenticate as the user in another Microsoft service.

Another interesting bug McCarthy pointed to is CVE-2024-29063, which involves hard-coded credentials in Azure’s search backend infrastructure that could be gleaned by taking advantage of **Azure AI** search.

“This along with many other AI attacks in recent news shows a potential new attack surface that we are just learning how to mitigate against,” McCarthy said. “Microsoft has updated their backend and notified any customers who have been affected by the credential leakage.”

CVE-2024-29988 is a weakness that allows attackers to bypass **Windows SmartScreen**, a technology Microsoft designed to provide additional protections for end users against phishing and malware attacks. Childs said one ZDI’s researchers found this vulnerability being exploited in the wild, although Microsoft doesn’t currently list CVE-2024-29988 as being exploited.

“I would treat this as in the wild until Microsoft clarifies,” Childs said. “The bug itself acts much like CVE-2024-21412 – a \[zero-day threat from February\] that bypassed the Mark of the Web feature and allows malware to execute on a target system. Threat actors are sending exploits in a zipped file to evade EDR/NDR detection and then using this bug (and others) to bypass Mark of the Web.”

**Update, 7:46 p.m. ET:** A previous version of this story said there were no zero-day vulnerabilities fixed this month. BleepingComputer reports that Microsoft has since confirmed that there are actually two zero-days. One is the flaw Childs just mentioned (CVE-2024-21412), and the other is CVE-2024-26234, described as a “proxy driver spoofing” weakness.

**Satnam Narang** at **Tenable** notes that this month’s release includes fixes for two dozen flaws in **Windows Secure Boot**, the majority of which are considered “Exploitation Less Likely” according to Microsoft.

“However, the last time Microsoft patched a flaw in Windows Secure Boot in May 2023 had a notable impact as it was exploited in the wild and linked to the BlackLotus UEFI bootkit, which was sold on dark web forums for $5,000,” Narang said. “BlackLotus can bypass functionality called secure boot, which is designed to block malware from being able to load when booting up. While none of these Secure Boot vulnerabilities addressed this month were exploited in the wild, they serve as a reminder that flaws in Secure Boot persist, and we could see more malicious activity related to Secure Boot in the future.”

For links to individual security advisories indexed by severity, check out ZDI’s blog and the Patch Tuesday post from the SANS Internet Storm Center. Please consider backing up your data or your drive before updating, and drop a note in the comments here if you experience any issues applying these fixes.

Adobe today released nine patches tackling at least two dozen vulnerabilities in a range of software products, including **Adobe After Effects**, **Photoshop**, **Commerce**, **InDesign**, **Experience Manager**, **Media Encoder**, **Bridge**, **Illustrator**, and **Adobe Animate**.

KrebsOnSecurity needs to correct the record on a point mentioned at the end of March’s “Fat Patch Tuesday” post, which looked at new AI capabilities built into **Adobe Acrobat** that are turned on by default. Adobe has since clarified that its apps won’t use AI to auto-scan your documents, as the original language in its FAQ suggested.

“In practice, no document scanning or analysis occurs unless a user actively engages with the AI features by agreeing to the terms, opening a document, and selecting the AI Assistant or generative summary buttons for that specific document,” Adobe said earlier this month.

April’s Patch Tuesday Brings Record Number of Fixes

Threat actors once again target system administrators via their favorite tools. Learn more about their TTPs and use the IOCs provide to investigate.

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Google’s search engine page and localized to North America.

Victims are tricked into downloading and running the Nitrogen malware masquerading as a PuTTY or FileZilla installer. Nitrogen is used by threat actors to gain initial access to private networks, followed by data theft and the deployment of ransomware such as BlackCat/ALPHV.

We have reported this campaign to Google but no action has been taken yet. This blog post aims to share the tactics, techniques and procedures (TTPs) as well as indicators of compromise (IOCs) so defenders can take action.

**Step 1: Luring victims in via malicious ads**

The initial intrusion starts from a malicious ad displayed via Google search. We have observed several different advertiser accounts which were all reported to Google. The lures are utilities commonly used by IT admins such as PuTTY and FileZilla.

Online ads from search engine result pages are increasingly being used to deliver malware to corporate users. ThreatDown users that have DNS Filtering can enable ad blocking in their console to prevent such malvertising attacks:

**Step 2: Directing users to lookalike sites**

The malvertising infrastructure deployed by Nitrogen threat actors uses a cloaking page that can either redirect to a decoy site or the infamous Rick Astley video. The redirect to a decoy page can be activated if the campaign is not weaponized yet or if the malicious server detects invalid traffic (bot, crawler, etc.).

The Rick Astley redirect is mostly to mock security researchers investigating this campaign:

Actual lookalike pages are meant for potential victims. They are often good-looking copycats which could easily fool just about anyone:

ThreatDown blocks these malicious websites to prevent your users from being social-engineered into downloading malware:

**Step 3: Deploying malware via a fraudulent installer**

The final step in this malvertising chain consists of downloading and running the malware payload. Nitrogen uses a technique known as DLL sideloading whereby a legitimate and signed executable launches a DLL. In this case, _setup.exe_ (from the Python Software Foundation) sideloads _python311.dll_ (Nitrogen).

ThreatDown via its EDR engine quarantines the malicious DLL immediately. System administrators can log into their console and use the AI-assisted engine to quickly search and review the detection:

**Recommendations**

While there are many phishing training simulations for email threats, we aren’t aware of similar trainings for malvertising. Yet, the threat has become prevalent enough to warrant better user education.

Endpoints can be protected from malicious ads via group policies that restrict traffic coming from the main and lesser known ad networks. Click here for more information about DNS filtering via our Nebula platform.

Endpoint Detection and Response (EDR) is a cornerstone in your security posture, complemented by Managed Detection and Response (MDR) where analysts can quickly alert you of an impending intrusion.

**Indicators of Compromise**

Cloaking domains:

kunalicon\[.\]com  
inzerille\[.\]com  
recovernj\[.\]com

Lookalike sites:

file-zilla-projectt\[.\]org  
puuty\[.\]org  
pputy\[.\]com  
puttyy\[.\]ca

Nitrogen payloads (URLs):

amplex-amplification\[.\]com/wp-includes/FileZilla\_3.66.1\_win64.zip  
newarticles23\[.\]com/wp-includes/putty-64bit-0.80-installer.zip  
support\[.\]hosting-hero\[.\]com/wp-includes/putty-64bit-0.80-installer.zip  
mkt.geostrategy-ec\[.\]com/installer.zip

Nitrogen payloads (SHA256):

ecde4ca1588223d08b4fc314d6cf4bce82989f6f6a079e3eefe8533222da6281
2037ec95c91731f387d3c0c908db95184c93c3b8412b6b3ca3219f9f8ff60945
033a286218baca97da19810446f9ebbaf33be6549a5c260889d359e2062778cf

Nitrogen C2s:

94.156.65\[.\]98  
94.156.65\[.\]115

 Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla 

### Impact

It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way.

### Patches

Update to Contao 4.13.40 or 5.3.4.

### Workarounds

Do not output the submitted form data on the website.

### References

https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator

### For more information

If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

**Contao: Unencoded insert tags in the frontend**

Low severity GitHub Reviewed Published Apr 9, 2024 in contao/contao • Updated Apr 9, 2024

Tag

#web