Month: February 2024

Enlarge (credit: Getty Images)

Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN software sold by Ivanti, as hackers already targeting two previous vulnerabilities diversified, researchers said Monday.

The new vulnerability, tracked as CVE-2024-21893, is what’s known as a server-side request forgery. Ivanti disclosed it on January 22, along with a separate vulnerability that so far has shown no signs of being exploited. Last Wednesday, nine days later, Ivanti said CVE-2024-21893 was under active exploitation, aggravating an already chaotic few weeks. All of the vulnerabilities affect Ivanti’s Connect Secure and Policy Secure VPN products.

A tarnished reputation and battered security professionals

The new vulnerability came to light as two other vulnerabilities were already under mass exploitation, mostly by a hacking group researchers have said is backed by the Chinese government. Ivanti provided mitigation guidance for the two vulnerabilities on January 11, and released a proper patch last week. The Cybersecurity and Infrastructure Security Agency, meanwhile, mandated all federal agencies under its authority disconnect Ivanti VPN products from the Internet until they are rebuilt from scratch and running the latest software version.

Enlarge / Text from one of the Herculaneum scrolls has been deciphered. Roughly 95 percent of the scroll remains to be read. (credit: Vesuvius Challenge)

Last fall we reported on the use of machine learning to decipher the first letters from a previously unreadable ancient scroll found in an ancient Roman villa at Herculaneum—part of the 2023 Vesuvius Challenge. Tech entrepreneur and challenge co-founder Nat Friedman has now announced via X (formerly Twitter) that they have awarded the grand prize of $700,000 for producing the first readable text. Three winning team members are Luke Farritor, Yousef Nader, and Julian Schilliger.

As previously reported, the ancient Roman resort town Pompeii wasn't the only city destroyed in the catastrophic 79 AD eruption of Mount Vesuvius. Several other cities in the area, including the wealthy enclave of Herculaneum, were fried by clouds of hot gas called pyroclastic pulses and flows. But still, some remnants of Roman wealth survived. One palatial residence in Herculaneum—believed to have once belonged to a man named Piso—contained hundreds of priceless written scrolls made from papyrus, singed into carbon by volcanic gas.

The scrolls stayed buried under volcanic mud until they were excavated in the 1700s from a single room that archaeologists believe held the personal working library of an Epicurean philosopher named Philodemus. There may be even more scrolls still buried on the as-yet-unexcavated lower floors of the villa. The few opened fragments helped scholars identify a variety of Greek philosophical texts, including On Nature by Epicurus and several by Philodemus himself, as well as a handful of Latin works. But the more than 600 rolled-up scrolls were so fragile that it was long believed they would never be readable since even touching them could cause them to crumble.

Enlarge (credit: Axelle/Bauer-Griffin / Contributor | FilmMagic)

4chan users who have made a game out of exploiting popular AI image generators appear to be at least partly responsible for the flood of fake images sexualizing Taylor Swift that went viral last month.

Graphika researchers—who study how communities are manipulated online—traced the fake Swift images to a 4chan message board that's "increasingly" dedicated to posting "offensive" AI-generated content, The New York Times reported. Fans of the message board take part in daily challenges, Graphika reported, sharing tips to bypass AI image generator filters and showing no signs of stopping their game any time soon.

"Some 4chan users expressed a stated goal of trying to defeat mainstream AI image generators' safeguards rather than creating realistic sexual content with alternative open-source image generators," Graphika reported. "They also shared multiple behavioral techniques to create image prompts, attempt to avoid bans, and successfully create sexually explicit celebrity images."