#FactCheck: Viral video blast of fuel tank in UAE Al Hariyah Port portray as Russia-Ukraine Conflict

Key points: Data collection, Protecting Children, and Awareness

Introduction

The evolution of technology has drastically changed over the period impacting mankind and their lifestyle. For every single smallest aspect, humans are reliable on the computers they have manufactured. The use of AI has almost hindered mankind, kids these days are more lethargic to work and write more sensibly on their own, but they are more likely interested in television, video games, mobile games, etc. School kids use AI just to complete their homework. Is it a good sign for the country’s future? The study suggests that Tools like ChatGPT is a threat to humans/a child’s potential to be creative and make original content requiring a human writer’s insight. Tools like ChatGPT can remove students’ artistic voices rather than using their unique writing style.

Does any of those browsers or search engines use your search history against you? or How do non-users tend to lose their private info on such a search engine?

Are there any safety measures that one’s the government of a particular country taking to protect their people’s rights?

Some of us might wonder how these two fancy-looking world merge and into, Arey they a boon or curse?

So here’s the top news getting flooded all over the world through the internet,

“Italian Agency impose strict measures on OpenAI’s ChatGPT”

Italy becomes the first Western European country to take serious measures about using Open AI ChatGPT. An Italian Data Protection agency named Garante has set mandates on ChatGPT. Garante has raised concerns about privacy violations and the inability to verify the age of users. Garate has also claimed that the AI ChatBot is violating the EU’s General Data Protection Regulation (GDPR). In a press release, Garante demanded OpenAI take necessary actions.

To begin with, Garante has demanded that OpenAI’s ChatGPT should increase its transparency and give a comprehensive statement about its data processing practices. OpenAI must specify between obtaining user consent for processing users’ data to train its AI model or may rely on a legitimate basis. OpenAI must maintain the privacy of users’ data.

In addition, ChatGPT should also take measures to prevent minors from accessing the technology at such an early stage of life, which could hinder their brain power. ChatGPT should add some age verification system to prevent minors from accessing explicit content. Moreover, Garante suggests that OpenAI should spread awareness among its users about their data being processed to train its AI model. Garante has set a deadline of April 30 for ChatGPT to complete the given tasks. Until then, its service should be banned in the country.

Child safety while surfing on ChatGpt

Italian agency demands age limitation to surf and an age verification method to exclude users under the age of 13, and parental authority should be required for users between the ages of 13 and 18. As this is a matter of security. Children might get exposed to explicit content invalidated to their age or explore illegitimate content. The AI chatbot doesn’t have the sense to determine which content is appropriate for the underage audience. Due to tools like chatbots, subjective things/information are already available to young students, leading to endangered irrespective of their future. As ChatGpt can hinder their potential and ability to create original and creative content for young minds. It is a threat motivation to humans’ motivation to write. Moreover, when students need time to think and analyze they get lethargic due to tools like ChatGPT, and the practice they need fades away.

Collection of User’s Data

According to some reports from the company’s privacy policy, OpenAI ChatGpt collects an assortment of additional data. The first two questions are for a free trial when a session starts. It asks for your Login, and SignUp through your Gmail account collects your IP address, browser type, and the data you put in the form of input, i.e. it collects data on the user’s interaction with the website, It also collects the user’s data like session time, cookies through third party may tend to sell it to an unspecified third party.

This snapshot shows that they have added a few things after Garante’s draft.

Conclusion

AI chatbot – Chatgpt is an advanced technology tool that makes work a little easier, but one surfing on such tools must stay aware of the information they are asking for. Such AI bots are trained to understand mankind, its job is to give a helping hand and not doltish. In case of this, some people tend to provide sensitive information unknowingly, young minds get exposed to explicit information. Such bots need to put some age limitations. Such innovations keep taking place, but it’s individuals’ responsibility what actions to be allowed to access their online connected device. Unlike the Italian Agency, which has taken some preventive measures to keep their user’s data safe, also looking at the adverse effect of such chatbots on a young mind.

Executive Summary:

Apple has quickly responded to two severe zero-day threats, CVE-2024-44308 and CVE-2024-44309 in iOS, macOS, visionOS, and Safari. These defects, actively used in more focused attacks presumably by state actors, allow for code execution and cross-site scripting (XSS). In a report shared by Google’s Threat Analysis Group, the existing gaps prove that modern attacks are highly developed. Apple’s mitigation comprises memory management, especially state management to strengthen device security. Users are encouraged to update their devices as soon as possible, turn on automatic updates and be careful in the internet space to avoid these new threats.

Introduction

Apple has proved its devotion to the security issue releasing the updates fixing two zero-day bugs actively exploited by hackers. The bugs, with the IDs CVE-2024-44308 and CVE-2024-44309, are dangerous and can lead to code execution and cross-site scripting attacks. The vulnerabilities have been employed in attack and the significance of quick patch release for the safety of the users.

Vulnerabilities in Detail

The discovery of vulnerabilities (CVE-2024-44308, CVE-2024-44309) is credited to Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group (TAG). These vulnerabilities were found in JavaScriptCore and WebKit, integral components of Apple’s web rendering framework. The details of these vulnerabilities are mentioned below:

CVE-2024-44308

• Severity: High (CVSS score: 8.8)
• Description: A flaw in the JavaScriptCore component of WebKit. Malicious web content could cause code to be executed on the target system and make the system vulnerable to the full control of the attacker.
• Technical Finding: This vulnerability involves bad handling of memory in the course of executing JavaScript, allowing the use of injected payloads remotely by the attackers.

CVE-2024-44309

• Severity: Moderate (CVSS score: 6.1)
• Description: A cookie management flaw in WebKit which might result in cross site scripting (XSS). This vulnerability enables the attackers to embed unauthorized scripts into genuine websites and endanger the privacy of users as well as their identities.
• Technical Finding: This issue arises because of wrong handling of cookies at the state level while processing the maliciously crafted web content and provides an unauthorized route to session data.

Affected Systems

These vulnerabilities impact a wide range of Apple devices and software versions:

• iOS 18.1.1 and iPadOS 18.1.1: For devices including iPhone XS and later, iPad Pro (13-inch), and iPad mini 5th generation onwards.
• iOS 17.7.2 and iPadOS 17.7.2: Supports earlier models such as iPad Pro (10.5-inch) and iPad Air 3rd generation.
• macOS Sequoia 15.1.1: Specifically targets systems running macOS Sequoia.
• visionOS 2.1.1: Exclusively for Apple Vision Pro.
• Safari 18.1.1: For Macs running macOS Ventura and Sonoma.

Apple's Mitigation Approach

Apple has implemented the following fixes:

• CVE-2024-44308: Enhanced input validation and robust memory checks to prevent arbitrary code execution.
• CVE-2024-44309: Improved state management to eliminate cookie mismanagement vulnerabilities.

These measures ensure stronger protection against exploitation and bolster the underlying security architecture of affected components.

Broader Implications

The exploitation of these zero-days highlights the evolving nature of threat landscapes:

• Increasing Sophistication: Attackers are refining techniques to target niche vulnerabilities, bypassing traditional defenses.
• Spyware Concerns: These flaws align with the modus operandi of spyware tools, potentially impacting privacy and national security.
• Call for Timely Updates: Users delaying updates inadvertently increase their risk exposure

Technical Recommendations for Users

To mitigate potential risks:

1. Update Devices Promptly: Install the latest patches for iOS, macOS, visionOS, and Safari.
2. Enable Automatic Updates: Ensures timely application of future patches.
3. Restrict WebKit Access: Avoid visiting untrusted websites until updates are installed.
4. Monitor System Behavior: Look for anomalies that could indicate exploitation.

‍

‍

Conclusion

The exploitation of CVE-2024-44308 and CVE-2024-44309 targeting Apple devices highlight the importance of timely software updates to protect users from potential exploitation. The swift action of Apple by providing immediate improved checks, state management and security patches. Users are therefore encouraged to install updates as soon as possible to guard against these zero day flaws.

References:

• https://support.apple.com/en-us/121752
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44308
• https://securityonline.info/cve-2024-44308-and-cve-2024-44309-apple-addresses-zero-day-vulnerabilities/ 

‍

Introduction

A hacking operation has corrupted data on Madhya Pradesh's e-Nagarpalika portal, a vital online platform for paying civic taxes that serves 413 towns and cities in the state. Due to this serious security violation, the portal has been shut down. The incident occurred in December 2023. This affects citizens' access to vital online services like possessions, water, and municipal tax payments, as well as the issuing of obituaries and certain documents offered via online portal. Ransomware which is a type of malware encodes and conceals a victim's files, and data making it inaccessible and unreachable unless the attacker is paid a ransom. When ransomware initially appeared, encryption was the main method of preventing individuals' data from such threats.

The Intrusion and Database Corruption: Exposing the Breach's Scope

The extent of the assault on the e-Nagarpalika portal was revealed by the Principal Secretary of the Urban Administration and Housing Department of Madhya Pradesh, in a startling revelation. Cybercriminals carried out a highly skilled assault that led to the total destruction of the data infrastructure covering all 413 of the towns for which the website was responsible.

This significant breach represents a thorough infiltration into the core of the electronic civic taxation system, not just an arrangement. Because of the attackers' nefarious intent, the data integrity was compromised, raising questions about the safeguarding of private citizen data. The extent of the penetration reaches vital city services, causing a reassessment of the current cybersecurity safeguards in place. 

In addition to raising concerns about the privacy of personal information, the hacked information system casts doubt on the availability of crucial municipal services. Among the vital services affected by this cyberattack are marriage licenses, birth and death documents, and the efficient handling of possessions, water, and municipal taxes.

The weaknesses of electronic systems, which are the foundation of contemporary civic services, are highlighted by this incident. Beyond the attack's immediate interruption, citizens now have to deal with concerns about the security of their information and the availability of essential services. This tragedy is a clear reminder of the urgent need for robust safety safeguards as authorities work hard to control the consequences and begin the process of restoration.

Offline Protections in Place

The concerned authority informed the general population that the offsite data, which has been stored up on recordings every three days, is secure despite the online attack. This preventive action emphasises how crucial offline restores are to lessening the effects of these kinds of cyberattacks. The choice to keep the e-Nagarpalika platform offline until a certain time highlights how serious the matter is and how urgently extensive reconstruction must be done to restore the online services offer

Effect on Civic Services

The e-Nagarpalika website is crucial to providing online municipal services, serving as an invaluable resource for citizens to obtain necessary paperwork and carry out diverse transactions. Civic organisations have been told to function offline while the portal remains unavailable until the infrastructure is fully operational. This interruption prompts worries about possible delays and obstacles citizens face when getting basic amenities during this time.

Examination and Quality Control

Information technology specialists are working diligently to look into the computer virus and recover the website, in coordination with the Madhya Pradesh State Electronic Development Corporation Limited, the state's cyber police, and the Indian Computer Emergency Response Team (CERT-In). Reassuringly for impacted citizens, authorities note that there is currently no proof of data leaks arising from the hack.

Conclusion

The computerised attack on the e-Nagarpalika portal in Madhya Pradesh exposes the weakness of computer networks. It has affected the essential services to public services offered via online portal. The hack, which exposed citizen data and interfered with vital services, emphasises how urgently strong safety precautions are needed. The tragedy is a clear reminder of the need to strengthen technology as authorities investigate and attempt to restore the system. One bright spot is that the offline defenses in place highlight the significance of backup plans in reducing the impact of cyberattacks. The ongoing reconstruction activities demonstrate the commitment to protecting public data and maintaining the confidentiality of essential city operations.

References

• https://government.economictimes.indiatimes.com/tag/cyber+attack
• https://www.techtarget.com/searchsecurity/definition/ransomware#:~:text=Ransomware%20is%20a%20type%20of,accessing%20their%20files%20and%20systems.
• https://www.business-standard.com/india-news/mp-s-e-nagarpalika-portal-suffers-cyber-attack-data-corrupted-officials-123122300519_1.html
• https://www.freepressjournal.in/bhopal/mp-govts-e-nagar-palika-portal-hacked-data-of-over-400-cities-leaked