By Owais Sultan
India Blockchain Week is part of a week-long series of web3-focused events taking place from December 4-10, 2023.…
This is a post from HackRead.com Read the original post: Hashed Emergent Announces India Blockchain Week (IBW) Conference

**India Blockchain Week is part of a week-long series of web3-focused events taking place from December 4-10, 2023.**

Hashed Emergent, a prominent web3 venture fund, is set to host India’s first-ever world-class, multi-chain web3 conference called India Blockchain Week (IBW). The conference, scheduled for December 6-7 in Bangalore, aims to bring together industry leaders and experts to explore the diverse landscape of web3 technology and its impact on India’s burgeoning startup scene.

IBW is part of a week-long series of web3-focused events taking place from December 4-10, 2023. The conference will kick off with a “warm-up” session featuring hackathons, side events, and parties on December 4-5. The main IBW conference will be held on December 6-7, followed by the highly anticipated ETHIndia hackathon.

Last year, the ETHIndia hackathon attracted over 2,000 attendees and saw more than 450 project submissions, making it one of the largest Ethereum hackathons to date. The Sheraton Grand Hotel in Whitefield, a prominent IT and commercial hub in Bangalore, will serve as the main venue for the IBW conference.

IBW will feature a range of engaging sessions, including speaker presentations, panel discussions, fireside chats, and moderated debates. The conference aims to cover a broad spectrum of topics within the blockchain industry, including technical advancements, investment opportunities, adoption and use cases, policy and regulations, and the unique web3 landscape in India. The agenda is designed to foster inclusivity and invite experts from various backgrounds to contribute their insights.

As part of the global media team, MarketAcross, a leading web3 PR and marketing agency, will play a pivotal role in highlighting the event. MarketAcross has worked with prominent companies in the region, such as Polygon and Hashed Emergent, and has previously served as the official media partner for events like Korea Blockchain Week, WebX, Paris Blockchain Week, and IVS Kyoto.

India has emerged as a significant player in the web3 space, experiencing a 100-fold increase in on-chain value flows since 2019, according to Chainalysis’ Geography of Crypto Adoption report.

Despite regulatory challenges, India boasts the largest number of users across both centralized and decentralized web3 finance platforms. The Indian government, historically sceptical of cryptocurrencies, is now aiming to establish globally harmonized regulations through participation in the G20 Summit.

While the list of confirmed speakers has yet to be released, IBW promises to feature prominent global and local leaders from the blockchain industry. Organized by Hashed Emergent, a subsidiary of Hashed, a renowned web3 venture fund from South Korea, IBW builds on the success of the Korea Blockchain Week series of events co-hosted by Factblock.

“We are thrilled to bring India its first world-class, multi-chain web3 conference, giving the country the attention it rightfully deserves,” stated Tak Lee, Managing Partner of Hashed Emergent. “Bangalore is a powerhouse of startups, and Indian web3 startups have made significant contributions to the industry, with successful protocols and products. We believe that IBW will become a dynamic and diverse gathering place for the crypto industry.”

With the launch of India Blockchain Week, India’s web3 ecosystem is poised to thrive further, leveraging the conference’s platform to showcase innovation, foster collaboration, and shape the future of the blockchain industry in the country.

1.  We Need Smarter Smart Contracts To Prevent DeFi Hacks
2.  How Decentralized Apps Shaping the Future of the Internet
3.  Trust Wallet Launches Browser Extension Wallet for Desktop
4.  AllianceBlock Debuts Trustless ID Verification Service For Dapps
5.  Yield Monitor Integrates The DeFiChain Blockchain Into Its Database

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Hashed Emergent Announces India Blockchain Week (IBW) Conference

By Owais Sultan
Nexo, the leading digital assets institution, announced a major milestone today as it successfully completed an independent Type…
This is a post from HackRead.com Read the original post: Nexo Achieves Type 2 SOC 2 Audit, Reinforces Data Security Compliance

Nexo, the leading digital assets institution, announced a major milestone today as it successfully completed an independent Type 2 SOC 2 audit. The achievement showcases Nexo’s dedication to providing exceptional client data security and solidifies its position as the preferred platform for its rapidly expanding global clientele.

The comprehensive SOC 2 audit was conducted by A-LIGN, a trusted technology-enabled security and compliance partner that assists over 2,500 organizations worldwide in mitigating cybersecurity risks. The thorough examination involved an extensive assessment of Nexo’s processes, ensuring that the company’s infrastructure, software, personnel, data, policies, procedures, and operations align with the most stringent global data privacy and protection laws.

The SOC 2 examination, established by the American Institute of Certified Public Accountants (AICPA), is internationally recognized as a gold standard compliance indicator within the financial services industry.

Antoni Trenchev, Co-Founder and Managing Partner of Nexo emphasized the company’s unwavering commitment to earning and maintaining the trust of its clients through tangible actions.

“We believe that trust isn’t simply claimed; it must be demonstrated over time and verified by impartial third parties. Security cannot be an empty promise; it must be substantiated. For over five years, as we navigate the digital frontier, we have a fiduciary duty to safeguard our client’s data and assets on our platform. There is no room for complacency when it comes to protecting the interests of those who place their trust in our hands,” stated Trenchev.

Nexo has consistently prioritized security and transparency since its establishment in 2018. This commitment influences every decision the company makes and influences the range of services it provides. From strategic partnerships with leading custody authorities to being the pioneer of real-time attestations in 2021, Nexo remains steadfast in its mission to deliver compliant and secure innovation.

Nexo’s security infrastructure adheres to the same rigorous standards as traditional financial institutions and encompasses cutting-edge identity verification technology, 256-bit SSL encryption, and compliance with CCSS Level 3 and ISO/IEC 27001 standards, among a comprehensive suite of security features. By achieving the latest SOC 2 certification, Nexo not only maintains these high standards but also stays ahead of evolving threats.

Scott Price, CEO of A-LIGN, commended Nexo’s achievement, recognizing its dedication to meeting the security and privacy requirements of its clients. Price highlighted the importance of combining automation software and experience to streamline the audit process and produce efficient, high-quality reports. A-LIGN has earned numerous accolades from the prestigious Global InfoSec Awards, further validating its expertise in the cybersecurity field.

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Nexo Achieves Type 2 SOC 2 Audit, Reinforces Data Security Compliance

By Deeba Ahmed
The vulnerability has a CVSS score of 9.8 out of 10, is a critical security bug that affects Fortinet appliances and has been actively exploited in the wild. 
This is a post from HackRead.com Read the original post: Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk

With a staggering count of 490,000 SSL VPN interfaces vulnerable and readily accessible on the internet, the urgency becomes apparent.

There has never been a dearth of security flaws in Fortinet products, which is why cybercriminals consider them lucrative attack vectors.

The latest discovery adds to the woes of Fortinet users because Bishop Fox security researchers report that out of the total 490,000 public internet-exposed Fortinet FortiOS and FortiProxy SSL-VPNs interfaces scanned by Shodan, 69% are vulnerable to a dangerous RCE (remote code execution) vulnerability (CVE-2023-27997).

This means that around 330,000 Fortinet FortiGate firewalls are unpatched and vulnerable to this flaw.

**The Discovery of the Flaw**

Bishop Fox researchers found out that only 153,414 of the appliances have been patched with the FortinetOS version. That’s not all. Researchers also discovered that most publicly accessible Fortinet appliances hadn’t been patched in the last eight years and are running FortiOS versions 5 and 6.

If only 153,414 devices on the internet are patched, that leaves 335,923 – 489,337 – 69 unpatched. This is certainly concerning, researchers wrote in their report published on June 30, 2023.

BishopFox Exploit: Remote code execution via CVE-2023-27997

The Capability Development team at Bishop Fox made the discovery after creating an exploit for CVE-2023-27997 and continuing to test Cosmos customers. The exploit easily smashed the heap, connected to the attacker’s C2 server, downloaded a BusyBox binary, and opened an interactive shell.

**What is CVE-2023-27997**

For your information, CVE-2023-27997, which has a CVSS score of 9.8 out of 10, is a critical security bug that affects Fortinet appliances and has been actively exploited in the wild. This flaw was discovered by researchers Charles Fol and Dan Bach from security firm Lexfo, who tweeted about it on June 11th.

The issue allows attackers to execute arbitrary code or commands through custom-designed requests. Essentially, it is a heap overflow flaw that primarily targets the Secure Sockets Layer Virtual Private Networks of Fortinet products.

**Fortinet’s Response**

Fortinet addressed this critical flaw on June 12th by releasing patches for the FortiOS firmware versions 7.0.12, 7.2.5, 6.4.13, and 6.2.15. The company also admitted that this vulnerability may have been exploited in the wild in a limited number of cases in targeted attacks against critical infrastructure, government, and manufacturing sectors.

“You should patch yours now,” wrote report author and Capability Development team’s director, Caleb Gross.

**RELATED ARTICLES**

1.  Hackers leak login credentials of vulnerable Fortinet SSL VPNs
2.  Chinese Hackers Exploiting 0-day Vulnerability in Fortinet Products
3.  Hackers dump login credentials of Fortinet VPN users in plain-text
4.  Hackers exploiting critical vulnerabilities in Fortinet VPN – FBI-CISA

Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk

By Waqas
Investigations are still ongoing, and concrete evidence regarding the extent and nature of the Nickelodeon data leak is yet to be confirmed.
This is a post from HackRead.com Read the original post: Potential 500GB Nickelodeon Data Leak: Unreleased Shows and Scripts at Risk

**According to @GhostyTongue, a Twitter account sharing exclusive information about the alleged Nickelodeon data leak, two individuals apparently involved in the leak have reportedly faced action from law enforcement.**

Nickelodeon is adored by millions across the globe but lately, rumors circulating on the internet suggest that the renowned children’s entertainment network has fallen victim to a significant data breach or leak.

According to several internet forums and tweets, approximately 500GB of data, including unreleased television shows, scripts, and other materials, have been compromised.

Reportedly, Nickelodeon’s legal team has taken swift action, aggressively pursuing Digital Millennium Copyright Act (DMCA) takedowns. Merely mentioning the contents of the leak has resulted in severe consequences for the individuals involved.

Allegedly, the leaked data is said to have originated from Nickelodeon’s “consumer products and experience” portal. An authentication issue within the system allowed unauthorized users to gain access to the Nickelodeon animation department’s sensitive content.

Although the leak was initially observed in January 2023 on Discord, Nickelodeon has since addressed the vulnerability and patched the portal.

On June 29th, a Twitter user with the handle @GhostyTongue disclosed details about the alleged leak in Nickelodeon’s animation department. According to @GhostyTongue, two individuals involved in the leak, known by their Discord usernames as “BowDown” and “IncidentalSeventy,” have reportedly faced action from either law enforcement or Nickelodeon itself.

Adding to the claims, @GhostyTongue stated on July 2nd that a private Discord server had recently circulated a URL to download an entirely new leak. This time, it allegedly contained the source code for all Nickelodeon Flash Games.

Nickelodeon flash games and video content as shared by @GhostyTongue

In a separate development, a user on 4chan claimed to possess insider information regarding the breach. The user asserted that Nickelodeon’s internal database had been compromised for over a year, potentially impacting all current productions.

According to their account, numerous private communities have been sharing portions of the leaked files, with trusted members having access to more extensive leaks containing assets such as PSDs, scripts, and animation files.

The user estimated that the breached data amounts to over 500GB and includes thousands of files from various shows, including high-profile series like SpongeBob.

It is also worth noting that the claims of 4chan user match with the list of leaked content shared by @GhostyTongue on their Twitter account:

Hackread.com has also seen a list of Nickelodeon’s animation pitch bibles that have been making rounds on the Internet. However, we will refrain from sharing screenshots or downloadable links due to legal reasons.

Some among many of the leaked animation pitch bibles (Screenshot credit: Hackread.com)

It is crucial to note that the authenticity of these claims and the nature of the data leak remain unverified. Furthermore, the origins of the incident are still uncertain, leaving open the question of whether it was an internal security lapse or an external cyberattack. Hackread.com has undertaken an investigation to shed light on these matters.

**The Déjà vu of the HBO Breach**

The recent rumors surrounding a potential data breach at Nickelodeon bring to mind the notorious HBO data breach that occurred in 2017. During that incident, hackers infiltrated HBO’s systems and leaked unreleased episodes of the popular series Game of Thrones, along with other sensitive data.

The HBO hacking saga lasted for several months, causing significant distress for the network and its viewers. It wasn’t until later that an Iranian citizen named Behzad Mesri emerged as the alleged perpetrator behind the HBO hack. Mesri was subsequently charged and indicted for his involvement in the cyberattack. To this day, he remains wanted by the FBI.

While drawing parallels between the Nickelodeon rumors and the HBO data breach is natural given the nature of the alleged incidents, it is essential to treat the current situation as a separate and distinct event. Investigations are still ongoing, and concrete evidence regarding the extent and nature of the Nickelodeon data leak is yet to be confirmed.

As more information becomes available, Hackread.com will continue to provide updates on the alleged Nickelodeon data breach, clarifying the extent of the incident and its implications for the entertainment industry giant.

**RELATED CONTENT**

1.  OurMine hackers hack Marvel and Netflix Twitter accounts
2.  Best legal, free online streaming sites for movies, TV shows
3.  Hackers Leak First 8 Episodes of Steve Harvey’s “Funderdome”

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Potential 500GB Nickelodeon Data Leak: Unreleased Shows and Scripts at Risk

By Deeba Ahmed
The researchers believe that the SmugX attack is an extension of a previously discovered campaign linked to Mustang Panda.
This is a post from HackRead.com Read the original post: SmugX: Chinese Hackers Targeting Embassies in Europe

**The attack method of the SmugX campaign includes attackers using HTML smuggling to target victims.**

Check Point Research’s (CPR) cyber threat intelligence researchers have discovered a disturbing attack trend. According to CPR’s report published on July 3, 2023, Chinese threat actors have become increasingly interested in targeting European governments, embassies, and foreign local policy-making entities. Eastern Europe is among their preferred targets, with prime targets being Slovakia, the Czech Republic, and Hungary.

This newly discovered campaign is dubbed SmugX. Researchers claim that this campaign has been active since December 2022, but they believe that it is an extension of a previously discovered campaign linked to Mustang Panda and RedDelta. Interestingly, both groups are Chinese.

As far as the attack method is concerned, research revealed that in SmugX, attackers are using HTML smuggling to target European embassies. In this method, the modular PlugX malware implant is smuggled (hidden) inside HTML documents.

Hackers use this technique to trick web security systems and evade antivirus mechanisms or security defences. HTML smuggling exploits HTML features to conceal malicious data documents from automated content filters, including them as JavaScript blobs that reassemble on the targeted device.

It is worth noting that PluxX is a commonly used tool for HTML smuggling. Multiple Chinese threat actors have used this malware previously, such as the group that targeted the Vatican in 2020 or the one that targeted the Indonesian Intelligence Service in 2021. The malware was also used to target users in Mongolia, Ghana, Papua New Guinea, Nigeria, and Zimbabwe in a USB drive-based campaign.

CPR researchers agree that SmugX’s primary objective is to obtain sensitive data on the foreign policies of the targeted countries. This analysis is based on the lure samples posted to the malware repository on VirusTotal. The filenames of these samples were self-explanatory.

Researchers wrote that the names strongly suggested that the attackers wanted to target diplomats and government entities, whereas the content contained mainly diplomatic-related content related to China. The attack utilizes several .docx and .pdf files containing diplomatic content.

CPR researchers obtained a letter from the Serbian embassy in Budapest, a document revealing the Swedish Presidency of the Council of the European Union’s priorities, and an invitation from the Hungarian foreign ministry for a diplomatic conference.

The researchers also discovered an article about the two Chinese human rights lawyers who had received a ten-year sentence. Here are the titles of these documents:

*   202305 Indicative Planning RELEX
*   Draft Prague Process Action Plan\_SOM\_EN
*   2262\_3\_PrepCom\_Proposal\_next\_meeting\_26\_April
*   Comments FRANCE – EU-CELAC Summit – 4th May
*   China jails two human rights lawyers for Subversion

One of the phishing documents (left) – Targeted countries (right)

“While none of the techniques observed in this campaign is new or unique, the combination of the different tactics, and the variety of infection chains resulting in low detection rates, enabled the threat actors to stay under the radar for quite a while,” CPR researchers noted.

CPR is still investigating and monitoring SmugX activities and will share new details soon. Please continue to visit this platform for the latest updates on SmugX.

**RELATED ARTICLES**

1.  Killnet Hits European Parliament Website with DDoS Attack
2.  Research sector hit in new phishing attack using Google Drive
3.  Fake WHO Emails on COVID-19 Drop Nerbian RAT Across Europe
4.  European Spyware Vendor Offering Android & iOS Device Exploits
5.  Zimbra email platform flaw exploited to steal European govt emails

SmugX: Chinese Hackers Targeting Embassies in Europe

By Owais Sultan
Sweat Hero becomes the first ever NFT game within a move-to-earn platform. 
This is a post from HackRead.com Read the original post: M2E Platform Sweat Economy Launches Flagship NFT Game: Sweat Hero

**Unlike a traditional blockchain NFT game that adopts a pay-to-play model, Sweat Hero provides a free-to-play platform, opening the channel for millions of people to engage with and own free NFTs.**

One of the leading Web 3 fitness apps, Sweat Economy, announced the launch of Sweat Hero, an NFT-powered game that aims to enhance fitness and revolutionize the move-to-earn industry. Announced Wednesday, Sweat Hero brings a first-of-its-kind game to M2E platforms, allowing users to gamify their fitness while having fun on the game. 

Oleg Fomenko, Co-founder of Sweat Economy, spoke highly of the latest development in Sweat’s ecosystem, terming it “a true innovation in the NFT and M2E gaming space”. The game is built within the Sweat Wallet app, boasting the first M2E game created based on sustainable tokenomics. The free-to-play, play-to-earn game revolutionizes gaming by removing any initial costs, allowing any user to start earning $SWEAT tokens. 

“We’re leaving behind the times of scarcity in the NFT space and breaking the old standard of ‘pay to play’ in the M2E gaming space,” Oleg Fomenko said. “With Sweat Hero, millions of people can engage with free NFTs, and the more players we have, the more $SWEAT goes into the token sink, making token economics sustainable.”

**Sweat Hero’s Free Play-to-Earn model **

Unlike the traditional blockchain games that adopt a pay-to-play model, Sweat Hero provides a free-to-play platform, opening the channel for millions of people to engage with and own free NFTs. The platform offers every Sweat Wallet user a free “Legs NFT” to start the game and a free $SWEAT token for completing the tutorial. 

The players can then exchange their $SWEAT token for 1,000 Battle Coins, the minimum wager required to battle in the game. These NFTs are dynamic and will evolve based on users’ gameplay progression, physical activities, and engagement within the Sweat Wallet app.

Once they have won several battles, they can exchange their Battle Coins for $SWEAT tokens at a rate of 10 $SWEAT per 10,000 Battle Coins, the smallest amount that can be converted at a time.  Moreover, these NFTs can be used as digital collectables, which adds to their value and the overall engagement and excitement of the players.  

However, the main aim of the game is to boost fitness levels among the players. It encourages physical activity by rewarding the user with more ‘NFT power’ the more they walk. The launch of Sweat Hero aligns with Sweat Economy’s goal of enhancing global health by making players more physically active. 

**A Growing Sweat Ecosystem**

According to the team statement, Sweat Hero’s goal is to provide a unique NFT gaming platform that motivates players to walk more and drive engagement through the function to battle with friends. As the gamification of fitness grows, Sweat Hero is expected to enhance the adoption rates of Sweat Wallet, introducing more people to earning through their daily fitness routines. 

“We’re excited about the future of Sweat Hero and the positive impact it will have on our ecosystem and $SWEAT token,” said Fomenko. “We’re not just creating a game; we’re creating a community and a sustainable model for the M2E gaming space.”

In the coming months, Sweat Economy aims to enrich its NFT game by introducing even Arenas that players can level up into to secure a higher earning potential. Additionally, the team will launch the dynamic NFT evolvement framework in the latter stages of the year. This framework will be based on users’  gameplay progression, daily physical activities, and engagement within the Sweat Wallet app.

The latest development follows the recent appointment of Sweat Economy’s Chief Walking Officer (CWO), a position created for a normal Sweat user, paying $24,000 annually for walking 5,000 steps daily. 

**RELATED ARTICLES**

1.  What is Blockchain Gaming & its Play-to-Earn Model?
2.  What Makes Bitcoin NFTs Different from Other NFTs?
3.  Ankr Launches Chainscanner Blockchain Explorer Tool
4.  We Need Smarter Smart Contracts To Avert DeFi Hacks
5.  Web3 Needs More Than IPFS for Decentralized Infrastructure

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

M2E Platform Sweat Economy Launches Flagship NFT Game: Sweat Hero

By Waqas
Anonymous Sudan group took to Telegram to claim that it had stolen 30 million accounts belonging to Microsoft customers.
This is a post from HackRead.com Read the original post: Microsoft rubbishes Anonymous Sudan’s claim of Stealing 30M accounts

**Anonymous Sudan, which Microsoft tracks as Storm-1359, is offering the full database of Microsoft customer accounts for $50,000.**

Microsoft has hit back at the hacktivists claiming to have infiltrated the tech giant’s servers and stolen the credentials of 30 million customer accounts. Reportedly, the Russian Killnet\-affiliated hacktivist group, Anonymous Sudan, recently boasted about breaching Microsoft’s security and accessing millions of accounts belonging to its customers. The hacktivists posted details of the security breach on their Telegram channel, which read:

“We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, emails, and passwords … We will begin selling this database, so if you’re interested, contact us at our bot to negotiate.”

Anonymous Sudan on Telegram (Image source: Hackread.com)

The gang, which Microsoft tracks as Storm-1359, is offering the full database of Microsoft customer accounts for $50,000. The hacktivists also provided 100 email password combinations as a small sample to prove their claims. However, in its statement, Microsoft denied these claims.

“At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data. We have seen no evidence that our customer data has been accessed or compromised.”

Previously, Anonymous Sudan has been involved in DDoS attacks targeting Western organizations. In February 2023, the group targeted Swedish organizations with a series of DDoS attacks in response to a Quran-burning incident in Stockholm.

However, cybersecurity experts claim that the attack was actually a false-flag campaign by Russia to encourage hatred between Sweden and Muslim countries. More recently, Anonymous Sudan disrupted the official website of SAS (Scandinavian Airlines) website and took down the Microsoft 365 software suite, including Outlook and Teams.

The gang has previously attacked Microsoft as well. In a statement released in mid-June, Microsoft confirmed that Anonymous Sudan had launched Layer 7 DDoS attacks against the software vendor. The attack was detected in early June 2023 when the company noticed an unusual rise in traffic against some of its services.

As a result, the services became temporarily unavailable. Microsoft noted that the hacktivists had accessed botnets and tools to launch DDoS attacks from cloud services and open proxy infrastructures.

This is a developing story. At the moment, there is no clarity on whether Anonymous Sudan breached Microsoft’s security since the data sample it has provided is yet to be verified. We will keep updating our readers with the latest on this incident.

1.  Russian Killnet Hackers Claim Data Theft of FBI Agents
2.  Killnet Hits European Parliament Website with DDoS Attack
3.  Yandex Source Code Online Leaked, Company Denies Hack
4.  Microsoft Discloses DDoS Attack Impact with Limited Details
5.  Twitter Denies Any Hack Attack in 200M Account Leak Scare

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Microsoft rubbishes Anonymous Sudan’s claim of Stealing 30M accounts

By Waqas
The feature that allows users to browse with the Bing browser is only available for paid ChatGPT users.
This is a post from HackRead.com Read the original post: ChatGPT’s Bing Browsing Feature Disabled for Paywall Article Access

**The feature was disabled by OpenAI, the creator of ChatGPT, on July 3rd, and it will remain suspended until the company fixes this issue in order to do right by content owners.**

ChatGPT has been involved in several legal battles, and the last thing its creators want is to open another front. The AI chatbot is undoubtfully a gift for internet users in recent times, and gaining the ability to add plugins to the AI-powered chatbot is the cherry on top.

The plugins that helped users connect ChatGPT to the internet were the most sought-after ones. One such plugin was the Browsing model, also known as Browse with Bing, which used the Bing search API to enable internet access.

This Beta feature was available for ChatGPT Plus subscribers and integrated the search engine into the conversation, allowing the user to access information from the web. When it was rolled out, the feature tremendously enhanced ChatGPT’s utility by making it possible to merge the internet and the AI chatbot.

However, this much-talked-about feature has now been disabled by OpenAI, the creator of ChatGPT, because it allowed users to access paywalled articles. Reportedly, the paywalled content was accessible through the “Print the Content of this Article” prompt by pasting the article’s URL after it. ChatGPT would then display the content of the article. For example, if a user asked for the full text of a specific URL, it fulfilled this request.

One of ChatGPT’s users shared this screenshot on Twitter. (Credit: @wunderwuzzi23)

The company stated that this feature inadvertently displayed content it wasn’t meant to show, violating the terms and services of most subscription-based online publications. Therefore, OpenAI disabled this feature on July 3rd, and it will remain suspended until the company fixes this issue in order to do right by content owners. ChatGPT won’t display information beyond September 2021, its training data cutoff date.

The company asserts that the feature will be back soon. However, until this happens, the unexpected disabling has disappointed ChatGPT users as they are in disbelief that this glitch was detected at the beta stage when it should have been fixed in the Alpha stages. According to reports, users who had paid for the Chat with Bing feature are asking for refunds as the service is not available anymore.

However, OpenAI has confirmed that the feature has been temporarily disabled, and their team is diligently working on reintroducing it after ensuring that it complies with the performance and content accuracy.

Nevertheless, there is confusion as OpenAI hasn’t disclosed when the feature will be available. We will update our readers as soon as there is any new development in this story.

**RELATED ARTICLES**

1.  100,000 Hacked ChatGPT Accounts Discovered on Dark Web
2.  ChatGPT’s False Information Generation Enables Code Malware
3.  ChatGPT tricked into generating Windows 10 and Windows 11 keys
4.  ChatGPT Improves Healthcare, But Industry Needs Secure Database
5.  OpenAI Launches ChatGPT Bug Bounty Program – Earn $200 to $20k

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

ChatGPT’s Bing Browsing Feature Disabled for Paywall Article Access

By Waqas
The arrests took place in Singapore over complaints from unsuspecting victims.
This is a post from HackRead.com Read the original post: Teen among suspects arrested in Android banking malware scheme

Singapore authorities have conducted a successful operation, resulting in the arrest of 13 individuals suspected of involvement in banking-related malware scams. Among those apprehended were a 16-year-old teenager and a group of 10 men and two women aged between 19 and 35.

Preliminary findings suggest that seven men, two women aged 19 to 27, and a 16-year-old facilitated the scam by providing their bank accounts, Internet banking credentials, and Singpass credentials to perpetrators for monetary gain. Three other men aged 20 and 35 are believed to have withdrawn funds from the accounts of some of the “money mules” and handed the money over to unknown individuals.

The number of victims is yet unknown. For your information, Singpass, which stands for Singapore Personal Access, is a digital identity that enables all Singapore citizens and residents to conveniently access businesses and government agencies and businesses.

Suspects and seized sim cards (Screenshot: SPF)

**Modus Operandi and Scam Techniques**

In a press release, the Singapore Police Force (SPF) revealed that since January 2023, they have received a rising number of reports involving malware used to compromise Android mobile devices, leading to unauthorized transactions from victims’ bank accounts. Remarkably, victims did not share their Internet banking credentials, One-Time Passwords (OTPs), or Singpass credentials with anyone.

The scam unfolded when victims responded to various advertisements on social media platforms for services such as cleaning, pet grooming, and the sale of food items like seafood and groceries. Subsequently, scammers instructed victims to download an Android Package Kit (APK) from unofficial app-store platforms to facilitate their purchases. However, these APKs contained malware that infected the victims’ mobile devices.

Once infected, scammers contacted victims via phone calls or text messages and convinced them to enable accessibility services on their Android phones. Enabling these services weakened the phones’ security and granted full control to the scammers. Keystrokes were logged, banking credentials were stolen, and scammers remotely accessed banking apps to add “money mules” as payees, increase payment limits, and transfer funds to them.

The scammers also deleted text messages and email notifications related to the fraudulent transfers to cover their tracks.

The act of benefiting from criminal conduct carries severe penalties under Section 54(5)(a) of the Corruption, Drug Trafficking, and Other Serious Crimes (Confiscation of Benefits) Act 1992. Offenders face imprisonment of up to 10 years, a fine of up to S$500,000, or both.

1.  Teen Charged in DraftKings Data Breach
2.  UK Teen Arrested Amid Uber and GTA 6 Hacking Saga
3.  Dark Web Hitman Paid with BTC to Murder Teen Victim
4.  Teen “Hackers” on Discord Selling Malware for Quick Cash
5.  Teen arrested for 8 DDoS attacks that disrupted school’s classes
6.  Data breach: SingHealth users affected including Singapore’s PM

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Teen among suspects arrested in Android banking malware scheme

By Habiba Rashid
Another day, another lawsuit against the developers of the groundbreaking AI chatbot ChatGPT.
This is a post from HackRead.com Read the original post: Authors Sue OpenAI: ChatGPT’s Training Methods Challenged in Lawsuit

**The lawsuit, brought forth by science fiction and horror author Paul Tremblay and novelist Mona Awad, accuses OpenAI of training ChatGPT on copyrighted books without obtaining proper consent, credit, or compensation from the authors.**

OpenAI, the prominent artificial intelligence (AI) company behind the popular ChatGPT chatbot, is facing yet another legal challenge. A class action lawsuit was filed against OpenAI in federal court on Wednesday, alleging copyright infringement and privacy violations related to the company’s training methods and data usage.

The lawsuit (PDF) doesn’t come as a surprise considering that ChatGPT is a relatively new chatbot, and may take some time for trainers to address copyright violation issues. It’s worth noting that these problems aren’t limited to ChatGPT alone; other AI systems like Microsoft’s Bing AI and Google’s BARD AI have also faced similar violations. For instance, just a couple of weeks ago, users managed to trick ChatGPT, Bing AI, and BARD AI into generating activation keys for Windows 10 and Windows 11.

The lawsuit, brought forth by science fiction and horror author Paul Tremblay and novelist Mona Awad, accuses OpenAI of training ChatGPT on copyrighted books without obtaining proper consent, credit, or compensation from the authors. The authors claim that since ChatGPT is capable of providing accurate summaries of their works, it indicates that their books were copied and incorporated into OpenAI’s language model without permission.

The complaint points to a 2020 OpenAI paper that mentions the use of “two internet-based book corpora” for training ChatGPT, suggesting that one of these datasets, consisting of over 290,000 titles, may have originated from “shadow libraries” like Library Genesis and Sci-Hub. These shadow libraries are known for illegally publishing copyrighted works using torrent systems. The authors argue that OpenAI’s utilization of these datasets infringes copyright law and further allege that ChatGPT removes copyright notices from the books, violating the Digital Millennium Copyright Act.

The lawsuit, according to Bloomberg Law, also argues that OpenAI has integrated social media apps such as Spotify, Snapchat, Stripe, Slack, and Microsoft Teams with its systems to collect personal user data including images, locations, music tastes, financial details, and private communications. Gathering such data is a violation of the terms of service these platforms offer the lawsuit claims.

OpenAI has also been separately sued in a sweeping class action lawsuit, accusing the company of unlawfully collecting personal information from the internet through its AI models, including ChatGPT and the text-to-image generator DALL-E. The lawsuit asserts that such data scraping violates various state and federal privacy laws. This legal battle highlights the growing concerns surrounding AI technology and the need for regulations to address potential privacy breaches.

These lawsuits could have far-reaching consequences for OpenAI and the AI industry as a whole. The outcomes may set important precedents regarding AI, copyright infringement, and privacy, influencing future regulatory frameworks. If the court rules in favour of the plaintiffs, OpenAI may face substantial financial penalties, potentially impacting its financial stability and fundraising efforts. Additionally, the lawsuits could tarnish the company’s reputation, leading to increased scrutiny from regulators and the need for further transparency.

The implications extend beyond OpenAI, as companies utilizing ChatGPT or other OpenAI products may reconsider their partnerships to safeguard their reputations and protect user privacy. Moreover, if the courts determine that using copyrighted material for training AI models constitutes infringement, OpenAI and other companies may need to reconsider their data acquisition practices.

As these legal battles unfold, industry observers must monitor the progress of these lawsuits. The outcomes may result in new laws and policies, reshape AI development practices, and require companies to adapt their offerings to align with evolving legal and privacy standards.

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.