Eduard Kovacs
Eduard Kovacs is a cybersecurity journalist and researcher who covers topics such as AI, IoT, cloud security, data breaches and vulnerabilities. He has been writing for SecurityWeek since March 2024. He holds a master's degree in computer science from the University of Bucharest and a bachelor's degree in mathematics from the same institution. He also completed several online courses on cybersecurity, artificial intelligence and programming languages. Kovacs has more than 10 years of experience as an IT consultant, software developer and project manager. He is fluent in English, Romanian and French. He lives in Paris with his wife and two children.
88%
The Daily's Verdict
This author has a mixed reputation for journalistic standards. It is advisable to fact-check, scrutinize for bias, and check for conflicts of interest before relying on the author's reporting.
Bias
80%
Examples:
- ChatGPT plugins enable users to access up-to-date information and integrate ChatGPT with third-party services.
- The security flaw in AskTheCode plugin developed by PluginLab.AI could have allowed an attacker to take control of the victim's GitHub account and gain access to their code repositories through a zero-click exploit.
Conflicts of Interest
100%
Examples:
- Russian hackers caught exploiting Roundcube Webmail zero-day
- The article uses the term 'Russian hackers' which could be seen as a political bias.
Contradictions
85%
Examples:
- An attacker who tricked a victim into clicking on a specially crafted link could install a malicious plugin with their own credentials on the victim's account, and the victim would not need to confirm the installation.
- The first sentence of the article claims that ChatGPT plugins are the primary means of adding functionality and features to LLM when OpenAI has announced that paying customers would be able to create their own GPTs for specific topics or tasks. This statement is false.
Deceptions
85%
Examples:
- . Boat Dealer MarineMax Hit by Cyberattack.
- . Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities.
- . CISA's OT Attack Response Team Understaffed: GAO
- . Google Paid Out $10 Million via Bug Bounty Programs in 2023.
- . ICS Patch Tuesday: Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities.
- . Major CPU, Software Vendors Impacted by New GhostRace Attack.
- . Microsoft's AI-Powered Copilot for Security Set for Worldwide Release.
- . Nissan Data Breach Affects 100,000 Individuals.
- . White House Budget Proposal Seeks Cybersecurity Funding Boost.
- . Zscaler Acquires Avalor for $350 Million.
Recent Articles
LogoFAIL: UEFI Firmware Vulnerabilities Expose Millions of Devices to Risk
Broke On: Monday, 04 December 2023LogoFAIL is a set of vulnerabilities discovered in the UEFI firmware that affects both x86 and ARM-based systems. The vulnerabilities can compromise the security of millions of devices by allowing attackers to execute arbitrary payloads and bypass critical security features. The vulnerabilities were found in firmware from Insyde, AMI, and Phoenix, with over half assigned a high severity rating. The impacted firmware is shipped with devices from companies such as Acer, Dell, HP, Lenovo, and Samsung, potentially exposing millions of devices worldwide. Mitigation steps include regularly updating firmware, staying informed about security advisories from device manufacturers, employing security solutions that monitor firmware integrity, conducting regular security audits, and following cybersecurity best practices. SysAid Software Vulnerability Exploited by Ransomware Operation
Broke On: Thursday, 09 November 2023SysAid IT service management software users have been alerted about a zero-day vulnerability, tracked as CVE-2023-47246, exploited by affiliates of a ransomware operation. The flaw is a path traversal issue that leads to arbitrary code execution, potentially allowing unauthorized access and control over the affected system. The threat actor exploiting this vulnerability is known as Lace Tempest, an affiliate known for deploying Cl0p ransomware. The vulnerability was confirmed by cybersecurity firm Profero, which discovered that the attacker could upload a WebShell and other payloads into the webroot of the SysAid Tomcat web service. SysAid has since released version 23.3 to address the vulnerability. Pro-Russian Hackers Exploit Zero-Day Vulnerability in Roundcube Webmail
Broke On: Sunday, 15 October 2023A group of pro-Russian hackers, known as Winter Vivern, exploited a zero-day vulnerability in the Roundcube webmail application. The exploit targeted European government email servers, bypassing security measures to gain unauthorized access. Roundcube has released a patch to fix the vulnerability and urged all users to update their software.