Dec 7 2023
Google Updating Cryptocurrency Advertising Policy For 2024 via @sejournal, @martinibuster

Google published an announcement of upcoming changes to their cryptocurrency advertising policies and advises advertisers to make themselves aware of the changes and prepare to be in compliance with the new requirements.

The upcoming updates are to Google’s Cryptocurrencies and related products policy for the advertisement of Cryptocurrency Coin Trusts. The changes are set to take effect on January 29th, 2024.

Cryptocurrency Coin Trusts are financial products that enable investors to trade shares in trusts holding substantial amounts of digital currency. These trusts provide investors with equity in cryptocurrencies without having direct ownership. They are also an option for creating a more diversified portfolio.

The policy updates by Google that are coming in 2024 aim to describe the scope and requirements for the advertisement of Cryptocurrency Coin Trusts. Advertisers targeting the United States will be able to promote these products and services as long as they abide by specific policies outlined in the updated requirements and that they also obtain certification from Google.

The updated policy changes are not limited to the United States. They will apply globally to all accounts advertising Cryptocurrency Coin Trusts.

Google’s announcement also reminded advertisers of their obligation for compliance to local laws in the areas where the ads are targeted.

Google’s approach for violations of the new policy will be to first give a warning before imposing an account suspension.

Advertisers that fail to comply with the updated policy will receive a warning at least seven days before a potential account suspension. This time period provides advertisers with an opportunity to fix non-compliance issues and to get back into compliance with the revised guidelines.

Advertisers are encouraged to refer to Google’s documentation on “About restricted financial products certification.”

The deadline for the change in policy is January 29th, 2024. Cryptocurrency Coin Trusts advertisers will need to pay close attention to the updated policies in order to ensure compliance.

Read Google’s announcement:

Updates to Cryptocurrencies and related products policy (December 2023)

Ecommerce MGMT 0 Comments
Dec 6 2023
WordPress Releases Version 6.4.2 For Critical Vulnerability via @sejournal, @martinibuster

WordPress has released version 6.4.2 that contains a patch for a critical severity vulnerability that could allow attackers to execute PHP code on the site and potentially lead to a full site takeover.

The vulnerability was traced back to a feature introduced in WordPress 6.4 that was meant to improve HTML parsing in the block editor.

The issue is not present in earlier versions of WordPress and it only affects versions 6.4 and 6.4.1.

An official WordPress announcement describes the vulnerability:

“A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs.”

According to an advisory published by Wordfence:

“Since an attacker able to exploit an Object Injection vulnerability would have full control over the on_destroy and bookmark_name properties, they can use this to execute arbitrary code on the site to easily gain full control.

While WordPress Core currently does not have any known object injection vulnerabilities, they are rampant in other plugins and themes. The presence of an easy-to-exploit POP chain in WordPress core substantially increases the danger level of any Object Injection vulnerability.”

Object Injection Vulnerability

Wordfence advises that Object Injection vulnerabilities are not easy to exploit. Nonetheless they are recommending that users of WordPress update the latest versions.

WordPress itself advises that users update their sites immediately.

Read the official WordPress announcement:

WordPress 6.4.2 Maintenance & Security Release

Read the Wordfence advisory:

PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2

Featured Image by Shutterstock/Nikulina Tatiana

Ecommerce MGMT 0 Comments
Dec 6 2023
Elementor WordPress Plugin Vulnerability via @sejournal, @martinibuster

High severity vulnerability was discovered in the Elementor website builder plugin that could allow an attacker to upload files to the website server and execute them. The vulnerability is in the template uploader functionality.

Elementor Unrestricted Upload of File with Dangerous Type Vulnerability

Elementor website builder is a popular WordPress plugin with over 5 million installations. The popularity is driven by its simple to use drag and drop functionality for creating professional looking websites.

The vulnerability discovered in Elementor is rated 8.8/10 and is said to make websites using Elementor open to a Remote Code Execution whereby an attacker is able to essentially control the affected website and run various commands.

The type of vulnerability is described as an Unrestricted Upload of File with Dangerous Type. This kind of vulnerability is an exploit where an attacker is able to upload malicious files which in turn enables the attacker to execute commands on the affected website server.

This kind of issue is generally described in this manner:

“The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment.”

Wordfence describes this specific vulnerability:

“The Elementor Website Builder …plugin for WordPress is vulnerable to Remote Code Execution via file upload in all versions up to and including 3.18.0 via the template import functionality.

This makes it possible for authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.”

Wordfence also indicates that there is no patch to fix this issue and recommends uninstalling Elementor.

“No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.”

Elementor 3.18.1 Version Update

Elementor released an update to version 3.18.1 today. It is unclear if this patch fixes the vulnerability as the Wordfence site currently states that the vulnerability is unpatched.

The changelog describes this update:

“Fix: Improved code security enforcement in File Upload mechanism”

This is a newly reported vulnerability and the facts may change. Wordfence however warns that hackers are already attacking Elementor websites because their paid version has already blocked eleven hacking attempts at the time of publishing the announcement.

Read the Wordfence advisory:

Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import

Ecommerce MGMT 0 Comments
Dec 6 2023
Mozilla VPN Security Risks Discovered via @sejournal, @martinibuster

Mozilla published the results of a recent third-party security audit of its VPN services as part of it’s commitment to user privacy and security. The survey revealed security issues which were presented to Mozilla to be addressed with fixes to ensure user privacy and security.

Many search marketers use VPNs during the course of their business especially when using a Wi-Fi connection in order to protect sensitive data, so the  trustworthiness of a VNP is essential.

Mozilla VPN

A Virtual Private Network (VPN), is a service that hides (encrypts) a user’s Internet traffic so that no third party (like an ISP) can snoop and see what sites a user is visiting.

VPNs also add a layer of security from malicious activities such as session hijacking which can give an attacker full access to the websites a user is visiting.

There is a high expectation from users that the VPN will protect their privacy when they are browsing on the Internet.

Mozilla thus employs the services of a third party to conduct a security audit to make sure their VPN is thoroughly locked down.

Security Risks Discovered

The audit revealed vulnerabilities of medium or higher severity, ranging from Denial of Service (DoS). risks to keychain access leaks (related to encryption) and the lack of access controls.

Cure53, the third party security firm, discovered and addressed several risks. Among the issues were potential VPN leaks to the vulnerability of a rogue extension that disabled the VPN.

The scope of the audit encompassed the following products:

  • Mozilla VPN Qt6 App for macOS
  • Mozilla VPN Qt6 App for Linux
  • Mozilla VPN Qt6 App for Windows
  • Mozilla VPN Qt6 App for iOS
  • Mozilla VPN Qt6 App for Androi

These are the risks identified by the security audit:

  • FVP-03-003: DoS via serialized intent
  • FVP-03-008: Keychain access level leaks WG private key to iCloud
  • VP-03-010: VPN leak via captive portal detection
  • FVP-03-011: Lack of local TCP server access controls
  • FVP-03-012: Rogue extension can disable VPN using mozillavpnnp (High)

The rogue extension issue was rated as high severity. Each risk was subsequently addressed by Mozilla.

Mozilla presented the results of the security audit as part of their commitment to transparency and to maintain the trust and security of their users. Conducting a third party security audit is a best practice for a VPN provider that helps assure that the VPN is trustworthy and reliable.

Read Mozilla’s announcement:
Mozilla VPN Security Audit 2023

Featured Image by Shutterstock/Meilun

Ecommerce MGMT 0 Comments
Dec 6 2023
Google Introduces Gemini As Its Most Capable Multimodal AI Model via @sejournal, @kristileilani

Google has unveiled Gemini, its most advanced and capable artificial intelligence (AI) model, with advanced multimodal capabilities.

This groundbreaking model represents a leap forward in AI technology, offering state-of-the-art performance compared to existing large language models (LLMs).

Sundar Pichai, CEO of Google and Alphabet, emphasized that AI is shaping a profound technological shift, potentially surpassing the impact of the mobile and web revolutions.

He highlighted the significance of AI in driving innovation and economic progress, enhancing human knowledge, creativity, and productivity.

What Is Google Gemini?

Developed by Google DeepMind, led by CEO and co-founder Demis Hassabis, Gemini stands as a testament to Google’s ongoing commitment to being an AI-first company.

The model showcases an impressive array of capabilities, particularly in its multimodal understanding – a feature allowing it to process and seamlessly combine different types of information, including text, code, audio, image, and video.

Google Gemini Performance

Gemini 1.0, the first version of the model, comes in three variants: Gemini Ultra, Gemini Pro, and Gemini Nano.

Each is optimized for specific tasks, with Gemini Ultra designed for highly complex tasks, Gemini Pro for a wide range of tasks, and Gemini Nano for efficient on-device tasks.

The model’s performance is exceptional, surpassing human experts in Massive Multitask Language Understanding (MMLU) with a score of 90.0%.

Additionally, Gemini Ultra outperforms existing models in 30 of the 32 widely used academic benchmarks in large language model research.

google gemini performanceScreenshot from Google, December 2023

Gemini’s Multimodal Capabilities

Gemini’s innovative approach to multimodality sets it apart from previous models.

Traditional multimodal models are often limited by their design, which involves training separate components for different modalities and then stitching them together.

In contrast, Gemini was built from the ground up to be natively multimodal, enabling it to understand and reason across various inputs far more effectively.

Google Introduces Gemini And Updates Bard With Gemini ProScreenshot from Google, December 2023

This capability positions Gemini as a powerful tool in fields ranging from science to finance, where it can uncover insights from vast amounts of data and provide advanced reasoning in complex subjects like math and physics.

Gemini Excels At Coding

In addition to its multimodal capabilities, Gemini excels in coding tasks. Its ability to understand, explain, and generate high-quality code in multiple programming languages positions it as a leading model for coding.

It also forms the basis for more advanced coding systems, like AlphaCode 2, significantly improving competitive programming problems.

The model’s efficiency and scalability are bolstered by Google’s in-house designed Tensor Processing Units (TPUs) v4 and v5e, making it the most reliable and scalable model to train and serve.

Google Bard Now Powered By Gemini Pro

Google also has announced a significant upgrade to Bard, integrating Gemini Pro to enhance the AI’s capabilities.

Google Introduces Gemini And Updates Bard With Gemini ProScreenshot from Google Bard, December 2023

This upgrade marks the biggest enhancement Bard has received to date. Gemini Pro has been fine-tuned within Bard to significantly improve its performance in understanding and summarizing information, reasoning, coding, and planning.

Users can now experience Bard powered by Gemini Pro for text-based interactions, with plans to extend support to other modalities shortly.

Initially available in English across more than 170 countries and territories, this upgrade will soon extend to additional languages and regions, including Europe.

Responsible AI Development

Google has prioritized responsible AI development, ensuring comprehensive safety evaluations of Gemini for bias and toxicity.

The company collaborates with diverse external experts and partners to rigorously test the model and address potential risks.

How To Get Gemini

Gemini 1.0 is gradually being integrated across various Google products and platforms and will soon be accessible to developers and enterprise customers via Google AI Studio and Google Cloud Vertex AI.

As part of Google’s commitment to advancing AI responsibly, Gemini Ultra will undergo extensive trust and safety checks before its broader release.

The introduction of Gemini by Google marks a significant milestone in AI development.

Its advanced capabilities, ranging from sophisticated multimodal reasoning to efficient coding, signal the beginning of a new era in AI, opening up remarkable possibilities for innovation across multiple domains.

Featured image: VDB Photos/Shutterstock

Ecommerce MGMT 0 Comments
Dec 6 2023
Reddit Recap For 2023: Top Trends And Updates For Advertisers via @sejournal, @kristileilani

Reddit, a diverse social media community for sharing news, highlighted the most engaging trends of 2023 in its annual Reddit Recap.

While it continued to host various interests, including business and marketing, the year marked a significant rise in subreddits dedicated to knowledge and serious discussions, presenting a valuable opportunity for marketers.

Reddit Recap 2023Screenshot from Reddit, December 2023

Top Trending Subreddits And Communities

Remarkably, subreddits like r/todayilearned and r/NoStupidQuestions saw a surge in viewership, climbing to the 25th and 18th most-viewed spots, respectively.

This upward trend signifies a growing interest in learning and intellectual curiosity among Reddit users.

Additionally, r/Damnthatsinteresting, which explores various fascinating topics, rose 26 places to become the 13th most-viewed. These shifts indicate a user base that values informative and thought-provoking content to spark discussion.

This aspect of Reddit demonstrates its role as a space for serious, informed conversation, a trait highly appealing to marketers aiming to engage with a thoughtful and engaged audience.

The 2023 Reddit Recap For Advertisers

Over the past few months, Reddit has introduced several significant updates to enhance its advertising capabilities and user experience. Here’s a summary of the key developments:

  • Reddit launched new ad formats within Conversation Placement, namely Carousel Ads and Product Ads.
    • These formats, used in over 60,000 campaigns, aim to engage users effectively within conversation threads.
    • Carousel Ads have been updated to include up to six images or GIFs, each with a clickable link, leading to a 44% increase in click-through rate.
  • Reddit emphasizes its role in product recommendations, with 94% of users engaging with recommendation content.
  • The introduction of Product Ads complements users’ shopping journeys, allowing brands to target users actively seeking product advice.
  • Reddit updated its Reddit Ads Formula program, introducing the Boost 2.0 Certification Program to educate advertisers on maximizing success on the platform.
    • This program, launched in June 2022, has already seen participation from over 5,800 individuals from various countries.
  • Reddit has made several updates to its search function, particularly on mobile apps. These include a new media tab for easier access to videos, GIFs, and images, a simplified search results page, and improved screen reader compatibility.
  • Reddit introduced Contextual Keyword Targeting and Keyword Suggestions, using machine learning to improve ad relevance, increase click-through rates, and lower cost per action for advertisers.
  • Reddit is experimenting with an “Official” label next to the usernames of organization profiles to increase transparency and authentic engagement.
  • Reddit launched Contextual Keyword Targeting for ads placed in relevant discussions and Product Ads for integrating brand products into user conversations, targeting users ready to make purchases.
  • Reddit introduced features for easier content sharing, including updated link previews for text posts, direct sharing to Instagram Stories, a custom share sheet, and one-tap screenshot sharing.
  • Reddit rolled out a new toolbox for publishers to display Reddit content externally, featuring predictable post heights, community showcases, and interactive displays of upvotes and comments.
  • Reddit expanded its Independent Agency Program, adding partners like Horizon Media, PMG, and Wpromote.
    • Reddit also renewed its partnership with Tinuiti, offering benefits such as advertiser incentives and enhanced measurement tools.

These updates reflect Reddit’s commitment to enhancing user experience and providing effective advertising solutions, leveraging its unique community-driven platform.

Why Marketers Should Consider Reddit Marketing

For marketers, these trends on Reddit offer a unique opportunity.

reddit recap 2023 experienceScreenshot from Reddit, December 2023

The platform’s shift towards knowledge and serious discourse suggests a user base that is engaged, informed, and potentially more receptive to content that aligns with these interests.

Marketing strategies that leverage educational content or align with thought-provoking discussions can resonate deeply with this audience.

Moreover, the rise in viewership of these knowledge-driven subreddits indicates a growing segment of users keen on learning and exploring new ideas.

This demographic is invaluable for marketers seeking to introduce innovative products or concepts or to engage in meaningful brand storytelling.

Conclusion

Reddit’s 2023 trends highlight an emerging focus on knowledge and serious discourse, presenting a ripe landscape for marketers.

By tapping into this engaged, intellectually curious audience, marketers can find new ways to connect with consumers, particularly those who value informative and thoughtful content.

Reddit’s evolution into a platform for learning and in-depth discussions marks it as an essential part of any modern digital marketing strategy.

Featured image: gguy/Shutterstock

Ecommerce MGMT 0 Comments
Dec 5 2023
Research Shows Tree Of Thought Prompting Better Than Chain Of Thought via @sejournal, @martinibuster

Researchers discovered a way to defeat the safety guardrails in GPT4 and GPT4-Turbo, unlocking the ability to generate harmful and toxic content, essentially beating a large language model with another large language model.

The researchers discovered that the use of tree-of-thought (ToT)reasoning to repeat and refine a line of attack was useful for jailbreaking another large language model.

What they found is that the ToT approach was successful against GPT4, GPT4-Turbo, and PaLM-2, using a remarkably low number of queries to obtain a jailbreak, on average less than thirty queries.

Tree Of Thoughts Reasoning

A Google research paper from around May 2022 discovered Chain of Thought Prompting.

Chain of Thought (CoT) is a prompting strategy used on a generative AI to make it follow a sequence of steps in order to solve a problem and complete a task. The CoT method is often accompanied with examples to show the LLM how the steps work in a reasoning task.

So, rather than just ask a generative AI like Midjourney or ChatGPT to do a task, the chain of thought method instructs the AI how to follow a path of reasoning that’s composed of a series of steps.

Tree of Thoughts (ToT) reasoning, sometimes referred to as Tree of Thought (singular) is essentially a variation and improvement of CoT, but they’re two different things.

Tree of Thoughts reasoning is similar to CoT. The difference is that rather than training a generative AI to follow a single path of reasoning, ToT is built on a process that allows for multiple paths so that the AI can stop and self-assess then come up with alternate steps.

Tree of Thoughts reasoning was developed in May 2023 in a research paper titled Tree of Thoughts: Deliberate Problem Solving with Large Language Models (PDF)

The research paper describes Tree of Thought:

“…we introduce a new framework for language model inference, Tree of Thoughts (ToT), which generalizes over the popular Chain of Thought approach to prompting language models, and enables exploration over coherent units of text (thoughts) that serve as intermediate steps toward problem solving.

ToT allows LMs to perform deliberate decision making by considering multiple different reasoning paths and self-evaluating choices to decide the next course of action, as well as looking ahead or backtracking when necessary to make global choices.

Our experiments show that ToT significantly enhances language models’ problem-solving abilities…”

Tree Of Attacks With Pruning (TAP)

This new method of jailbreaking large language models is called Tree of Attacks with Pruning, TAP. TAP uses two LLMs, one for attacking and the other for evaluating.

TAP is able to outperform other jailbreaking methods by significant margins, only requiring black-box access to the LLM.

A black box, in computing, is where one can see what goes into an algorithm and what comes out. But what happens in the middle is unknown, thus it’s said to be in a black box.

Tree of thoughts (TAP) reasoning is used against a targeted LLM like GPT-4 to repetitively try different prompting, assess the results, then if necessary change course if that attempt is not promising.

This is called a process of iteration and pruning. Each prompting attempt is analyzed for the probability of success. If the path of attack is judged to be a dead end, the LLM will “prune” that path of attack and begin another and better series of prompting attacks.

This is why it’s called a “tree” in that rather than using a linear process of reasoning which is the hallmark of chain of thought (CoT) prompting, tree of thought prompting is non-linear because the reasoning process branches off to other areas of reasoning, much like a human might do.

The attacker issues a series of prompts, the evaluator evaluates the responses to those prompts and then makes a decision as to what the next path of attack will be by making a call as to whether the current path of attack is irrelevant or not, plus it also evaluates the results to determine the likely success of prompts that have not yet been tried.

What’s remarkable about this approach is that this process reduces the number of prompts needed to jailbreak GPT-4. Additionally, a greater number of jailbreaking prompts are discovered with TAP than with any other jailbreaking method.

The researchers observe:

“In this work, we present Tree of Attacks with Pruning (TAP), an automated method for generating jailbreaks that only requires black-box access to the target LLM.

TAP utilizes an LLM to iteratively refine candidate (attack) prompts using tree-of-thoughts reasoning until one of the generated prompts jailbreaks the target.

Crucially, before sending prompts to the target, TAP assesses them and prunes the ones unlikely to result in jailbreaks.

Using tree-of-thought reasoning allows TAP to navigate a large search space of prompts and pruning reduces the total number of queries sent to the target.

In empirical evaluations, we observe that TAP generates prompts that jailbreak state-of-the-art LLMs (including GPT4 and GPT4-Turbo) for more than 80% of the prompts using only a small number of queries. This significantly improves upon the previous state-of-the-art black-box method for generating jailbreaks.”

Tree Of Thought (ToT) Outperforms Chain Of Thought (CoT) Reasoning

Another interesting conclusion reached in the research paper is that, for this particular task, ToT reasoning outperforms CoT reasoning, even when adding pruning to the CoT method, where off topic prompting is pruned and discarded.

ToT Underperforms With GPT 3.5 Turbo

The researchers discovered that ChatGPT 3.5 Turbo didn’t perform well with CoT, revealing the limitations of GPT 3.5 Turbo. Actually, GPT 3.5 performed exceedingly poorly, dropping from 84% success rate to only a 4.2% success rate.

This is their observation about why GPT 3.5 underperforms:

“We observe that the choice of the evaluator can affect the performance of TAP: changing the attacker from GPT4 to GPT3.5-Turbo reduces the success rate from 84% to 4.2%.

The reason for the reduction in success rate is that GPT3.5-Turbo incorrectly determines that the target model is jailbroken (for the provided goal) and, hence, preemptively stops the method.

As a consequence, the variant sends significantly fewer queries than the original method…”

What This Mean For You

While it’s amusing that the researchers use the ToT method to beat an LLM with another LLM, it also highlights the usefulness of ToT for generating surprising new directions in prompting in order to achieve higher levels of output.

  • TL/DR Takeaways:
  • Tree of Thought prompting outperformed Chain of Thought methods
  • GPT 3.5 worked significantly poorly in comparison to GPT 4 in ToT
  • Pruning is a useful part of a prompting strategy
  • Research showed that ToT is superior to CoT in an intensive reasoning task like jailbreaking an LLM

Read the original research paper:

Tree of Attacks: Jailbreaking Black-Box LLMs Automatically (PDF)

Featured Image by Shutterstock/THE.STUDIO

Ecommerce MGMT 0 Comments
Dec 5 2023
Explore Microsoft Bing Deep Search With GPT-4 & Generative AI Plans For 2024 via @sejournal, @kristileilani

Microsoft announced Deep Search, a substantial enhancement to Bing’s web search capabilities, powered by OpenAI’s GPT-4.

What Is Microsoft Bing Deep Search?

Integrated with the advanced GPT-4 AI technology, Deep Search aims to deliver more relevant and comprehensive responses to complex search inquiries.

Rather than replacing, it enriches the current Bing web search, providing users with a more in-depth and nuanced web exploration.

How Deep Search Uses GPT-4 To Understand Intent

Deep Search capitalizes on Bing’s existing web index and ranking system, now enriched by GPT-4.

This advancement transforms a user’s query into a detailed description, more accurately capturing their intent.

The technology is particularly adept at clarifying queries that have multiple potential meanings.

For instance, a search about “how points systems work in Japan” might be expanded to encompass topics like loyalty card programs, their benefits, and how they compare to other payment methods.

microsoft bing deep search gpt-4 example previewScreenshot from Microsoft, December 2023

Rewriting Queries For Deeper Insights

Deep Search rewrites queries to explore various facets of a search topic, delving deeper into the web to retrieve results that might be overlooked in standard searches.

This approach allows Bing to tap into a broader array of web pages, increasing the chances of uncovering more informative and specific results.

These results are then meticulously ranked based on relevance, detail, credibility, and timeliness.

Extra Time For Better Results

Designed for complex queries requiring specific and comprehensive answers, Deep Search may take up to thirty seconds to complete.

It remains an optional feature, complementing Bing’s standard search, which delivers results in under a second.

Deep Search In Action: Perplexity AI Copilot Using GPT-4

If you want to get a feel for how Deep Search works, try the Copilot search feature powered by GPT-4 in the Perplexity Pro plan.

When you ask a question, you can review the steps Perplexity’s Copilot takes, including rewriting the search query to find the best answer to the question.

gpt-4 microsoft bing deep search perplexity copilotScreenshot from Perplexity, December 2023

Microsoft’s Generative AI Plans For 2024

In addition to Deep Search, Microsoft plans to expand access to more AI features powered by GPT-4.

Copilot AI Assistance With GPT-4 Turbo

Leading these updates is the integration of GPT-4 Turbo into Copilot, offering enhanced capabilities for handling complex and lengthy tasks.

Currently being tested by select users, GPT-4 Turbo will soon be widely available in Copilot.

Image Creation With DALL-E 3

Joining GPT-4 Turbo is the latest DALL-E 3 model, enabling Copilot users to create high-quality images that closely align with their prompts. The generative AI feature is available now for some users.

microsoft bing image creator designer dalle3Screenshot from Microsoft, December 2023

Inline Compose For Microsoft Edge Simplifies Writing

An upcoming addition is the Inline Compose with a rewrite menu for Microsoft Edge users, designed to simplify writing across most websites.

This tool, soon to be available to all Edge users, will enhance the browser’s functionality.

Multi-Modal Bing Image Search With GPT-4 Vision

In an innovative move, Microsoft is merging the power of GPT-4 with Bing image search and web search data, creating a Multi-Modal with Search Grounding feature.

Explore Microsoft Bing Deep Search With GPT-4 & Generative AI Plans For 2024Screenshot from Microsoft, December 2023

This fusion aims to improve image understanding in response to user queries, offering a more holistic AI experience.

Code Interpreter: Breaking New Ground In Task Simplification

Microsoft is also developing a Code Interpreter to simplify complex tasks like calculations, coding, data analysis, visualization, and mathematics.

code interpreter microsoft copilotScreenshot from Microsoft, December 2023

This feature is currently in the feedback phase and is expected to be available to everyone soon.

A New Year Of Working With AI

These advancements represent a glimpse into the expansive capabilities Copilot is poised to offer.

With feedback from its community of users, Microsoft is shaping Bing and Copilot to be not just a tool but an essential part of the digital experience, heralding a new era of AI-assisted productivity and creativity.

Featured image: Daniel Chetroni/Shutterstock

Ecommerce MGMT 0 Comments
Dec 5 2023
Microsoft Advertising Partners With Baidu Global For Chat Ads API via @sejournal, @kristileilani

In its monthly recap of significant developments, Microsoft Advertising shared the latest news about its new partnership with Baidu Global, advertising opportunities, and Bing’s rebranding to Copilot.

These advancements boost advertiser reach and efficiency, representing a notable expansion as the holiday season approaches.

Microsoft And Baidu: A Strategic Alliance

Microsoft Advertising advanced its commitment to generative artificial intelligence (AI) with a new partnership with Baidu Global, aiming to roll out in 2024 in markets like the US, Canada, the UK, and Australia.

This collaboration leverages Microsoft’s Chat Ads API, allowing Baidu Global Keyboard, a mobile app enriched with natural language processing and generative AI features, to deliver tailored and engaging sponsored content.

Microsoft Advertising Partners With Baidu Global For Chat Ads APIScreenshot from Microsoft, November 2023

This partnership provides a unique opportunity for advertisers to reach a broader and more diverse audience, particularly Gen Z, across various app environments.

Microsoft emphasizes the potential of this partnership to enhance user experiences with more relevant content and continues to explore innovative ways to utilize generative AI in advertising.

Expanded Advertising Opportunities

Microsoft Store Ads, now available globally, offer advertisers a way to boost app and game downloads. This feature allows for broad geographic targeting, including worldwide campaigns.

Microsoft has extended Video and Connected TV advertising to 32 Americas, EMEA, and APAC markets. This expansion underscores the growing relevance of video in advertising strategies.

In addition, Microsoft Advertising also introduced bulk management for predictive targeting to identify potential high-conversion audiences.

The platform has also upgraded its Google Import feature to facilitate importing discovery and demand gen campaigns from Google Ads.

Bing Becomes Copilot

In a significant rebranding, Bing Chat and Bing Chat Enterprise have transitioned to Copilot, enhancing the AI-driven chat experience for users.

These updates highlight Microsoft Advertising’s commitment to innovation and customer empowerment in the digital ad arena, with the Baidu partnership emphasizing AI’s role in future growth.

Featured Image: Tada Images/Shutterstock

Ecommerce MGMT 0 Comments
Dec 4 2023
Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs via @sejournal, @martinibuster

Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit the plugin by uploading arbitrary files, including potentially malicious PHP backdoors, with the ability to execute these files on the server.

MW WP Form Plugin

The MW WP Form plugin helps to simplify form creation on WordPress websites using a shortcode builder.

It makes it easy for users to create and customize forms with various fields and options.

The plugin has many features, including one that allows file uploads using the [mwform_file name=”file”] shortcode for the purpose of data collection. It is this specific feature that is exploitable in this vulnerability.

Unauthenticated Arbitrary File Upload Vulnerability

An Unauthenticated Arbitrary File Upload Vulnerability is a security issue that allows hackers to upload potentially harmful files to a website. Unauthenticated means that the attacker does not need to be registered with the website or need any kind of permission level that comes with a user permission level.

These kinds of vulnerabilities can lead to remote code execution, where the uploaded files are executed on the server, with the potential to allow the attackers to exploit the website and site visitors.

The Wordfence advisory noted that the plugin has a check for unexpected filetypes but that it doesn’t function as it should.

According to the security researchers:

“Unfortunately, although the file type check function works perfectly and returns false for dangerous file types, it throws a runtime exception in the try block if a disallowed file type is uploaded, which will be caught and handled by the catch block.

…even if the dangerous file type is checked and detected, it is only logged, while the function continues to run and the file is uploaded.

This means that attackers could upload arbitrary PHP files and then access those files to trigger their execution on the server, achieving remote code execution.”

There Are Conditions For A Successful Attack

The severity of this threat depends on the requirement that the “Saving inquiry data in database” option in the form settings is required to be enabled in order for this security gap to be exploited.

The security advisory notes that the vulnerability is rated critical with a score of 9.8 out of 10.

Actions To Take

Wordfence strongly advises users of the MW WP Form plugin to update their versions of the plugin.

The vulnerability is patched in the lutes version of the plugin, version 5.0.2.

The severity of the threat is particularly critical for users who have enabled the “Saving inquiry data in database” option in the form settings and that is compounded by the fact that no permission levels are needed to execute this attack.

Read the Wordfence advisory:

Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution

Featured Image by Shutterstock/Alexander_P

Ecommerce MGMT 0 Comments