Lifeboat Foundation

Please check out Numerai — our sponsor using our link @
http://numer.ai/mlst.

Numerai is a groundbreaking platform which is taking the data science world by storm. Tim has been using Numerai to build state-of-the-art models which predict the stock market, all while being a part of an inspiring community of data scientists from around the globe. They host the Numerai Data Science Tournament, where data scientists like us use their financial dataset to predict future stock market performance.

Continue reading “Counterfeit People. Daniel Dennett. (Special Edition)” »

Researchers in the field of information security at Horizon3 have made public the proof-of-concept (PoC) code for a major privilege escalation vulnerability (CVE-2023–26067) found in Lexmark printers. On a device that has not been patched, this vulnerability, which has a CVSS score of 8.0, might enable an attacker to get elevated access if the device is not updated.

Incorrect validation of user-supplied information is what led to the vulnerability in the system. This vulnerability might be exploited by the attacker by having the attacker make a specially crafted request to the printer. Once the vulnerability has been exploited, the attacker has the potential to get escalated rights on the device, which might give them the ability to execute arbitrary code, spill credentials, or obtain a reverse shell.

Configurations prone to vulnerability An initial Setup Wizard is shown on the display of the user’s Lexmark printer the very first time it is turned on by the user. This wizard walks the user through the process of configuring several system settings, such as the language, as well as giving them the opportunity to setup an administrative user. If the user makes the selection “Set Up Later,” the printer will provide “Guest” users access to all of the features and pages available through the web interface of the printer. If the user selects “Set up Now,” the printer will prevent them from accessing a significant portion of their accessible capability until they have authenticated themselves.

PHP is a widely used programming language that is put to use in the production of dynamic web pages. On the other hand, much like any other program, it is not completely safe from security flaws. CVE-2023–3823 and CVE-2023–3824 are the names of two new security flaws that have been identified in PHP during the course of the last several months.

An information disclosure vulnerability known as CVE-2023–3823 exists in PHP applications and makes it possible for a remote attacker to access sensitive data stored inside such applications. Inadequate validation of the XML input given by the user is the root cause of the vulnerability. This vulnerability might be exploited by the attacker by having them transmit a specially designed piece of XML code to the program. The program would then proceed to parse the code, at which point the attacker would be able to obtain access to sensitive information such as the contents of arbitrary files on the system or the results of queries made to external sources.

This issue may affect any program, library, or service that interacts with XML documents in any way, including processing or communicating with them. Because to the hard work done by nickvergessen, a security researcher, who also released the proof-of-concept.

UK scientists have begun developing vaccines as an insurance against a new pandemic caused by an unknown “Disease X”.

The work is being carried out at the government’s high-security Porton Down laboratory complex in Wiltshire by a team of more than 200 scientists.

A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

When Zoom was used for training the sound classification algorithm, the prediction accuracy dropped to 93%, which is still dangerously high, and a record for that medium.

Such an attack severely affects the target’s data security, as it could leak people’s passwords, discussions, messages, or other sensitive information to malicious third parties.

Kenya has ordered Worldcoin to stop collecting data in the country due to privacy and security concerns.

Kenya is pumping the brakes on Worldcoin — the eyeball-scanning crypto project launched by OpenAI founder Sam Altman. The Kenyan government has ordered Worldcoin to stop collecting data in the country while it reviews the project for potential privacy and security risks, as reported earlier by Reuters.

Worldcoin is a project that uses your iris to create a unique digital identity, which you can then link to digital currencies managed through the company’s World App. The project launched last week and has had people lining up to get their eyeballs scanned by the shiny, silver orbs Worldcoin… More.

Continue reading “Kenya suspends Sam Altman’s eyeball-scanning crypto project” »

A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.

The novel attack technique, per Trellix, takes advantage of the “search-ms:” URI protocol handler, which offers the ability for applications and HTML links to launch custom local searches on a device, and the “search:” application protocol, a mechanism for calling the desktop search application on Windows.

“Attackers are directing users to websites that exploit the ‘search-ms’ functionality using JavaScript hosted on the page,” security researchers Mathanraj Thangaraju and Sijo Jacob said in a Thursday write-up. “This technique has even been extended to HTML attachments, expanding the attack surface.”

Not surprisingly, the Intelligence Community (IC), Department of Defense (DoD), and first responders at the Department of Homeland Security (DHS) and other agencies are also interested in wearable electronics. With its Smart Electrically Powered and Networked Textile Systems (SMART ePANTS) program, the Intelligence Advanced Research Projects Activity (IARPA) is delivering the largest single investment ever made¹ to make Advanced Smart Textiles² (AST) a reality.

According to SMART ePANTS Program Manager, Dr. Dawson Cagle, developing clothing with sensor systems that can record audio, video, and geolocation data would significantly improve the capabilities of IC, DoD, DHS staff, and others working in dangerous or high-stress environments, such as crime scenes and arms control inspections. Dr. Cagle also asserted that ASTs could collect information one doesn’t notice, which would increase job effectiveness.

In software application development environments, the consensus is gravitating towards the use of AI as a helping and testing mechanism, rather than it being wholly offered the chance to create software code in and of itself. The concept here is that if so-called citizen developer business laypeople start creating code with software robots, they will never be able to wield the customization power (and ability to cover security risks) that hard-core software developers have.

As we now grow with AI and start to become more assured in terms of where its impact should be felt, we may now logically look to the whole spectrum of automation that it offers. This involves the concept of so-called hypermodal AI i.e. intelligence capable of working in different ‘modes’, some of which will predict, some of which will help determine and some of which will generate.

Today describing itself as unified observability and security platform company (IT vendors are fond of changing their opening ‘elevator sell’ line every few years), Dynatrace has now expanded its Davis AI engine to create hypermodal AI that converges fact-based predictive AI, with causal AI insights with new generative AI capabilities.