Archive for the ‘security’ category: Page 3

Feb 20, 2024

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

Posted by in category: security

Malicious packages lurking in open-source repositories. Discover how DLL side-loading is the latest technique used to evade security software.

Feb 20, 2024

Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks

Posted by in categories: privacy, security

An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.

Biometric fingerprint security is widespread and widely trusted. If things continue as they are, it is thought that the fingerprint authentication market will be worth nearly $100 billion by 2032. However, organizations and people have become increasingly aware that attackers might want to steal their fingerprints, so some have started to be careful about keeping their fingerprints out of sight, and become sensitive to photos showing their hand details.

Feb 20, 2024

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

Posted by in category: security

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations.

The flaw, tracked as CVE-2024–25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6.

It has been addressed by the theme developers in version released on February 13, 2024, merely days after WordPress security provider Snicco reported the flaw on February 10.

Feb 19, 2024

MIT develops tamper-proof ID tag for cheaper and secure authentication

Posted by in categories: computing, particle physics, security

RFID tags are commonly used to verify the authenticity of products, but they have some drawbacks. They are relatively large, expensive, and vulnerable to counterfeiting. A team of MIT engineers has developed a new type of ID tag that overcomes these limitations by using terahertz waves, which are smaller and faster than radio waves.

The new tag is a cryptographic chip several times smaller and cheaper than RFID tags. It also offers improved security, using the unique pattern of metal particles in the glue that attaches the tag to the item as a fingerprint. This way, the authentication system will detect tampering if someone tries to peel off the tag and stick it to a fake item.

Feb 15, 2024

OpenAI Hiring Detective to Find Who’s Leaking Its Precious Info

Posted by in categories: robotics/AI, security

OpenAI is looking to hire an “insider risk investigator” to “fortify our organization against internal security threats.”

According to the company’s job listing, first spotted by MSPowerUser, the gumshoe is supposed to help the company safeguard its assets by “analyzing anomalous activities, promoting a secure culture, and interacting with various departments to mitigate risks.” Per the Wayback Machine, the job listing has been up since mid-January.

“You’ll play a crucial role in safeguarding OpenAI’s assets by analyzing anomalous activities, promoting a secure culture, and interacting with various departments to mitigate risks,” the listing reads. “Your expertise will be instrumental in protecting OpenAI against internal risks, thereby contributing to the broader societal benefits of artificial intelligence.”

Feb 13, 2024

Alert: CISA Warns of Active ‘Roundcube’ Email Attacks — Patch Now

Posted by in category: security

CISA has identified a medium-severity security flaw affecting Roundcube email software, categorized as CVE-2023–43770.

Feb 13, 2024

Why AI can’t replace air traffic controllers

Posted by in categories: biotech/medical, robotics/AI, security

An air traffic controller’s routine can be disrupted by an aircraft that requires special handling. This could range from an emergency to priority handling of medical flights or Air Force One. Controllers are given the responsibility and the flexibility to adapt how they manage their airspace.

The requirements for the front line of air traffic control are a poor match for AI’s capabilities. People expect air traffic to continue to be the safest complex, high-technology system ever. It achieves this standard by adhering to procedures when practical, which is something AI can do, and by adapting and exercising good judgment whenever something unplanned occurs or a new operation is implemented – a notable weakness of today’s AI.

Indeed, it is when conditions are the worst – when controllers figure out how to handle aircraft with severe problems, airport crises or widespread airspace closures due to security concerns or infrastructure failures – that controllers’ contributions to safety are the greatest.

Feb 10, 2024

Airport 4.0: The Future Of Airports Takes Flight

Posted by in categories: robotics/AI, security

Imagine stepping into an airport where queues are relics of the past, replaced by seamless journeys orchestrated by intelligent machines. This isn’t science fiction – it’s the dawn of Airport 4.0, the cognitive era where airports transform from transit hubs into dynamic, personalized experiences.

As a frequent traveler myself, I’ve spent countless hours navigating the labyrinthine world of airports. The frustration of long lines, the stress of security checks, the wasted time waiting – it’s all too familiar. But Airport 4.0 paints a radically different picture. Facial recognition whisks me past security, AI-powered apps anticipate my needs, and personalized recommendations guide me to hidden gems within the terminal. This isn’t just a convenience; it’s a paradigm shift that unlocks a world of possibilities. Today, as we stand on the brink of the cognitive era, I’m keen to share my insights on how Airport 4.0 is reshaping the future of air travel, making it not just a journey from A to B but an experience in its own right.

A new report on Future of Airports from Markets and Markets Foresighting team delves into what will be a future airport.

Feb 8, 2024

Endpoint security startup NinjaOne lands $231.5M at $1.9B valuation

Posted by in category: security

NinjaOne, a startup offering tools to manage and secure endpoints in enterprise settings, has raised $231.5 million at a $1.9 billion valuation.

Feb 6, 2024

The next wave of fraud should frighten banks and crypto firms alike

Posted by in categories: finance, robotics/AI, security

It’s possible the OnlyFake owner is exaggerating, and it’s also worth noting that counterfeiting documents is nothing new. The difference here, though, is that the firm’s software is capable of cranking out hundreds of fake, but very real looking, IDs. It feels like it’s a matter of time before both banks and crypto firms alike are swamped by a wave of bots seeking to open accounts that possess convincing fake IDs.

You can add to this an impending wave of AI-based tools that will be used to overcome the anti-fraud measures, such as voice-based authentication, used by banks and others. We are also seeing AI being used to carry out audacious new forms of robbery—including the jaw-dropping story this week of a criminal gang that persuaded some poor employee in Hong Kong to transfer $25 million of company funds during a Zoom meeting. It turned out that all the members on the Zoom call were AI-generated replicas of the employee’s boss and coworkers.

Page 3 of 13312345678Last