"Enhancing Cybersecurity with 'Moving Trees'"

"Enhancing Cybersecurity with 'Moving Trees'"

Jianying Zhou, a professor at the Singapore University of Technology and Design (SUTD), and his team propose a tree-inspired One-Time Password (OTP) scheme that supports changing user environments as well as provides security and privacy. OTPs have become a standard in user verification for sensitive applications. A standard OTP, used in Multi-Factor Authentication (MFA), limits users' password input time to prevent hacking. However, cyber threats will slowly render OTP protocols obsolete. A new scheme proposed by Zhou and his team addresses some of the weaknesses of existing OTP methods.

Submitted by Gregory Rigby on

"Your Internet-Connected Home Devices Could Be Compromising Your Security. BYU Computer Engineers Have a Solution"

"Your Internet-Connected Home Devices Could Be Compromising Your Security. BYU Computer Engineers Have a Solution"

Phil Lundrigan, a computer engineering professor at Brigham Young University (BYU), and a team of students have developed an in-between option that grants partial trust and enables consumers to connect basic Internet of Things (IoT) devices to their home network without the risk of compromising the network. Their solution enables communication between a Wi-Fi device, such as a sensor, that transmits small amounts of data, and a trusted Wi-Fi network without requiring the device to be connected to the network.

Submitted by Gregory Rigby on

"Flawed AI Tools Create Worries for Private LLMs, Chatbots"

"Flawed AI Tools Create Worries for Private LLMs, Chatbots"

According to experts, companies that use private instances of Large Language Models (LLMs) to make business data searchable through a conversational interface risk data poisoning and leakage if they do not harden their platforms. For example, Synopsys recently disclosed a Cross-Site Request Forgery (CSRF) flaw impacting applications based on SamurAI's EmbedAI component. Attackers could trick users into uploading poisoned data into their LLM.

Submitted by Gregory Rigby on

"Phishing Kit Trends and the Top 10 Spoofed Brands of 2023"

"Phishing Kit Trends and the Top 10 Spoofed Brands of 2023"

According to the 2024 IBM X-Force Threat Intelligence Index, phishing made up 30 percent of incidents last year, showing that it is still one of the top initial access vectors. Attackers often use phishing kits, which consist of a collection of tools, resources, and scripts packaged for easy deployment. IBM X-Force analyzed thousands of phishing kits and discovered trends, including which data these kits targeted and which brands were most exploited. This article continues to discuss key findings regarding phishing kits.

Submitted by Gregory Rigby on

"59% of Public Sector Apps Carry Long-Standing Security Flaws"

"59% of Public Sector Apps Carry Long-Standing Security Flaws"

According to Veracode, public sector apps have more security debt than private sector apps. Security debt is defined as flaws that remain unfixed for more than a year. Fifty-nine percent of apps in the public sector have security debt. Veracode's study delved into public sector organizations in over 25 countries. Cybercriminals are targeting federal government systems with more damaging and disruptive methods. To address this, the federal government is implementing a number of cybersecurity measures, including reducing risk in government apps.

Submitted by Gregory Rigby on

"AI Browser Plug-Ins to Help Consumers Improve Digital Privacy Literacy, Combat Manipulative Design"

"AI Browser Plug-Ins to Help Consumers Improve Digital Privacy Literacy, Combat Manipulative Design"

Researchers at the University of Notre Dame are developing Artificial Intelligence (AI) tools to help consumers understand online exploitation. Increasing end users' digital literacy helps them better control their website interactions. A recent study allowed participants to experiment with online privacy settings without consequences. The researchers created "Privacy Sandbox," a Chrome browser plug-in that replaced participant data with personas generated by the Large Language Model (LLM) GPT-4 from OpenAI.

Submitted by Gregory Rigby on

"How Researchers Are Protecting AI of the Future"

"How Researchers Are Protecting AI of the Future"

Dr. Samson Zhou, assistant professor at Texas A&M University's Department of Computer Science and Engineering, and Dr. David P. Woodruff, professor in the Computer Science Department at Carnegie Mellon University, are looking to bolster algorithms used by big data Artificial Intelligence (AI) models against attacks. Big data AI models are scalable algorithms designed to handle and analyze large amounts of data. Zhou and Woodruff are studying a type of big data model known as a streaming model.

Submitted by Gregory Rigby on

"New Partnership Uses AI to Bolster Efficiency, Cybersecurity for Water Treatment"

"New Partnership Uses AI to Bolster Efficiency, Cybersecurity for Water Treatment"

Feras Batarseh, an associate professor in Virginia Tech's Department of Biological Systems Engineering, and his team of researchers work with the Commonwealth Cyber Initiative in the greater Washington, DC, metro area, as well as in Blacksburg, where they run the "AI & Cyber for Water & Ag lab." The lab is made up of physical pumping and tubing systems, together with soil and biological systems, and is integrated with computer monitoring. It supports the term "cyberbiosecurity," coined at Virginia Tech, which encompasses the fight against threats to the nation's water supply.

Submitted by Gregory Rigby on

"Pirated Microsoft Office Delivers Malware Cocktail on Systems"

"Pirated Microsoft Office Delivers Malware Cocktail on Systems"

Cybercriminals are distributing a malware cocktail via cracked versions of Microsoft Office advertised on torrent websites. Malware delivered to users includes Remote Access Trojans (RATs), cryptocurrency miners, malware downloaders, proxy tools, and anti-virus software. The AhnLab Security Intelligence Center (ASEC) identified the campaign, warning against downloading pirated software. The researchers discovered that the attackers use a variety of lures, including Microsoft Office, Windows, and the Hangul Word Processor.

Submitted by Gregory Rigby on
Subscribe to