Jianying Zhou, a professor at the Singapore University of Technology and Design (SUTD), and his team propose a tree-inspired One-Time Password (OTP) scheme that supports changing user environments as well as provides security and privacy. OTPs have become a standard in user verification for sensitive applications. A standard OTP, used in Multi-Factor Authentication (MFA), limits users' password input time to prevent hacking. However, cyber threats will slowly render OTP protocols obsolete. A new scheme proposed by Zhou and his team addresses some of the weaknesses of existing OTP methods.

Phil Lundrigan, a computer engineering professor at Brigham Young University (BYU), and a team of students have developed an in-between option that grants partial trust and enables consumers to connect basic Internet of Things (IoT) devices to their home network without the risk of compromising the network. Their solution enables communication between a Wi-Fi device, such as a sensor, that transmits small amounts of data, and a trusted Wi-Fi network without requiring the device to be connected to the network.

According to experts, companies that use private instances of Large Language Models (LLMs) to make business data searchable through a conversational interface risk data poisoning and leakage if they do not harden their platforms. For example, Synopsys recently disclosed a Cross-Site Request Forgery (CSRF) flaw impacting applications based on SamurAI's EmbedAI component. Attackers could trick users into uploading poisoned data into their LLM.

According to the 2024 IBM X-Force Threat Intelligence Index, phishing made up 30 percent of incidents last year, showing that it is still one of the top initial access vectors. Attackers often use phishing kits, which consist of a collection of tools, resources, and scripts packaged for easy deployment. IBM X-Force analyzed thousands of phishing kits and discovered trends, including which data these kits targeted and which brands were most exploited. This article continues to discuss key findings regarding phishing kits.

According to Veracode, public sector apps have more security debt than private sector apps. Security debt is defined as flaws that remain unfixed for more than a year. Fifty-nine percent of apps in the public sector have security debt. Veracode's study delved into public sector organizations in over 25 countries. Cybercriminals are targeting federal government systems with more damaging and disruptive methods. To address this, the federal government is implementing a number of cybersecurity measures, including reducing risk in government apps.

By dgoff

Researchers at the University of Notre Dame are developing Artificial Intelligence (AI) tools to help consumers understand online exploitation. Increasing end users' digital literacy helps them better control their website interactions. A recent study allowed participants to experiment with online privacy settings without consequences. The researchers created "Privacy Sandbox," a Chrome browser plug-in that replaced participant data with personas generated by the Large Language Model (LLM) GPT-4 from OpenAI.

Dr. Samson Zhou, assistant professor at Texas A&M University's Department of Computer Science and Engineering, and Dr. David P. Woodruff, professor in the Computer Science Department at Carnegie Mellon University, are looking to bolster algorithms used by big data Artificial Intelligence (AI) models against attacks. Big data AI models are scalable algorithms designed to handle and analyze large amounts of data. Zhou and Woodruff are studying a type of big data model known as a streaming model.

Feras Batarseh, an associate professor in Virginia Tech's Department of Biological Systems Engineering, and his team of researchers work with the Commonwealth Cyber Initiative in the greater Washington, DC, metro area, as well as in Blacksburg, where they run the "AI & Cyber for Water & Ag lab." The lab is made up of physical pumping and tubing systems, together with soil and biological systems, and is integrated with computer monitoring. It supports the term "cyberbiosecurity," coined at Virginia Tech, which encompasses the fight against threats to the nation's water supply.

Cybercriminals are distributing a malware cocktail via cracked versions of Microsoft Office advertised on torrent websites. Malware delivered to users includes Remote Access Trojans (RATs), cryptocurrency miners, malware downloaders, proxy tools, and anti-virus software. The AhnLab Security Intelligence Center (ASEC) identified the campaign, warning against downloading pirated software. The researchers discovered that the attackers use a variety of lures, including Microsoft Office, Windows, and the Hangul Word Processor.