"AI and Machine Learning Help Researchers Get Audio From Still Images and Silent Videos"

"AI and Machine Learning Help Researchers Get Audio From Still Images and Silent Videos"

Northeastern University professor of electrical and computer engineering and computer science Kevin Fu has found a method to extract audio from images and even muted videos. Using Side Eye, a Machine Learning-based tool that Fu and his research team developed, it is possible to determine the gender and precise words of a person speaking in a room where a picture was taken. Side Eye introduces an entirely new world of cybersecurity threats that people and cybersecurity professionals should be aware of.

Submitted by Gregory Rigby on

"MacOS 14 Sonoma Patches 60 Vulnerabilities"

"MacOS 14 Sonoma Patches 60 Vulnerabilities"

Apple recently announced the release of macOS 14 Sonoma.  Apple noted that the latest version of the operating system patches more than 60 vulnerabilities.  Apple stated that the flaws can be exploited to obtain potentially sensitive information (location, calendar, contacts, photos, credentials), execute arbitrary code with elevated privileges, escape the sandbox, read arbitrary files, cause a denial-of-service (DoS) condition, escalate privileges, bypass security mechanisms, delete files, modify protected parts of the file system, and conduct UI spoofing.

Submitted by Adam Ekwall on

"Newly Discovered Side-Channel Attack Side Steps Current Defense Mechanisms"

"Newly Discovered Side-Channel Attack Side Steps Current Defense Mechanisms"

Data compression has been used to improve web performance and user experience. It reduces the size of files and resources, such as images, video, and text, before their transmission over the Internet. Therefore, the process reduces the amount of data transferred and enables faster load times. However, data compression has become a source of side-channel attacks that can leak personal information about users to potential adversaries. In most previously known side-channel attacks, data leaks happen because of software-visible uses of compression.

Submitted by Gregory Rigby on

"Post-Quantum Cryptography Coalition Launches"

"Post-Quantum Cryptography Coalition Launches"

The data encrypted online today, from financial and personal identification information to military operations and intelligence data, could be decrypted quickly by an adversary with access to a cryptographically relevant quantum computer in the future. The Post-Quantum Cryptography (PQC) Coalition has been established by a community of technologists, researchers, and expert practitioners to advance the understanding and adoption of PQC and the National Institute of Standards and Technology's (NIST) PQC algorithms.

Submitted by Gregory Rigby on

"ALPHV Group Claims the Hack of Clarion, a Global Manufacturer of Audio and Video Equipment for Cars"

"ALPHV Group Claims the Hack of Clarion, a Global Manufacturer of Audio and Video Equipment for Cars"

Clarion, the global audio and video equipment manufacturer for cars and other vehicles, has been added to the list of victims on the BlackCat/ALPHV ransomware group's Tor leak site. The group announced on September 23 that the company had been hacked and sensitive data, including partner documents, had been stolen. In addition, the group claims to have stolen customer information and threatens to sell it to interested parties. As evidence of the breach, the group published some screenshots of the stolen documents. The BlackCat/ALPHV ransomware gang has been active since November 2021.

Submitted by Gregory Rigby on

"Canadian Flair Airlines Left User Data Leaking for Months"

"Canadian Flair Airlines Left User Data Leaking for Months"

The Cybernews research team discovered that Canadian Flair Airlines left credentials to sensitive databases and email addresses exposed for at least seven months, increasing the risk of passengers' information, such as emails, names, and addresses, being accessed by malicious actors. The leak involved publicly accessible environment files hosted on flyflair[.]com, which belongs to the Canadian ultra-low-cost carrier Flair Airlines.

Submitted by Gregory Rigby on

"CISA Releases Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management (SCRM)"

"CISA Releases Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management (SCRM)"

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the new Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management (SCRM) product from the Information and Communications Technology (ICT) SCRM Task Force. The HBOM Framework provides a uniform and repeatable method for vendors and purchasers to communicate about hardware components, facilitating effective risk assessment and mitigation throughout the supply chain.

Submitted by Gregory Rigby on
Subscribe to