Google recently announced that its secure-by-design approach to code development has significantly reduced memory safety vulnerabilities in Android.  Google has been battling memory safety issues in both Android and Chrome for years, including by migrating them to memory-safe programming languages, such as Rust, and the effort has paid off.

Researchers from ETH Zurich have discovered a way to beat CAPTCHA puzzles through the use of Artificial Intelligence (AI), which has sparked further concern regarding online security. CAPTCHA, which stands for "Completely Automated Public Turing Test to Tell Computers and Humans Apart," has been a well-established method for distinguishing humans from bots. However, the researchers' new AI system could solve image-based puzzles as effectively as humans, if not better. This article continues to discuss the study "Breaking reCAPTCHAv2."

By grigby1

Xiaoli Zhou of the School of Information Engineering at Sichuan Top IT Vocational Institute in Chengdu, China, conducted a study on integrating data augmentation and ensemble learning methods to improve the accuracy of Intrusion Detection Systems (IDS). Zhou focused on a Wasserstein Generative Adversarial Network with Gradient Penalty (WGAN-GP), an advanced version of the standard Machine Learning (ML) model capable of creating realistic data through a competition between two neural networks.

By grigby1 

By krahal

With a nod to Charles Dickens, this Cyber Scene will take us to the tale of two grounded US cities—Washington DC and New York City, even as debates, be they financial or foreign affairs, are fully in best or possibly worst ethereal times.

According to Zimperium's "2024 zLabs Global Mobile Threat Report," 82 percent of all phishing sites now target mobile devices. The report also shows that 76 percent of these sites use HTTPS, leading users to believe they are secure. Healthcare remains the most vulnerable industry, with 39 percent of mobile threats coming from phishing attacks. In order to gain access to enterprise systems, cybercriminals are increasingly applying mobile-first strategies involving the exploitation of weak mobile endpoints, smaller screens, and limited security indicators.

The US Cybersecurity and Infrastructure Security Agency (CISA) warns of threat actors targeting Internet-exposed industrial devices with "unsophisticated" methods such as brute-force attacks and using default credentials to breach critical infrastructure networks. According to CISA, these attacks on critical infrastructure Operation Technology (OT) and Industrial Control System (ICS) devices have affected Water and Wastewater Systems (WWS). This article continues to discuss CISA's warning regarding threat actors exploiting OT/ICS using unsophisticated techniques.

HiddenLayer warns that Google's Artificial Intelligence (AI) assistant Gemini faces indirect prompt injection flaws that could lead to phishing and chatbot takeover attacks. Indirect injections involve delivering the prompt injection via channels such as documents, emails, and other assets accessed by the Large Language Model (LLM), with the goal of taking over the model.

Following the discovery that thousands of US Congress staffers could be vulnerable to account hijacking and phishing, security experts have repeatedly warned against using work email addresses to sign up for third-party sites. The secure mail provider Proton collaborated with Constella Intelligence to search the dark web for over 16,000 publicly available email addresses associated with congressional staff. About 3,191 employees' emails were leaked to the dark web following third-party data breaches, with 1,848 listed together with plaintext passwords.