Menu

Blog

Archive for the ‘security’ category

Dec 21, 2024

How to Generate a CrowdStrike RFM Report With AI in Tines

Posted by in categories: robotics/AI, security

Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform.

Their bi-annual “You Did What with Tines?!” competition highlights some of the most interesting workflows submitted by their users, many of which demonstrate practical applications of large language models (LLMs) to address complex challenges in security operations.

One recent winner is a workflow designed to automate CrowdStrike RFM reporting. Developed by Tom Power, a security analyst at The University of British Columbia, it uses orchestration, AI and automation to reduce the time spent on manual reporting.

Dec 19, 2024

US Homeland Security chief attacks EU effort to police artificial intelligence

Posted by in categories: robotics/AI, security

The outgoing head of the US Department of Homeland Security believes Europe’s “adversarial” relationship with tech companies is hampering a global approach to regulating artificial intelligence that could result in security vulnerabilities.

Alejandro Mayorkas told the Financial Times the US — home of the world’s top artificial intelligence groups, including OpenAI and Google — and Europe are not on a “strong footing” because of a difference in regulatory approach.

He stressed the need for “harmonisation across the Atlantic”, expressing concern that relationships between governments and the tech industry are “more adversarial” in Europe than in the US.

Dec 14, 2024

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Posted by in categories: internet, security

As many as 296,000 Prometheus Node Exporter instances and 40,300 Prometheus servers have been estimated to be publicly accessible over the internet, making them a huge attack surface that could put data and services at risk.

The fact that sensitive information, such as credentials, passwords, authentication tokens, and API keys, could be leaked through internet-exposed Prometheus servers has been documented previously by JFrog in 2021 and Sysdig in 2022.

“Unauthenticated Prometheus servers enable direct querying of internal data, potentially exposing secrets that attackers can exploit to gain an initial foothold in various organizations,” the researchers said.

Dec 12, 2024

Can Quantum Computers Break Bitcoin? Google’s Latest Chip Sparks Fresh Debate

Posted by in categories: bitcoin, blockchains, computing, quantum physics, security

Google’s new Willow quantum processor has reignited discussions around blockchain security and their ability to withstand rapid advancements.

Dec 11, 2024

Scientists develop coating for enhanced thermal imaging through hot windows

Posted by in categories: chemistry, security, surveillance

A team of Rice University scientists has solved a long-standing problem in thermal imaging, making it possible to capture clear images of objects through hot windows. Imaging applications in a range of fields—such as security, surveillance, industrial research and diagnostics—could benefit from the research findings, which were reported in the journal Communications Engineering.

“Say you want to use to monitor in a high-temperature reactor chamber,” said Gururaj Naik, an associate professor of electrical and computer engineering at Rice and corresponding author on the study. “The problem you’d be facing is that the thermal radiation emitted by the window itself overwhelms the camera, obscuring the view of objects on the other side.”

A possible solution could involve coating the window in a material that suppresses thermal light emission toward the camera, but this would also render the window opaque. To get around this issue, the researchers developed a coating that relies on an engineered asymmetry to filter out the thermal noise of a hot window, doubling the contrast of thermal imaging compared to conventional methods.

Dec 11, 2024

WPForms bug allows Stripe refunds on millions of WordPress sites

Posted by in category: security

A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions.

Tracked under CVE-2024–11205, the flaw was categorized as a high-severity problem due to the authentication prerequisite. However, given that membership systems are available on most sites, exploitation may be fairly easy in most cases.

The issue impacts WPForms from version 1.8.4 and up to 1.9.2.1, with a patch pushed in version 1.9.2.2, released last month.

Dec 10, 2024

Transforming Businesses With LLMs: Risks And Use Cases

Posted by in categories: business, governance, security

Conversely, proprietary LLMs typically offer robust security features but still pose data privacy and control risks. Using these models involves sharing sensitive data with a third-party provider, which could lead to regulatory penalties if a breach occurs.

LLMs also lack transparency regarding their training data and how datasets are formed. Be mindful of potential bias and fairness issues and consider a human-in-the-loop approach, where specialists review and manage the model’s output.

Continue reading “Transforming Businesses With LLMs: Risks And Use Cases” »

Dec 10, 2024

Silver nanocubes enable nanolaser light generation

Posted by in categories: biotech/medical, security

Kaunas University of Technology (KTU), Lithuania researchers, and scientists from Japan have developed a unique nanolaser. Although the dimensions of this laser are so small that its structure can only be seen through a powerful microscope, its potential is vast. With applications in early medical diagnostics, data communication, and security technologies, this invention could also become a key tool for the study of light and matter interactions.

Depending on the application, lasers differ in the way light is amplified and produced, which determines the color of the radiation and the quality of the laser beam.

“Nanolasers are lasers that use structures a million times smaller than a millimeter to generate and amplify light, and the laser radiation is generated in an extremely tiny volume of material,” says Dr. Mindaugas Juodėnas, one of the authors of the invention.

Dec 7, 2024

South Australia has the most wind and solar and no baseload: So why is it the only state not fretting about a vulnerable grid?

Posted by in category: security

South Australia has the highest wind and solar share – an average of around 72 per cent over the last 12 months – vastly more than other state in Australia, and higher than any other gigawatt scale grid in the world.

Renewable energy critics, particularly those that don’t understand the way that grids work, instantly assume that this means South Australia’s grid must be weak and unreliable. But that is simply not true, and a new report from Australian Energy Market Operator on “system strength” underlines why this is so.

System strength is an important part of grid security, and – according to AEMO – describes the ability of the power system to maintain and control the voltage waveform at a given location, when the grid is running normally and particularly when it has to deal with a major disturbance.

Dec 7, 2024

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

Posted by in categories: robotics/AI, security

Critical flaws in MLflow, PyTorch, and more enable remote code execution, threatening AI and ML security.

Page 1 of 14812345678Last