Lifeboat Foundation

Malicious packages lurking in open-source repositories. Discover how DLL side-loading is the latest technique used to evade security software.

An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.

Biometric fingerprint security is widespread and widely trusted. If things continue as they are, it is thought that the fingerprint authentication market will be worth nearly $100 billion by 2032. However, organizations and people have become increasingly aware that attackers might want to steal their fingerprints, so some have started to be careful about keeping their fingerprints out of sight, and become sensitive to photos showing their hand details.

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations.

The flaw, tracked as CVE-2024–25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6.

It has been addressed by the theme developers in version 1.9.6.1 released on February 13, 2024, merely days after WordPress security provider Snicco reported the flaw on February 10.

RFID tags are commonly used to verify the authenticity of products, but they have some drawbacks. They are relatively large, expensive, and vulnerable to counterfeiting. A team of MIT engineers has developed a new type of ID tag that overcomes these limitations by using terahertz waves, which are smaller and faster than radio waves.

The new tag is a cryptographic chip several times smaller and cheaper than RFID tags. It also offers improved security, using the unique pattern of metal particles in the glue that attaches the tag to the item as a fingerprint. This way, the authentication system will detect tampering if someone tries to peel off the tag and stick it to a fake item.

OpenAI is looking to hire an “insider risk investigator” to “fortify our organization against internal security threats.”

According to the company’s job listing, first spotted by MSPowerUser, the gumshoe is supposed to help the company safeguard its assets by “analyzing anomalous activities, promoting a secure culture, and interacting with various departments to mitigate risks.” Per the Wayback Machine, the job listing has been up since mid-January.

“You’ll play a crucial role in safeguarding OpenAI’s assets by analyzing anomalous activities, promoting a secure culture, and interacting with various departments to mitigate risks,” the listing reads. “Your expertise will be instrumental in protecting OpenAI against internal risks, thereby contributing to the broader societal benefits of artificial intelligence.”

CISA has identified a medium-severity security flaw affecting Roundcube email software, categorized as CVE-2023–43770.

An air traffic controller’s routine can be disrupted by an aircraft that requires special handling. This could range from an emergency to priority handling of medical flights or Air Force One. Controllers are given the responsibility and the flexibility to adapt how they manage their airspace.

The requirements for the front line of air traffic control are a poor match for AI’s capabilities. People expect air traffic to continue to be the safest complex, high-technology system ever. It achieves this standard by adhering to procedures when practical, which is something AI can do, and by adapting and exercising good judgment whenever something unplanned occurs or a new operation is implemented – a notable weakness of today’s AI.

Indeed, it is when conditions are the worst – when controllers figure out how to handle aircraft with severe problems, airport crises or widespread airspace closures due to security concerns or infrastructure failures – that controllers’ contributions to safety are the greatest.

Imagine stepping into an airport where queues are relics of the past, replaced by seamless journeys orchestrated by intelligent machines. This isn’t science fiction – it’s the dawn of Airport 4.0, the cognitive era where airports transform from transit hubs into dynamic, personalized experiences.

As a frequent traveler myself, I’ve spent countless hours navigating the labyrinthine world of airports. The frustration of long lines, the stress of security checks, the wasted time waiting – it’s all too familiar. But Airport 4.0 paints a radically different picture. Facial recognition whisks me past security, AI-powered apps anticipate my needs, and personalized recommendations guide me to hidden gems within the terminal. This isn’t just a convenience; it’s a paradigm shift that unlocks a world of possibilities. Today, as we stand on the brink of the cognitive era, I’m keen to share my insights on how Airport 4.0 is reshaping the future of air travel, making it not just a journey from A to B but an experience in its own right.

A new report on Future of Airports from Markets and Markets Foresighting team delves into what will be a future airport.

NinjaOne, a startup offering tools to manage and secure endpoints in enterprise settings, has raised $231.5 million at a $1.9 billion valuation.