Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 103

Security experts from paluno, the Ruhr Institute for Software Technology at the University of Duisburg-Essen (UDE) have developed a new technique that, for the first time, enables fuzz testing of protected memory areas in modern processors. Their method revealed many vulnerabilities in security-critical software.

Intel’s “Software Guard Extension” (SGX) is a widely used technology to protect from misuse. It helps developers in shielding a certain memory area from the rest of a computer. A , for example, can be executed safely in such an enclave, even if the rest of the system is corrupted by malware.

However, it is not uncommon for errors to creep in during the programming of the enclaves. Already in 2020, the paluno team from Prof. Dr. Lucas Davi discovered and published several vulnerabilities in SGX enclaves. Now, together with partners form the CASA cluster of excellence, the researchers have achieved another breakthrough in the analysis techniques: Their latest development enables the fuzz testing of enclaves, which is much more effective than the previously used symbolic execution. The idea behind fuzz testing is to feed a large number of inputs into a program in order to gain insights into the structure of the code.

Read more | >

Deep learning techniques have recently proved to be highly promising for detecting cybersecurity attacks and determining their nature. Concurrently, many cybercriminals have been devising new attacks aimed at interfering with the functioning of various deep learning tools, including those for image classification and natural language processing.

Perhaps the most common among these attacks are adversarial attacks, which are designed to “fool” deep learning algorithms using data that has been modified, prompting them to classify it incorrectly. This can lead to the malfunctioning of many applications, , and other technologies that operate through .

Several past studies have shown the effectiveness of different adversarial attacks in prompting (DNNs) to make unreliable and false predictions. These attacks include the Carlini & Wagner attack, the Deepfool attack, the fast gradient sign method (FGSM) and the Elastic-Net attack (ENA).

Read more | >

When you visit a website, the page can capture your IP address, but this doesn’t necessarily give the site owner enough information to individually identify you. Instead, the hack analyzes subtle features of a potential target’s browser activity to determine whether they are logged into an account for an array of services, from YouTube and Dropbox to Twitter, Facebook, TikTok, and more. Plus the attacks work against every major browser, including the anonymity-focused Tor Browser.

“If you’re an average internet user, you may not think too much about your privacy when you visit a random website,” says Reza Curtmola, one of the study authors and a computer science professor at NJIT. “But there are certain categories of internet users who may be more significantly impacted by this, like people who organize and participate in political protest, journalists, and people who network with fellow members of their minority group. And what makes these types of attacks dangerous is they’re very stealthy. You just visit the website and you have no idea that you’ve been exposed.”

The risk that government-backed hackers and cyber-arms dealers will attempt to de-anonymize web users isn’t just theoretical. Researchers have documented a number of techniques used in the wild and have witnessed situations in which attackers identified individual users, though it wasn’t clear how.

Read more | >

Researchers at Simon Fraser University have made a crucial breakthrough in the development of quantum technology.

Their research, published in Nature today, describes their observations of more than 150,000 silicon “T center” photon-spin qubits, an important milestone that unlocks immediate opportunities to construct massively scalable quantum computers and the quantum internet that will connect them.

Quantum computing has to provide computing power well beyond the capabilities of today’s supercomputers, which could enable advances in many other fields, including chemistry, , medicine and cybersecurity.

Read more | >

A new data extortion group has been breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom.

The gang received the name Luna Moth and has been active since at least March in phishing campaigns that delivered remote access tools (RAT) that enable the corporate data theft.

Read more | >

Circa 2021

Finding and fixing bugs in code is a time-consuming, and often frustrating, part of everyday work for software developers. Can deep learning address this problem and help developers deliver better software, faster? In a new paper, Self-Supervised Bug Detection and Repair, presented at the 2021 Conference on Neural Information Processing Systems (NeurIPS 2021), we show a promising deep learning model, which we call BugLab can be taught to detect and fix bugs, without using labelled data, through a “hide and seek” game.

To find and fix bugs in code requires not only reasoning over the code’s structure but also understanding ambiguous natural language hints that software developers leave in code comments, variable names, and more. For example, the code snippet below fixes a bug in an open-source project in GitHub.

Here the developer’s intent is clear through the natural language comment as well as the high-level structure of the code. However, a bug slipped through, and the wrong comparison operator was used. Our deep learning model was able to correctly identify this bug and alert the developer.

Read more | >

A network in which data transmission is perfectly secure against hacking? If physicists have their way, this will become reality one day with the help of the quantum mechanical phenomenon known as entanglement. For entangled particles, the rule is: If you measure the state of one of the particles, then you automatically know the state of the other. It makes no difference how far away the entangled particles are from each other. This is an ideal state of affairs for transmitting information over long distances in a way that renders eavesdropping impossible.

A team led by physicists Prof. Harald Weinfurter from LMU and Prof. Christoph Becher from Saarland University have now coupled two atomic over a 33-kilometer-long fiber optic connection. This is the longest distance so far that anyone has ever managed entanglement via a telecom fiber.

The quantum mechanical entanglement is mediated via photons emitted by the two quantum memories. A decisive step was the researchers’ shifting of the wavelength of the emitted light particles to a value that is used for conventional telecommunications. “By doing this, we were able to significantly reduce the loss of photons and create entangled quantum memories even over long distances of fiber optic cable,” says Weinfurter.

Read more | >