Menu

Blog

Archive for the ‘security’ category: Page 2

Apr 11, 2022

Cloud server leasing can leave sensitive data up for grabs

Posted by in categories: business, computing, engineering, security, space

Renting space and IP addresses on a public server has become standard business practice, but according to a team of Penn State computer scientists, current industry practices can lead to “cloud squatting,” which can create a security risk, endangering sensitive customer and organization data intended to remain private.

Cloud squatting occurs when a company, such as your bank, leases space and IP addresses—unique addresses that identify individual computers or computer networks—on a public server, uses them, and then releases the space and addresses back to the public server company, a standard pattern seen every day. The public server company, such as Amazon, Google, or Microsoft, then assigns the same addresses to a second company. If this second company is a bad actor, it can receive information coming into the address intended for the original company—for example, when you as a customer unknowingly use an outdated link when interacting with your bank—and use it to its advantage—cloud squatting.

“There are two advantages to leasing server space,” said Eric Pauley, doctoral candidate in computer science and engineering. “One is a cost advantage, saving on equipment and management. The other is scalability. Leasing server space offers an unlimited pool of computing resources so, as workload changes, companies can quickly adapt.” As a result, the use of clouds has grown exponentially, meaning almost every website a user visits takes advantage of cloud computing.

Apr 11, 2022

GitHub can now alert of supply-chain bugs in new dependencies

Posted by in category: security

GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities.

This is achieved by adding the new Dependency Review GitHub Action to an existing workflow in one of your projects. You can do it through your repository’s Actions tab under Security or straight from the GitHub Marketplace.

It works with the help of an API endpoint that will help you understand the security impact of dependency changes before adding them to your repository at every pull request.

Continue reading “GitHub can now alert of supply-chain bugs in new dependencies” »

Apr 10, 2022

Responsible AI in a Global Context

Posted by in categories: business, economics, governance, policy, robotics/AI, security

CSIS will host a public event on responsible AI in a global context, featuring a moderated discussion with Julie Sweet, Chair and CEO of Accenture, and Brad Smith, President and Vice Chair of the Microsoft Corporation, on the business perspective, followed by a conversation among a panel of experts on the best way forward for AI regulation. Dr. John J. Hamre, President and CEO of CSIS, will provide welcoming remarks.

Keynote Speakers:
Brad Smith, President and Vice Chair, Microsoft Corporation.
Julie Sweet, Chair and Chief Executive Officer, Accenture.

Continue reading “Responsible AI in a Global Context” »

Apr 10, 2022

Warning for Samsung users as pre-installed app could let hacker control phone

Posted by in categories: mobile phones, security

MILLIONS of owners of the Samsung Galaxy smartphone face a security threat.

Those with an Android version 9 through 12 are at risk.

Researchers at Kryptowire published a report detailing how they discovered a serious vulnerability in the pre-installed Phone app across multiple models that could enable a hacker to take control of someone’s phone, Forbes reported.

Apr 10, 2022

Artificial intelligence is already upending geopolitics

Posted by in categories: biotech/medical, ethics, law, nanotechnology, robotics/AI, security

The TechCrunch Global Affairs Project examines the increasingly intertwined relationship between the tech sector and global politics.

Geopolitical actors have always used technology to further their goals. Unlike other technologies, artificial intelligence (AI) is far more than a mere tool. We do not want to anthropomorphize AI or suggest that it has intentions of its own. It is not — yet — a moral agent. But it is fast becoming a primary determinant of our collective destiny. We believe that because of AI’s unique characteristics — and its impact on other fields, from biotechnologies to nanotechnologies — it is already threatening the foundations of global peace and security.

The rapid rate of AI technological development, paired with the breadth of new applications (the global AI market size is expected to grow more than ninefold from 2020 to 2028) means AI systems are being widely deployed without sufficient legal oversight or full consideration of their ethical impacts. This gap, often referred to as the pacing problem, has left legislatures and executive branches simply unable to cope.

Mar 29, 2022

VPNs are digital ‘snake oil,’ expert claims — here’s why

Posted by in category: security

Here’s the true pros and cons of VPNs.


Don’t believe all the exaggerated claims that VPNs make about protecting your privacy and security, experts say.

Mar 24, 2022

Using just a laptop, an encryption code designed to prevent a quantum computer attack was cracked in just 53 hours

Posted by in categories: computing, encryption, quantum physics, security

Tech institutions are trying to find ways to guarantee security as new processing systems becoming increasingly sophisticated.

Mar 18, 2022

Dozens of budget Android phones are at risk due to a critical security flaw

Posted by in categories: mobile phones, security

The vulnerability could provide hackers with an easy method to take over your phone.

Mar 15, 2022

New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access

Posted by in categories: computing, security

A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic.

Tracked as CVE-2022–25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter subcomponent in the kernel. The issue was discovered by Nick Gregory, a senior threat researcher at Sophos.

Mar 14, 2022

Warning: Objects in driverless car sensors may be closer than they appear

Posted by in categories: robotics/AI, security, transportation

Researchers at Duke University have demonstrated the first attack strategy that can fool industry-standard autonomous vehicle sensors into believing nearby objects are closer (or further) than they appear without being detected.

The research suggests that adding optical 3D capabilities or the ability to share data with nearby cars may be necessary to fully protect from attacks.

The results will be presented Aug. 10–12 at the 2022 USENIX Security Symposium, a top venue in the field.

Page 2 of 9112345678Last