Lifeboat Foundation

In real-world attacks, “a simple scenario… would have an attacker infiltrating a manufacturing network via an RCE on an exposed IoT device then causing a production line to stop by causing a DoS on an industrial controller,” Daniel dos Santos, research manager at Forescout Research Labs, said. “Similarly, the attacker could switch off the lights of a target company by leveraging a vulnerable building automation controller.”

Many of the Name: Wreck vulnerabilities stem from DNS implementations of a protocol feature called message compression. Message compression reduces the size of DNS messages, due to DNS response packets often including the same domain name. This compression mechanism has been problematic to implement on products for 20 years, said researchers, causing issues on DNS servers, enterprise devices and, more recently, TCP/IP stacks. Forescout researchers disclosed three flaws relating to message compression during previous research into TCP/IP vulnerabilities (particularly the Ripple20 and AMNESIA:33 sets of flaws). Consequently, they hunted for other similar types of flaws in other protocol stacks.

As part of the ensuing Name: Wreck research, researchers found DNS message compression vulnerabilities in four popular TCP/IP stacks, including FreeBSD (version 12.1), IPnet (version VxWorks 6.6), NetX (version 6.0.1) and Nucleus Net (version 4.3). The most critical flaws exist in FreeBSD, popular IT software used by high-performance servers in millions of IT networks, including major websites such as Netflix and Yahoo; and in Siemens’ Nucleus NET firmware, which has been used for decades by critical OT and Internet-of-Things (IoT) devices.

Microsoft has released patches for a Windows bug that is being exploited in the wild and for four new Exchange vulnerabilities.

Up to 97 percent of organizations reported facing mobile threats that used multiple attack vectors during 2020, as cybercriminals continue to adopt new tactics to target mobile devices.

MIT Technology Review Insights, in association with AI cybersecurity company Darktrace, surveyed more than 300 C-level executives, directors, and managers worldwide to understand how they’re addressing the cyberthreats they’re up against—and how to use AI to help fight against them.

Cyberattacks continue to grow in prevalence and sophistication. With the ability to disrupt business operations, wipe out critical data, and cause reputational damage, they pose an existential threat to businesses, critical services, and infrastructure. Today’s new wave of attacks is outsmarting and outpacing humans, and even starting to incorporate artificial intelligence (AI). What’s known as “offensive AI” will enable cybercriminals to direct targeted attacks at unprecedented speed and scale while flying under the radar of traditional, rule-based detection tools.

Some of the world’s largest and most trusted organizations have already fallen victim to damaging cyberattacks, undermining their ability to safeguard critical data. With offensive AI on the horizon, organizations need to adopt new defenses to fight back: the battle of algorithms has begun.

Continue reading “Preparing for AI-enabled cyberattacks” »

Controversy has shrouded the once-common plasticizer BPA since studies started to highlight its links to a whole range of adverse health effects in humans, but recent research has also shown that its substitutes mightn’t be all that safe either. A new study has investigated how these compounds impact nerve cells in the adult brain, with the authors finding that they likely permanently disrupt signal transmission, and also interfere with neural circuits involved in perception.

BPA, or bisphenol A, is a chemical that has been commonly used in food, beverage and other types of packaging for decades, but experts have grown increasingly concerned that it can leech into these consumables and impact human health in ways ranging from endocrine dysfunction to cancer. This came on the back of scientific studies revealing such links dating back to the 1990s, which in turn saw the rise of “BPA-free” plastics as a safer alternative.

One of those alternatives is bisphenol S (BPS), and while it allows plastic manufacturers to slap a BPA-free label on their packaging, more and more research is demonstrating that it mightn’t be much better for us. As just one example, a study last year showed through experiments on mice that just like BPA, BPS can alter the expression of genes in the placenta and likely fundamentally disrupt fetal brain development.

Broadcom will deliver its enterprise software portfolio starting with Symantec via Google Cloud. DevOps and the former CA Technologies applications will also move over.

https://youtu.be/Jd2GK0qDtRg

Microsoft Mesh enables presence and shared experiences from anywhere – on any device – through mixed reality applications.

Mesh allows for connections with new depth and dimension. As digital intelligence comes to the real world, we’re now able to see, share, and collaborate on content that persists. This common understanding ignites ideas, sparks creativity, and forms powerful bonds.

Continue reading “Introducing Microsoft Mesh” »

Bill Whitaker reports on the Pentagon projects that helped combat COVID-19 and may help end pandemics forever.

On April 13, 2021, Astrobotic announced that the Falcon Heavy rocket will launch the Griffin lander carrying NASA’s Volatiles Investigating Polar Exploration Rover (VIPER) to the moon.

Credit: Space.com | footage & animations: SpaceX & Astrobotic | produced & edited by Steve Spaleta (http://www.twitter.com/stevespaleta)