-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Apr 28, 2023
> Ransomware, a malware that prevents or limits users from accessing their system until a ransom is paid, has become increasingly sophisticated, with cybercriminals often targeting supply chains to maximize impact by threatening the entire ecosystem of an organization that impacts multiple businesses. Shipping and Logistics companies are on the radar of cybercriminals. Phishing is the practice of cybercriminals pretending to be legitimate people or organizations to contact target businesses via email, phone, or text message. As a result, to track and monitor cargo, transportation and logistics firms increasingly rely on sensors and internet of things (IoT) gadgets. Cybercriminals have a chance because many businesses do not treat operational and IoT technology with the same level of attention as they do information technology.
> There was a very minor 4.8% increase in cybercrime density between 2021 and 2022, but Australia remained the fourth country in the world by cybercrime density in both years.
> The Xen Project has released one or more Xen security advisories (XSAs). The security of Qubes OS is not affected. Therefore, no user action is required.
> VMware this week released patches for a critical vulnerability disclosed at the Pwn2Own Vancouver 2023 hacking contest.
> Kaspersky believes that Russia-linked threat actors Tomiris and Turla are cooperating at least at a minimum level.
> Iranian hackers broke into to a system used by a local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials.
> Attackers can exploit Apache Superset installations with default configurations to gain administrator access and execute code on servers and databases.
> Last year, the number of cyber-attacks in Latvia increased by 40%, with four times more attacks on public authorities and seven times more searches for different vulnerabilities in the system. Most of these attacks were not noticed by the majority of the public, according to the body “Cert.lv” and the Latvian State Radio and Television Centre (LVRTC), Latvian Radio reported April 26.
> Russian cybercrime group FIN7 has been observed exploiting a Veeam Backup - Replication vulnerability patched in March 2023.
> From time to time and as much as my limited time permits, I often explore the Internet and my DShield logs to see if I can uncover any interesting artifacts that suggest nefarious behaviour. Time-driven events such as tax filing are also considered when I perform such hunting activities. I recently discovered one such site masquerading as the Inland Revenue Authority of Singapore (IRAS) and observed some interesting points.
> Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic.
> Most of that work cited academic studies, as opposed to attacks in the wild. So when Stanford and Georgetown convened a group of experts last summer for a workshop that informed our new report, I specifically asked if there was any doubt that real-world implementations of AI were vulnerable to malicious compromise. Or was this merely a theoretical concern? Uniformly, participants from industry and government—those developing and using AI—agreed that the problem was real. Some pointed out that there are so many vulnerabilities in digital systems that the AI in those systems is not yet an attack vector of choice, but all agreed that, with the continued incorporation of AI models into a wider range of use cases, the frequency of deep learning-based attacks will grow. Moreover, all agreed the time to begin addressing the problem is now, as new systems are being designed and new deployments are occurring. (It actually would have been better to start years ago, before AI technologies had begun to be deployed in a wide range of commercial and government contexts, but now is second best.)
-- Response ended
-- Page fetched on Sat Jun 1 07:40:21 2024