Menu

Blog

Archive for the ‘security’ category: Page 24

Aug 29, 2023

This C++ code gets you administrator rights on vulnerable Windows 10 machine

Posted by in category: security

CVE-2023–36874 is not just any vulnerability; rather, it is a zero-day that is being actively exploited. This indicates that the vulnerability was being exploited in the wild even before any remedy was provided, and in some cases, even before it was publicly acknowledged. Because they provide a window of opportunity before updates are sent out, vulnerabilities of this kind are often among the top targets for cybercriminals.

However, taking advantage of this vulnerability is not as simple as one may first believe it to be. According to the advisory notes published by Microsoft, “An attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default.”

This significantly reduces the danger vector, but it does not remove it entirely. Because Windows is so prevalent throughout the world, even a very minor security flaw may put millions of machines at danger.

Aug 29, 2023

Jupiter X Core WordPress plugin vulnerabilities affect 172,000 websites

Posted by in categories: security, space

Accounts may be hijacked and data can be uploaded without authentication if a certain version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, is used. These vulnerabilities impact various versions of the plugin.

Jupiter X Core is a visual editor that is both simple and powerful, and it is a component of the Jupiter X theme. The Jupiter X theme is used in more than 172,000 websites.

The second flaw, identified as CVE-2023–38389, makes it possible for unauthenticated attackers to gain control of any WordPress user account so long as they are in possession of the user’s email address. The vulnerability has been given a critical severity level of 9.8 and affects all versions of Jupiter X Core beginning with 3.3.8 and below.

Aug 26, 2023

How to minimize data risk for generative AI and LLMs in the enterprise

Posted by in categories: business, governance, robotics/AI, security

Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

Enterprises have quickly recognized the power of generative AI to uncover new ideas and increase both developer and non-developer productivity. But pushing sensitive and proprietary data into publicly hosted large language models (LLMs) creates significant risks in security, privacy and governance. Businesses need to address these risks before they can start to see any benefit from these powerful new technologies.

As IDC notes, enterprises have legitimate concerns that LLMs may “learn” from their prompts and disclose proprietary information to other businesses that enter similar prompts. Businesses also worry that any sensitive data they share could be stored online and exposed to hackers or accidentally made public.

Aug 25, 2023

How AI brings greater accuracy, speed, and scale to microsegmentation

Posted by in categories: business, robotics/AI, security

Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

Microsegmentation is table stakes for CISOs looking to gain the speed, scale and time-to-market advantages that multicloud tech stacks provide digital-first business initiatives.

Gartner predicts that through 2023, at least 99% of cloud security failures will be the user’s fault. Getting microsegmentation right in multicloud configurations can make or break any zero-trust initiative. Ninety percent of enterprises migrating to the cloud are adopting zero trust, but just 22% are confident their organization will capitalize on its many benefits and transform their business. Zscaler’s The State of Zero Trust Transformation 2023 Report says secure cloud transformation is impossible with legacy network security infrastructure such as firewalls and VPNs.

Aug 23, 2023

Advances in quantum emitters mark progress toward a quantum internet

Posted by in categories: computing, internet, quantum physics, security

The prospect of a quantum internet, connecting quantum computers and capable of highly secure data transmission, is enticing, but making it poses a formidable challenge. Transporting quantum information requires working with individual photons rather than the light sources used in conventional fiber optic networks.

To produce and manipulate , scientists are turning to quantum light emitters, also known as . These atomic-scale defects in semiconductor materials can emit single photons of fixed wavelength or color and allow photons to interact with electron spin properties in controlled ways.

A team of researchers has recently demonstrated a more effective technique for creating quantum emitters using pulsed ion beams, deepening our understanding of how are formed. The work was led by Department of Energy Lawrence Berkeley National Laboratory (Berkeley Lab) researchers Thomas Schenkel, Liang Tan, and Boubacar Kanté who is also an associate professor of electrical engineering and computer sciences at the University of California, Berkeley.

Aug 18, 2023

Bigger and better quantum computers possible with new ion trap, dubbed the Enchilada

Posted by in categories: computing, economics, engineering, nuclear energy, quantum physics, security

Another concern was the dissipation of electrical power on the Enchilada Trap, which could generate significant heat, leading to increased outgassing from surfaces, a higher risk of electrical breakdown and elevated levels of electrical field noise. To address this issue, production specialists designed new microscopic features to reduce the capacitance of certain electrodes.

“Our team is always looking ahead,” said Sandia’s Zach Meinelt, the lead integrator on the project. “We collaborate with scientists and engineers to learn about the kind of technology, features and performance improvements they will need in the coming years. We then design and fabricate traps to meet those requirements and constantly seek ways to further improve.”

Sandia National Laboratories is a multimission laboratory operated by National Technology and Engineering Solutions of Sandia LLC, a wholly owned subsidiary of Honeywell International Inc., for the U.S. Department of Energy’s National Nuclear Security Administration. Sandia Labs has major research and development responsibilities in nuclear deterrence, global security, defense, energy technologies and economic competitiveness, with main facilities in Albuquerque, New Mexico, and Livermore, California.

Aug 14, 2023

The Dawn Of Humanoid Robotics: A Glimpse Into The Future

Posted by in categories: biotech/medical, robotics/AI, security

The Covid-19 pandemic has posed significant challenges to all industries, including humanoid robotics. Supply chain disruptions and labor shortages have affected development and production. However, the industry has shown resilience, finding ways to resume manufacturing and sustain revenue.

In the ever-evolving robotics industry, challenges like supply chain disruptions and labor shortages demand strategic solutions. Diversify suppliers, build strong relationships and adopt just-in-time manufacturing for resilience. Embrace remote work, upskill the workforce and leverage automation. Monitor risks, maintain buffer stock, foster innovation and network with peers. These strategies ensure the continued growth and success of robotics companies amidst adversity. By staying agile and proactive, the robotics industry can overcome obstacles and lead the way to a transformative future.

Looking ahead, the healthcare industry presents a promising avenue for the application of humanoid robots. From providing security to dispensing pharmaceuticals and assisting patients, humanoid robots could revolutionize healthcare delivery.

Aug 13, 2023

Counterfeit People. Daniel Dennett. (Special Edition)

Posted by in categories: finance, law, robotics/AI, security

Please check out Numerai — our sponsor using our link @
http://numer.ai/mlst.

Numerai is a groundbreaking platform which is taking the data science world by storm. Tim has been using Numerai to build state-of-the-art models which predict the stock market, all while being a part of an inspiring community of data scientists from around the globe. They host the Numerai Data Science Tournament, where data scientists like us use their financial dataset to predict future stock market performance.

Continue reading “Counterfeit People. Daniel Dennett. (Special Edition)” »

Aug 12, 2023

This code lets hackers remotely play music on Lexmark printers and spy on users

Posted by in categories: internet, media & arts, security

Researchers in the field of information security at Horizon3 have made public the proof-of-concept (PoC) code for a major privilege escalation vulnerability (CVE-2023–26067) found in Lexmark printers. On a device that has not been patched, this vulnerability, which has a CVSS score of 8.0, might enable an attacker to get elevated access if the device is not updated.

Incorrect validation of user-supplied information is what led to the vulnerability in the system. This vulnerability might be exploited by the attacker by having the attacker make a specially crafted request to the printer. Once the vulnerability has been exploited, the attacker has the potential to get escalated rights on the device, which might give them the ability to execute arbitrary code, spill credentials, or obtain a reverse shell.

Configurations prone to vulnerability An initial Setup Wizard is shown on the display of the user’s Lexmark printer the very first time it is turned on by the user. This wizard walks the user through the process of configuring several system settings, such as the language, as well as giving them the opportunity to setup an administrative user. If the user makes the selection “Set Up Later,” the printer will provide “Guest” users access to all of the features and pages available through the web interface of the printer. If the user selects “Set up Now,” the printer will prevent them from accessing a significant portion of their accessible capability until they have authenticated themselves.

Aug 12, 2023

Code exploiting two critical PHP(< 8.0.30) vulnerabilities published

Posted by in category: security

PHP is a widely used programming language that is put to use in the production of dynamic web pages. On the other hand, much like any other program, it is not completely safe from security flaws. CVE-2023–3823 and CVE-2023–3824 are the names of two new security flaws that have been identified in PHP during the course of the last several months.

An information disclosure vulnerability known as CVE-2023–3823 exists in PHP applications and makes it possible for a remote attacker to access sensitive data stored inside such applications. Inadequate validation of the XML input given by the user is the root cause of the vulnerability. This vulnerability might be exploited by the attacker by having them transmit a specially designed piece of XML code to the program. The program would then proceed to parse the code, at which point the attacker would be able to obtain access to sensitive information such as the contents of arbitrary files on the system or the results of queries made to external sources.

This issue may affect any program, library, or service that interacts with XML documents in any way, including processing or communicating with them. Because to the hard work done by nickvergessen, a security researcher, who also released the proof-of-concept.

Page 24 of 142First2122232425262728Last