Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 190

Software detects backdoor attacks on facial recognition

As the U.S. Army increasingly uses facial and object recognition to train artificial intelligent systems to identify threats, the need to protect its systems from cyberattacks becomes essential.

An Army project conducted by researchers at Duke University and led by electrical and computer engineering faculty members Dr. Helen Li and Dr. Yiran Chen, made significant progress toward mitigating these types of attacks. Two members of the Duke team, Yukun Yang and Ximing Qiao, recently took first prize in the Defense category of the CSAW ‘19 HackML competition.

“Object recognition is a key component of future intelligent systems, and the Army must safeguard these systems from cyberattacks,” said MaryAnne Fields, program manager for intelligent systems at the Army Research Office. “This work will lay the foundations for recognizing and mitigating backdoor attacks in which the data used to train the system is subtly altered to give incorrect answers. Safeguarding object recognition systems will ensure that future Soldiers will have confidence in the intelligent systems they use.”

‘We want to win the next war’: US Army will revamp cyber operations to counter Russia and China

As warfare continues to enter the digital realm, the Army plans to transform its cyber operations branch into a full-scale information warfare command, according to a top U.S. general.

The service will convert Cyber Command into the Army Information Warfare Command, Army Chief of Staff Gen. James McConville said at a panel on Tuesday. It’s one of the several modernization efforts the Army is taking on to counter “great power” opponents like Russia and China.

“We’re recognizing the importance of information operations, so our Cyber Command is going to become an information warfare command,” McConville said.

Microsoft, NSA say security bug affects millions of Windows 10 computers

Microsoft has released a security patch for a dangerous vulnerability affecting hundreds of millions of computers running Windows 10.

The vulnerability is found in a decades-old Windows cryptographic component, known as CryptoAPI. The component has a range of functions, one of which allows developers to digitally sign their software, proving that the software has not been tampered with. But the bug may allow attackers to spoof legitimate software, potentially making it easier to run malicious software — like ransomware — on a vulnerable computer.

“The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider,” Microsoft said.

U.S. Government Issues Powerful Security Alert: Upgrade VPN Or Expect Cyber-Attacks

The United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert that strongly urges users and administrators alike to update a VPN with long-since disclosed critical vulnerabilities. “Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability,” the CISA alert warns, “can become compromised in an attack.” What has dictated the need for this level of Government agency interest and the urgency of the language used? The simple answer is the ongoing Travelex foreign currency exchange cyber-attack, thought to have been facilitated by no less than seven VPN servers that were late in being patched against this critical vulnerability. The vulnerability in question is CVE-2019–11510, first disclosed way back in April 2019 when Pulse Secure VPN also released a patch to fix it.

Critical VPN security vulnerability timeline

The CISA alert provides a telling timeline that outlines how the Pulse Secure VPN critical vulnerability, CVE-2019–11510, became such a hot security potato. Pulse Secure first released an advisory regarding the vulnerabilities in the VPN on April 24, 2019. “Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS),” that advisory warned, “this includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform a remote arbitrary file access on the Pulse Connect Secure gateway.” An upgrade patch to fix the problem, which had been rated as critical, was made available at the same time. Warning users that the vulnerabilities posed a “significant risk to your deployment,” Pulse Secure recommended patching as soon as possible.

Cyber Threats To North American Power Grid Are Growing

Threats of cyber attacks on North America’s electric network systems are growing, industrial cybersecurity firm Dragos said in a new report this week.

This year, the firm has identified two groups, Magnallium and Xenotime, which are increasingly probing to compromise electric assets in North America, expanding their targeting from the oil and gas sector to include electric assets.

“This underscores the trend in threats expanding from single-vertical ICS operations to multi-vertical ICS operations we observe from adversaries targeting industrial entities,” Dragos said in its report.

US Govt Warns of Attacks on Unpatched Pulse VPN Servers

The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability.

This warning follows another alert issued by CISA in October 2019, and others coming from the National Security Agency (NSA), the Canadian Centre for Cyber Security, and UK’s National Cyber Security Center (NCSC).

Pulse Secure reported the vulnerability tracked as CVE-2019–11510 and disclosed by Orange Tsai and Meh Chang from the DEVCORE research team, and by Jake Valletta from FireEye in an April 2019 out-of-cycle advisory.