Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

Electronic systems – from the processors powering smartphones to the embedded devices keeping the Internet of Things humming – have become a critical part of daily life. The security of these systems is of paramount importance to the Department of Defense (DoD), commercial industry, and beyond. To help protect these systems from common means of exploitation, DARPA launched the System Security Integration Through Hardware and Firmware (SSITH) program in 2017. Instead of relying on patches to ensure the safety of our software applications, SSITH seeks to address the underlying hardware vulnerabilities at the source. Research teams are developing hardware security architectures and tools that protect electronic systems against common classes of hardware vulnerabilities exploited through software.

To help harden the SSITH hardware security protections in development, DARPA today announced its first ever bug bounty program called, the Finding Exploits to Thwart Tampering (FETT) Bug Bounty. FETT aims to utilize hundreds of ethical researchers, analysts, and reverse engineers to deep dive into the hardware architectures in development and uncover potential vulnerabilities or flaws that could weaken their defenses. DARPA is partnering with the DoD’s Defense Digital Service (DDS) and Synack, a trusted crowdsourced security company on this effort. In particular, FETT will utilize Synack’s existing community of vetted, ethical researchers as well as artificial intelligence (AI) and machine learning (ML) enabled technology along with their established vulnerability disclosure process to execute the crowdsourced security engagement.

Bug bounty programs are commonly used to assess and verify the security of a given technology, leveraging monetary rewards to encourage hackers to report potential weaknesses, flaws, or bugs in the technology. This form of public Red Teaming allows organizations or individual developers to address the disclosed issues, potentially before they become significant security challenges.

Read more | >

U.S. Cyber Command’s new training platform is slated to deliver the second iteration this fall providing additional capabilities and user capacity, program officials said.

The Persistent Cyber Training Environment (PCTE) is an online client that allows Cyber Command’s warriors to log on from anywhere in the world to conduct individual or collective cyber training as well as mission rehearsal. The program is being run by the Army on behalf of the joint cyber force and Cyber Command.

Officials delivered the first version of the program to Cyber Command in February and the environment was used for the first time in Cyber Command’s premier annual tier 1 exercise Cyber Flag in June. The second version is expected to include additional capabilities, including allowing more users to conduct team or individual training.

Read more | >

:3333

Quantum computers (QC) are poised to drive important advances in several domains, including medicine, material science and internet security. While current QC systems are small, several industry and academic efforts are underway to build large systems with many hundred qubits.

Towards this, computer scientists at Princeton University and physicists from Duke University collaborated to develop methods to design the next generation of quantum computers. Their study focused on QC systems built using trapped ion (TI) technology, which is one of the current front-running QC hardware technologies. By bringing together computer architecture techniques and device simulations, the team showed that co-designing near-term hardware with applications can potentially improve the reliability of TI systems by up to four orders of magnitude.

Their study was conducted as a part of the Software-Tailored Architecture for Quantum co-design (STAQ) project, an NSF funded collaborative research effort to build an trapped-ion quantum computer and the NSF CISE Expedition in Computing Enabling Practical-Scale Quantum Computing (EPiQC) project. It was published recently in the 2020 ACM/IEEE International Symposium on Computer Architecture.

Read more | >

Last year’s Netflix movie The Great Hack detailed the dark side of data collection, centered around the 2016 Cambridge Analytica scandal. The movie describes how “psychometric profiles” exist for you, me, and all of our friends. The data collected from our use of digital services can be packaged in a way that gives companies insight into our habits, preferences, and even our personalities. With this information, they can do anything from show us an ad for a pair of shoes we’ll probably like to try to change our minds about which candidate to vote for in an election.

With so much of our data already out there, plus the fact that most of us will likely keep using the free apps we’ve enjoyed for years, could it be too late to try to fundamentally change the way this model works?

Maybe not. Think of it this way: we have a long, increasingly automated and digitized future ahead of us, and data is only going to become more important, valuable, and powerful with time. There’s a line (which some would say we’ve already crossed) beyond which the amount of data companies have access to and the way they can manipulate it for their benefit will become eerie and even dystopian.

Read more | >

The FBI is concerned that AI is being used to create deepfake videos that are so convincing they cannot be distinguished from reality.

The alarm was sounded by an FBI executive at a WSJ Pro Cybersecurity Symposium held recently in San Diego. “What we’re concerned with is that, in the digital world we live in now, people will find ways to weaponize deep-learning systems,” stated Chris Piehota, executive assistant director of the FBI’s science and technology division, in an account in WSJPro.

The technology behind deepfakes and other disinformation tactics are enhanced by AI. The FBI is concerned natural security could be compromised by fraudulent videos created to mimic public figures. “As the AI continues to improve and evolve, we’re going to get to a point where there’s no discernible difference between an AI-generated video and an actual video,” Piehota stated.

Read more | >

Amazon Web Services recently had to defend against a DDoS attack with a peak traffic volume of 2.3 Tbps, the largest ever recorded, ZDNet reports. Detailing the attack in its Q1 2020 threat report, Amazon said that the attack occurred back in February, and was mitigated by AWS Shield, a service designed to protect customers of Amazon’s on-demand cloud computing platform from DDoS attacks, as well as from bad bots and application vulnerabilities. The company did not disclose the target or the origin of the attack.

To put that number into perspective, prior to February of this year, ZDNet notes that the largest DDoS attack recorded was back in March 2018, when NetScout Arbor mitigated a 1.7 Tbps attack. The previous month, GitHub disclosed that it had been hit by an attack with a peak of 1.35 Tbps.

Read more | >

Intel Corporation announced Monday that its forthcoming Tiger Lake processors will pack a defense mechanism against Spectre-type malware attacks.

Spectre vulnerabilities allowed hackers to break into systems using Intel processors manufactured over two decades and steal passwords, personal photos, emails and other sensitive data stored in the memory of other running programs.

Such hijacking attacks have always been difficult to mitigate through . Intel’s new Control-Flow Enforcement Technology (Intel CET) will install CPU-level defense mechanisms to combat such assaults.

Read more | >