Read Time:4 Second
Kaspersky’s findings revealed phishing pages posing as vendors, enticing users with discounts
Daily Archives: March 25, 2024
UK Blames China for 2021 Hack Targeting Millions of Voters’ Data
Read Time:6 Second
The UK’s NCSC assesses that China-backed APT31 was “almost certainly” responsible for hacking the email accounts of UK parliamentarians
USN-6714-1: Debian Goodies vulnerability
Read Time:8 Second
It was discovered that debmany in Debian Goodies incorrectly handled certain
deb files. An attacker could possibly use this issue to execute arbitrary shell
commands.
biosig4c++-2.6.0-3.fc40
Read Time:21 Second
FEDORA-2024-ff6a72d8e9
Packages in this update:
biosig4c++-2.6.0-3.fc40
Update description:
2.6.0 – Security Update
BrainVisionMarker
fixes CVE-2024-23305
BrainVision: proved parser and sanity checks
fixes CVE-2024-22097, CVE-2024-23809
EGI
fixes CVE-2024-21795
FAMOS: disabled, support can be enabled by setting BIOSIG_FAMOS_TRUST_INPUT=1
mitigate vulnerabilities CVE-2024-21812, CVE-2024-23313, CVE-2024-23310, CVE-2024-23606
USN-6713-1: QPDF vulnerability
Read Time:14 Second
It was discovered that QPDF incorrectly handled certain memory operations
when decoding JSON files. If a user or automated system were tricked into
processing a specially crafted JSON file, QPDF could be made to crash,
resulting in a denial of service, or possibly execute arbitrary code.
USN-6712-1: Net::CIDR::Lite vulnerability
Read Time:9 Second
It was discovered that Net::CIDR::Lite incorrectly handled extra zero
characters at the beginning of IP address strings. A remote attacker could
possibly use this issue to bypass access controls.
Ransomware: lessons all companies can learn from the British Library attack
Read Time:15 Second
In October 2023, the British Library suffered “one of the worst cyber incidents in British history,” as described by Ciaran Martin, ex-CEO of the National Cyber Security Centre (NCSC).
What lessons can other organisations learn from the ransomware attack?
Read more in my article on the Exponential-e blog.
Licensing AI Engineers
Read Time:1 Minute, 9 Second
The debate over professionalizing software engineers is decades old. (The basic idea is that, like lawyers and architects, there should be some professional licensing requirement for software engineers.) Here’s a law journal article recommending the same idea for AI engineers.
This Article proposes another way: professionalizing AI engineering. Require AI engineers to obtain licenses to build commercial AI products, push them to collaborate on scientifically-supported, domain-specific technical standards, and charge them with policing themselves. This Article’s proposal addresses AI harms at their inception, influencing the very engineering decisions that give rise to them in the first place. By wresting control over information and system design away from companies and handing it to AI engineers, professionalization engenders trustworthy AI by design. Beyond recommending the specific policy solution of professionalization, this Article seeks to shift the discourse on AI away from an emphasis on light-touch, ex post solutions that address already-created products to a greater focus on ex ante controls that precede AI development. We’ve used this playbook before in fields requiring a high level of expertise where a duty to the public welfare must trump business motivations. What if, like doctors, AI engineers also vowed to do no harm?
I have mixed feelings about the idea. I can see the appeal, but it never seemed feasible. I’m not sure it’s feasible today.
USN-6711-1: CRM shell vulnerability
Read Time:9 Second
Vincent Berg discovered that CRM shell incorrectly handled certain commands.
An local attacker could possibly use this issue to execute arbitrary code
via shell code injection to the crm history commandline.
Police Bust Multimillion-Dollar Holiday Fraud Gang
Read Time:4 Second
Law enforcers have arrested nine suspected members of a prolific cyber-fraud gang