The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) reported a 45% increase in cryptocurrency-related scams in 2023
Monthly Archives: September 2024
Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures
ISC2 found that the cybersecurity workforce gap is now at 4.8 million, a 19% increase from 2023
Poland’s Supreme Court Blocks Pegasus Spyware Probe
The Polish Supreme Court has ruled that a parliamentary commission investigating the previous government’s use of the Pegasus spyware was unconstitutional
Evaluating the Effectiveness of Reward Modeling of Generative AI Systems
New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values:
Abstract: Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training reward models (RMs) on binary preferences and using these RMs to fine-tune the base LMs. Despite its importance, the internal mechanisms of RLHF remain poorly understood. This paper introduces new metrics to evaluate the effectiveness of modeling and aligning human values, namely feature imprint, alignment resistance and alignment robustness. We categorize alignment datasets into target features (desired values) and spoiler features (undesired concepts). By regressing RM scores against these features, we quantify the extent to which RMs reward them a metric we term feature imprint. We define alignment resistance as the proportion of the preference dataset where RMs fail to match human preferences, and we assess alignment robustness by analyzing RM responses to perturbed inputs. Our experiments, utilizing open-source components like the Anthropic preference dataset and OpenAssistant RMs, reveal significant imprints of target features and a notable sensitivity to spoiler features. We observed a 26% incidence of alignment resistance in portions of the dataset where LM-labelers disagreed with human preferences. Furthermore, we find that misalignment often arises from ambiguous entries within the alignment dataset. These findings underscore the importance of scrutinizing both RMs and alignment datasets for a deeper understanding of value alignment.
Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details
A man from New York City has admitted to computer hacking and associated crimes after being caught with a laptop containing hundreds of thousands of stolen payment card details.
Read more in my article on the Hot for Security blog.
UK’s ICO and NCA Sign Memorandum to Boost Reporting and Resilience
The Information Commissioner’s Office and National Crime Agency have cemented ties with a memorandum of understanding
Microsoft Fixes Four Actively Exploited Zero-Days
September’s Patch Tuesday fix-list features scores of CVEs including four zero-day vulnerabilities
ruby-3.2.5-183.fc39
FEDORA-2024-2fb325d068
Packages in this update:
ruby-3.2.5-183.fc39
Update description:
Upgrade to Ruby 3.2.5.
ZDI-24-1211: Ivanti Endpoint Manager WasPreviouslyMapped SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is required if the attacker has administrative credentials to the application. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8191.
ZDI-24-1212: Ivanti Endpoint Manager ImportXml XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-37397.