Lifeboat Foundation

⚠️ Over 7,100 WordPress sites have been hit by the ‘Balada Injector’ malware, which exploits sites using a vulnerable version of the Popup Builder plugin. Read More ➡️ https://thehackernews.com/2024/01/balada-injector-infects-over-7100.htm

Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector.

First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws WordPress plugins to inject backdoor designed to redirect visitors of infected sites to bogus tech support pages, fraudulent lottery wins, and push notification scams.

Continue reading “Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability” »

https://arstechnica.com/security/2024/01/a-previously-unknow…or-a-year/ # Linux Comments: https://news.ycombinator.com/item?id=38942102

Based on Mirai malware, self-replicating NoaBot installs cryptomining app on infected devices.

Adversaries can deliberately confuse or even “poison” artificial intelligence (AI) systems to make them malfunction—and there’s no foolproof defense that their developers can employ. Computer scientists from the National Institute of Standards and Technology (NIST) and their collaborators identify these and other vulnerabilities of AI and machine learning (ML) in a new publication.

Their work, titled Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, is part of NIST’s broader effort to support the development of trustworthy AI, and it can help put NIST’s AI Risk Management Framework into practice. The publication, a collaboration among government, academia, and industry, is intended to help AI developers and users get a handle on the types of attacks they might expect along with approaches to mitigate them—with the understanding that there is no silver bullet.

“We are providing an overview of attack techniques and methodologies that consider all types of AI systems,” said NIST computer scientist Apostol Vassilev, one of the publication’s authors. “We also describe current mitigation strategies reported in the literature, but these available defenses currently lack robust assurances that they fully mitigate the risks. We are encouraging the community to come up with better defenses.”

Adam Stern is Founder and CEO of Infinitely Virtual, provider of cloud technology solutions, based in Los Angeles. Twitter: @iv_cloudhosting

Back in the 1960s, when the U.S. faced off against the Soviets, MAD Magazine initiated a snarky proxy war in the form of a recurring comic strip that pitted two animated spies attempting to outsmart each other. In “Spy vs. Spy,” there were no permanent victors.

Fast forward to the ChatGPT generation. In cybersecurity, it’s AI vs AI now, and the black-hatted figure versus the guy in the white hat is no longer as binary as it once was.

This post is also available in: עברית (Hebrew)

A new report by Computer scientists from the National Institute of Standards and Technology presents new kinds of cyberattacks that can “poison” AI systems.

AI systems are being integrated into more and more aspects of our lives, from driving vehicles to helping doctors diagnose illnesses to interacting with customers as online chatbots. To perform these tasks the models are trained on vast amounts of data, which in turn helps the AI predict how to respond in a given situation.

The required precision to perform quantum simulations beyond the capabilities of classical computers imposes major experimental and theoretical challenges. The key to solving these issues are highly precise ways of characterizing analog quantum sim ulators. Here, we robustly estimate the free Hamiltonian parameters of bosonic excitations in a superconducting-qubit analog quantum simulator from measured time-series of single-mode canonical coordinates. We achieve the required levels of precision in estimating the Hamiltonian parameters by maximally exploiting the model structure, making it robust against noise and state-preparation and measurement (SPAM) errors. Importantly, we are also able to obtain tomographic information about those SPAM errors from the same data, crucial for the experimental applicability of Hamiltonian learning in dynamical quantum-quench experiments. Our learning algorithm is highly scalable both in terms of the required amounts of data and post-processing. To achieve this, we develop a new super-resolution technique coined tensorESPRIT for frequency extraction from matrix time-series. The algorithm then combines tensorESPRIT with constrained manifold optimization for the eigenspace reconstruction with pre-and post-processing stages. For up to 14 coupled superconducting qubits on two Sycamore processors, we identify the Hamiltonian parameters — verifying the implementation on one of them up to sub-MHz precision — and construct a spatial implementation error map for a grid of 27 qubits. Our results constitute a fully characterized, highly accurate implementation of an analog dynamical quantum simulation and introduce a diagnostic toolkit for understanding, calibrating, and improving analog quantum processors.

Submitted 18 Aug 2021 to Quantum Physics [quant-ph]

Subjects: quant-ph cond-mat.quant-gas physics.comp-ph.

The secure quantum communication covered a distance of about 4,000 kilometers using China’s quantum satellite Mozi.

Scientists in Russia and China have established quantum communication encrypted with the help of secure keys transmitted by China’s quantum satellite, reports SCMP.

READ MORE: Suspected cyberattack renders most gas stations in Iran out of service

The hacking of the Municipal Water Authority of Aliquippa is prompting new warnings from U.S. security officials at a time when states and the federal government are wrestling with how to harden water utilities against cyberattacks.

The danger, officials say, is hackers gaining control of automated equipment to shut down pumps that supply drinking water or contaminate drinking water by reprogramming automated chemical treatments. Besides Iran, other potentially hostile geopolitical rivals, including China, are viewed by U.S. officials as a threat.

Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11.

The approach “leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL search order hijacking technique,” cybersecurity firm Security Joes said in a new report exclusively shared with The Hacker News.

Continue reading “New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections” »