БЛОГ

Archive for the ‘security’ category: Page 40

Jan 18, 2023

Copenhagen Atomics submits molten salt SMR design

Posted by in categories: business, nuclear energy, security

UK Atomics, a subsidiary of the company applied to the UK Department for Business, Energy and Industrial Strategy (BEIS) for a GDA by the Office for Nuclear Regulation (ONR) and the Environment Agency (EA). This assessment aims to assess the safety, security, and environmental protection aspects of any nuclear power plant design that is intended to be deployed in the UK.

In May 2021, BEIS opened the GDA process to advanced nuclear technologies, including small modular reactors (SMRs). Successful completion of the GDA culminates in the issue of a Design Acceptance Confirmation from the ONR and a Statement of Design Acceptability from the EA. Rolls-Royce SMR was the first vendor to submit an application for a GDA of an SMR design. Its 470 MWe pressurised water reactor design was accepted for review in March 2022. In December, GE Hitachi Nuclear Energy submitted a GDA entry application for its BWRX-300 SMR, and Holtec International has stated its intention to submit an application for its SMR-160 design.

UK Atomics molten salt reactor design uses unpressurised heavy water as a moderator, while the reactor is intended to burn nuclear waste while breeding new fuel from thorium. The company says, with an output of 100 MWt, it is small enough to allow for mass manufacturing and assembly line production.

Jan 17, 2023

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

Posted by in category: security

CISA has issued a warning about significant security weaknesses found in products from Industrial Control Systems (ICS) manufacturers.

Jan 16, 2023

Google’s Muse model could be the next big thing for generative AI

Posted by in categories: robotics/AI, security

Check out all the on-demand sessions from the Intelligent Security Summit here.

2022 was a great year for generative AI, with the release of models such as DALL-E 2, Stable Diffusion, Imagen, and Parti. And 2023 seems to follow on that path as Google introduced its latest text-to-image model, Muse, earlier this month.

Like other text-to-image models, Muse is a deep neural network that takes a text prompt as input and generates an image that fits the description. However, what sets Muse apart from its predecessors is its efficiency and accuracy. By building on the experience of previous work in the field and adding new techniques, the researchers at Google have managed to create a generative model that requires less computational resources and makes progress on some of the problems that other generative models suffer from.

Jan 14, 2023

Quantum machine learning (QML) poised to make a leap in 2023

Posted by in categories: information science, quantum physics, robotics/AI, security

Check out all the on-demand sessions from the Intelligent Security Summit here.

Classical machine learning (ML) algorithms have proven to be powerful tools for a wide range of tasks, including image and speech recognition, natural language processing (NLP) and predictive modeling. However, classical algorithms are limited by the constraints of classical computing and can struggle to process large and complex datasets or to achieve high levels of accuracy and precision.

Enter quantum machine learning (QML).

Jan 14, 2023

Critical zero day vulnerability in Linux Kernel Allows DoS Attack

Posted by in categories: computing, mobile phones, security, space

This flaw, which has been identified that affects the ksmbd NTLMv2 authentication in the Linux kernel, is known to quickly cause the operating system on Linux-based computers to crash. Namjae Jeon is the developer of KSMBD, which is an open-source In-kernel CIFS/SMB3 server designed for the Linux Kernel. It is an implementation of the SMB/CIFS protocol in the kernel space that allows for the sharing of IPC services and files over a network.

In order to take advantage of the vulnerability, you will need to transmit corrupted packets to the server, personal computer, tablet, or smartphone that you are targeting. The attack causes what is known as “a memory overflow flaw in ksmbd decodentlmssp auth blob,” which states that nt len may be less than CIFS ENCPWD SIZE in some circumstances. Because of this, the blen parameter that is sent to ksmbd authntlmv2, which runs memcpy using blen on memory that was allocated by kmalloc(blen + CIFS CRYPTO KEY SIZE), is now negative. It is important to take note that the CIFS ENCPWD SIZE value is 16, and the CIFS CRYPTO KEY SIZE value is 8. As the heap overflow happens when blen is in the range [-8,-1], we think that the only possible outcome of this problem is a remote denial of service and not a privilege escalation or a remote code execution.

Continue reading “Critical zero day vulnerability in Linux Kernel Allows DoS Attack” »

Jan 12, 2023

Generative AI, cloud computing and security top tech trends for 2023: Alibaba academy

Posted by in categories: robotics/AI, security

Alibaba Damo Academy, an in-house research initiative by Chinese technology giant Alibaba, has identified generative artificial intelligence, dual-engine decision intelligence, cloud computing and security as top technology trends for 2023.

Jan 11, 2023

Amazon introduces Ring car camera for vehicles

Posted by in categories: security, transportation

The dual-facing Ring Car Cam sits on the vehicle’s dashboard and is designed to record when your car is in motion and when it’s turned off. (Credit: Ring)

SANTA MONICA, Calif.Ring launched its first video doorbell 10 years ago — and now, its parent company Amazon is launching another security device: a camera for your car.

Josh Roth, Ring’s Chief Technology Officer, said last week that one of the products that Ring’s founder (Jamie Siminoff) has asked most about is one to protect the car.

Jan 11, 2023

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App

Posted by in categories: biotech/medical, encryption, security

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users’ private keys.

The seven attacks span three different threat models, according to ETH Zurich researchers Kenneth G. Paterson, Matteo Scarlata, and Kien Tuong Truong, who reported the issues to Threema on October 3, 2022. The weaknesses have since been addressed as part of updates released by the company on November 29, 2022.

Threema is an encrypted messaging app that’s used by more than 11 million users as of October 2022. “Security and privacy are deeply ingrained in Threema’s DNA,” the company claims on its website.

Jan 9, 2023

Microsoft acquires Fungible, a maker of data processing units, to bolster Azure

Posted by in categories: computing, security

In December, reports suggested that Microsoft had acquired Fungible, a startup fabricating a type of data center hardware known as a data processing unit (DPU), for around $190 million. Today, Microsoft confirmed the acquisition but not the purchase price, saying that it plans to use Fungible’s tech and team to deliver “multiple DPU solutions, network innovation and hardware systems advancements.”

“Fungible’s technologies help enable high-performance, scalable, disaggregated, scaled-out data center infrastructure with reliability and security,” Girish Bablani, the CVP of Microsoft’s Azure Core division, wrote in a blog post. “Today’s announcement further signals Microsoft’s commitment to long-term differentiated investments in our data center infrastructure, which enhances our broad range of technologies and offerings including offloading, improving latency, increasing data center server density, optimizing energy efficiency and reducing costs.”

A DPU is a dedicated piece of hardware designed to handle certain data processing tasks, including security and network routing for data traffic. The approach is intended to help reduce the load on CPUs and GPUs for core computing tasks related to a given workload.

Jan 9, 2023

Why IAM’s identity-first security is core to zero trust

Posted by in category: security

Check out all the on-demand sessions from the Intelligent Security Summit here.

The faster attackers can gain control over human or machine identities during a breach attempt, the easier it becomes to infiltrate core enterprise systems and take control. Attackers, cybercriminal gangs and advanced persistent threat (APT) groups share the goal of quickly seizing control of identity access management (IAM) systems.

Impersonating identities is how attackers move laterally across networks, undetected for months. IAM systems — in particular, older perimeter-based ones not protected with zero-trust security — are often the first or primary target.

Page 40 of 146First3738394041424344Last