Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security – Page 94

Mind the gap: State-of-the-art technologies and applications for EEG-based brain–computer interfaces

Brain–computer interfaces (BCIs) provide bidirectional communication between the brain and output devices that translate user intent into function. Among the different brain imaging techniques used to operate BCIs, electroencephalography (EEG) constitutes the preferred method of choice, owing to its relative low cost, ease of use, high temporal resolution, and noninvasiveness. In recent years, significant progress in wearable technologies and computational intelligence has greatly enhanced the performance and capabilities of EEG-based BCIs (eBCIs) and propelled their migration out of the laboratory and into real-world environments. This rapid translation constitutes a paradigm shift in human–machine interaction that will deeply transform different industries in the near future, including healthcare and wellbeing, entertainment, security, education, and marketing. In this contribution, the state-of-the-art in wearable biosensing is reviewed, focusing on the development of novel electrode interfaces for long term and noninvasive EEG monitoring. Commercially available EEG platforms are surveyed, and a comparative analysis is presented based on the benefits and limitations they provide for eBCI development. Emerging applications in neuroscientific research and future trends related to the widespread implementation of eBCIs for medical and nonmedical uses are discussed. Finally, a commentary on the ethical, social, and legal concerns associated with this increasingly ubiquitous technology is provided, as well as general recommendations to address key issues related to mainstream consumer adoption.

Apple Issues Urgent iPhone Updates, But Not for Pegasus Zero-Day

Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.

IPhone users, drop what you’re doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities – some of which are remotely exploitable – and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS.

Unfortunately, you aren’t getting a fix for the flaw that makes your iPhones easy prey for Pegasus spyware. As headlines have focused on all week, a zero-click zero-day in Apple’s iMessage feature is being exploited by NSO Group’s notorious Pegasus mobile spyware: A spyware blitz enabled by a bug that has given the security community pause about the security of Apple’s closed ecosystem.

China Wants a Chip Machine From the Dutch. The U.S. Said No

The chip world’s most important machines are made near corn fields in the Netherlands. The U.S. is trying to block China from buying them.

The one-of-a-kind, 180-ton machines are used by companies including Intel Corp., South Korea’s Samsung Electronics Co. and leading Apple Inc. supplier Taiwan Semiconductor Manufacturing Co. to make the chips in everything from cutting-edge smartphones and 5G cellular equipment to computers used for artificial intelligence.

China wants the $150-million machines for domestic chip makers, so smartphone giant Huawei Technologies Co. and other Chinese tech companies can be less reliant on foreign suppliers. But ASML hasn’t sent a single one because the Netherlands—under pressure from the U.S.—is withholding an export license to China.

The Biden administration has asked the government to restrict sales because of national-security concerns, according to U.S. officials. The stance is a holdover from the Trump White House, which first identified the strategic value of the machine and reached out to Dutch officials.

Quantum random number generator sets benchmark for size, performance

As pervasive as they are in everyday uses, like encryption and security, randomly generated digital numbers are seldom truly random.

So far, only bulky, relatively slow quantum random generators (QRNGs) can achieve levels of randomness on par with the basic laws of quantum physics, but researchers are looking to make these devices faster and more portable.

In Applied Physics Letters, scientists from China present the fastest real-time QRNG to date to make the devices quicker and more portable. The device combines a state-of-the-art photonic integrated with optimized real-time postprocessing for extracting randomness from quantum entropy source of vacuum states.

3,800 PS4s found and seized from a cryptocurrency farm in Ukraine

WTF?! On Thursday the Security Service of Ukraine (SSU) reported that they had shut down a cryptomining operation in the city of Vinnytsia, seizing over 500 GPUs and 50 processors — and a bunch of Playstation 4s. Consoles built on 2013-era technology might not be great at mining, but they don’t need to be when you have 3800 of them.

Although the market for GPUs is starting to improve, and dedicated ASICs might be on the way to relieve demand, it seems that one group of enterprising cryptocurrency miners have turned to last-gen console hardware to get things done.

From the photos provided by the SSU, it looks like these consoles are of the PS4 Slim variety, the 2016 refresh of the original console from three years prior. Mostly obsolete for newer games, it’s not at all surprising that so many could be sourced en masse so easily.

Researchers have taught a drone to recognize and hunt down meteorites autonomously

Planetary scientists estimate that each year, about 500 meteorites survive the fiery trip through Earth’s atmosphere and fall to our planet’s surface. Most are quite small, and less than 2% of them are ever recovered. While the majority of rocks from space may not be recoverable due to ending up in oceans or remote, inaccessible areas, other meteorite falls are just not witnessed or known about.

But new technology has upped the number known falls in recent years. Doppler radar has detected meteorite falls, as well as all-sky camera networks specifically on the lookout for meteors. Additionally, increased use of dashcams and security cameras have allowed for more serendipitous sightings and data on fireballs and potential meteorite falls.

A team of researchers is now taking advantage of additional technology advances by testing out drones and machine learning for automated searches for small meteorites. The drones are programmed to fly a grid search pattern in a projected “strewn field” for a recent meteorite fall, taking systematic pictures of the ground over a large survey area. Artificial intelligence is then used to search through the pictures to identify potential meteorites.

Microsoft warns of Windows “PrintNightmare” vulnerability that’s being actively exploited

Security researchers accidentally revealed a huge flaw.

Microsoft is warning Windows users about an unpatched critical flaw in the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was uncovered earlier this week after security researchers accidentally published a proof-of-concept (PoC) exploit. While Microsoft hasn’t rated the vulnerability, it allows attackers to remotely execute code with system-level privileges, which is as critical and problematic as you can get in Windows.

Researchers at Sangfor published the PoC, in what appears to have been a mistake, or a miscommunication between the researchers and Microsoft. The test code was quickly deleted, but not before it had already been forked on GitHub.

Sangfor researchers had been planning to detail multiple 0-day vulnerabilities in the Windows Print Spooler service at the annual Black Hat security conference later this month. It appears the researchers thought Microsoft had patched this particular vulnerability, after the company published patches for a separate Windows Print Spooler flaw.

Security robots expand across U.S., with few tangible results

“It would be difficult to introduce a single thing and it causes crime to go down,” one expert said.

“Are we seeing dramatic changes since we deployed the robot in January?” Lerner, the Westland spokesperson said. “No. But I do believe it is a great tool to keep a community as large as this, to keep it safer, to keep it controlled.”

For its part, Knightscope maintains on its website that the robots “predict and prevent crime,” without much evidence that they do so. Experts say this is a bold claim.

“It would be difficult to introduce a single thing and it causes crime to go down,” said Ryan Calo, a law professor at the University of Washington, comparing the Knightscope robots to a “roving scarecrow.”

Hackers are using unknown user accounts to target Zyxel firewalls and VPNs

In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The language in the email is terse, but it appears to say that the attacks target devices that are exposed to the Internet. When the attackers succeed in accessing the device, the email further appears to say, they are then able to connect to previously unknown accounts hardwired into the devices.

Batten down the hatches

“We’re aware of the situation and have been working our best to investigate and resolve it,” the email, which was posted to Twitter, said. “The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as ‘zyxel_silvpn,’ ‘zyxel_ts,’ or ‘zyxel_vpn_test,’ to manipulate the device’s configuration.”

/* */