Crypto ??Chrome ? ML-Science

Crypto ??Chrome ? ML-Science

Lazarus Group Launches First Open Source Supply Chain Attacks Targeting Crypto Sector | by Yehuda Gelb | checkmarx-security | Medium (August 2, 2023)

  • Checkmarx Security details how a hacking group affiliated with North Korea targeted developers associated with blockchain, cryptocurrency, and online gambling.
  • “Once contact was established, the attacker would invite the target to collaborate on a GitHub repository, containing malicious npm package dependencies which would then be used to compromise the victim.”
  • The malware was a two-stage attack in which the booby-trapped software fetched additional components while running, making it harder to find through simple scanning.?
  • The article provides a nice description of how sophisticated attackers combine targeted social engineering with technical capabilities.
  • https://medium.com/checkmarx-security/lazarus-group-launches-first-open-source-supply-chain-attacks-targeting-crypto-sector-cabc626e404e ?

?

Google Chrome Protects Against Quantum Attacks | Enter Quantum (August 16, 2023)??

  • Google’s Chrome Browser version 116 and above now includes support for X25519Kyber768, an encryption algorithm that is supposed to be resistant to attacks by quantum computers.
  • X25519Kyber768 was deployed by Cloudflare back in October 2022. The company wrote a great blog article at the time explaining why it is important to upgrade now to algorithms that will be quantum-safe.
  • You can find the technical details of X25519Kyber768 in the IETF draft . This use combines the existing X25519 ( an elliptic curve Diffie-Hellman key exchange using Curve25519) and Kyber768 (a post-quantum public key algorithm working its way through the NIST standardization process). The combination assures a security unless both of the algorithms are broken.?
  • https://www.quantumbusinessnews.com/applications/google-chrome-to-protect-against-quantum-attacks ?

Introducing the REFORMS checklist for ML-based science (August 16, 2023)?

  • Sayash Kapoor and Arvind Narayanan have proposed REFORMS: Reporting Standards for ML-based Science.?
  • “The REFORMS checklist consists of 32 items across 8 sections. It is based on an extensive review of the pitfalls and best practices in adopting ML methods. We created an accompanying set of guidelines for each item in the checklist. We include expectations about what it means to address the item sufficiently. To aid researchers new to ML-based science, we identify resources and relevant past literature.”
  • https://reforms.cs.princeton.edu/ ?



Subscription information

Google Group: https://groups.google.com/g/icymi-ai ? [subscribe]

LinkedIn: Database Nation

Gaurav Gogia

Security R&D @Qualys | Purple Teaming

1 年

Yash Patel, here’s something you might be interested in :)

要查看或添加评论,请登录

Simson Garfinkel的更多文章

  • Spooky Data at a Distance

    Spooky Data at a Distance

    As Halloween fast approaches, I thought it would be fun to recount a dinner talk that I gave several years ago on a…

    3 条评论
  • Trust and Safety

    Trust and Safety

    If your website or service allows users to post comments or exchange messages with other users, then you will…

    5 条评论
  • Review: Claire Bowen's "Government Data of the People"

    Review: Claire Bowen's "Government Data of the People"

    As governments and corporations make increasingly more use of our personal data, a growing number of computer…

    3 条评论
  • Metasearch: Search and RAG multiple datasets without data governance chaos

    Metasearch: Search and RAG multiple datasets without data governance chaos

    Metasearch systems take your query, send it to multiple search engines, and then show you the combined results. Most…

    3 条评论
  • Vector Databases and RAG

    Vector Databases and RAG

    “You Do Not Need a Vector Database” is the provocative title of a recent blog post (with code) by Dr. Yucheng Low…

    12 条评论
  • Testing the family china for lead

    Testing the family china for lead

    In this issue I take a break from data and talk about something physical. This is Jerry Urban from Inspector 3755, his…

    4 条评论
  • Sensitive Locations

    Sensitive Locations

    Do you work in a sensitive location? On January 9th, the US Federal Trade Commission settled a case with data broker…

    4 条评论
  • WHOOP's AI (LLM) Coach

    WHOOP's AI (LLM) Coach

    In September, I joined the WHOOP Coach beta program, a new feature that WHOOP recently added to its popular fitness…

    2 条评论
  • ORINink, brightening the MTA

    ORINink, brightening the MTA

    Today on the #6 Subway in NYC I saw a man doing rapid drawings of other people in the car, then leaving the…

    3 条评论
  • Stephen Wolfram remembers Ed Fredkin (1934-2023)

    Stephen Wolfram remembers Ed Fredkin (1934-2023)

    Ed Fredkin (1934-2023) was one of the world's first computer programmers, and created what was arguably the world's…

    6 条评论

社区洞察

其他会员也浏览了