The Exploit Prediction Scoring System is Awesome, or so some say, Reflections on InfoSec, Why some people don’t trust science, SSH-Snake, Back in the Driver’s seat, I Hacked My Internet Service Provider, States & Congress wrestle with cybersecurity, Combining AI with human brain cells, analyzing linux-firmware, detecting BLE SPAM, and The I in LLM.
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Founding Partner at TRIFIDENT
Sr. InfoSec Consultant – Online Business Systems at Online Business Sytems
People who reject or distrust science are not especially well informed about it, but believe that they do understand the science. Giving them scientific information does not change their attitudes. Telling them what opinions are popular does help change their minds.
We rooted Tesla Autopilot using voltage glitching. The attack enables us to extract arbitrary code and user data from the system. This achievement empowered custom modifications to the root file system and temporarily facilitated the activation of paid car features.
Several water utilities in US states were hacked Iranian-backed attackers targeting a piece of equipment specifically because it was Israeli-made. With inaction in Congress, a handful of states passed legislation to step up scrutiny of cybersecurity, including New Jersey and Tennessee. But cybersecurity improvements are not likely soon.
A new biohybrid computer combining a “brain organoid” and a traditional AI was able to perform a speech recognition task with 78% accuracy — demonstrating the potential for human biology to one day boost our computing capabilities. The system isn’t an improvement on the tech we already have — but it could prove to be a key stepping stone on the path to more advanced biocomputing systems in the future.
23andMe said that “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe.”
“Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures.”
“This finger pointing is nonsensical. 23andMe knew or should have known that many consumers use recycled passwords and thus that 23andMe should have implemented some of the many safeguards available to protect against credential stuffing — especially considering that 23andMe stores personal identifying information, health information, and genetic information on its platform,” Zavareei said in an email.
Predictive and generative AI systems remain vulnerable to a variety of attacks and anyone who says otherwise isn't being entirely honest. The researchers have focused on four specific security concerns: evasion, poisoning, privacy and abuse attacks. AI systems optimized for accuracy alone tend to underperform in terms of adversarial robustness and fairness. Conversely, an AI system optimized for adversarial robustness may exhibit lower accuracy and deteriorated fairness outcomes.
The curl maintainers are suffering from a flood of bogus AI-generated vulnerability reports for their bug bounty program. The improved language in the AI-generated reports requires the maintainers to work harder to detect their uselessness.
Saša Zdjelar joins us on this episode to dive into how organizations can manage supply chain risk, including the current challenges we face and how best to deal with them.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
In this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementing effective security measures. The discussion highlights the importance of understanding the relationship between physical security and social engineering. The panel emphasizes the need for a compreh...