The Evolution of Purple Teaming – Jared Atkinson – PSW #812

I disagree.

I plan to test this out over the weekend at Shmoo, just got it running, though concerned it could be used against me!

If you've ever wondered what it would look like to analyze all of the firmware in the linux-firmware repo, Nick has completed his take on this work. Nicely done.

Good high-level overview. Keep in mind when you see some people unlocking cars with the Flipper, for most cars one of two things could be happening: 1) The video is completely fake and someone with the keyfob for the vehicle is unlocking it 2) They've captured one of the passcodes that was transmitted by the keyfob but not received by the vehicle, therefore the Flipper (for the ONE TIME) can transmit the correct unlock code.

People who reject or distrust science are not especially well informed about it, but believe that they do understand the science. Giving them scientific information does not change their attitudes. Telling them what opinions are popular does help change their minds.

We rooted Tesla Autopilot using voltage glitching. The attack enables us to extract arbitrary code and user data from the system. This achievement empowered custom modifications to the root file system and temporarily facilitated the activation of paid car features.

Several water utilities in US states were hacked Iranian-backed attackers targeting a piece of equipment specifically because it was Israeli-made. With inaction in Congress, a handful of states passed legislation to step up scrutiny of cybersecurity, including New Jersey and Tennessee. But cybersecurity improvements are not likely soon.

A new biohybrid computer combining a “brain organoid” and a traditional AI was able to perform a speech recognition task with 78% accuracy — demonstrating the potential for human biology to one day boost our computing capabilities. The system isn’t an improvement on the tech we already have — but it could prove to be a key stepping stone on the path to more advanced biocomputing systems in the future.

23andMe said that “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe.”
“Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures.” “This finger pointing is nonsensical. 23andMe knew or should have known that many consumers use recycled passwords and thus that 23andMe should have implemented some of the many safeguards available to protect against credential stuffing — especially considering that 23andMe stores personal identifying information, health information, and genetic information on its platform,” Zavareei said in an email.

Predictive and generative AI systems remain vulnerable to a variety of attacks and anyone who says otherwise isn't being entirely honest. The researchers have focused on four specific security concerns: evasion, poisoning, privacy and abuse attacks. AI systems optimized for accuracy alone tend to underperform in terms of adversarial robustness and fairness. Conversely, an AI system optimized for adversarial robustness may exhibit lower accuracy and deteriorated fairness outcomes.

The curl maintainers are suffering from a flood of bogus AI-generated vulnerability reports for their bug bounty program. The improved language in the AI-generated reports requires the maintainers to work harder to detect their uselessness.

From 2016 to 2021, we estimate that ransomware attacks killed between 42 and 67 Medicare patients. This should change how hospitals and policymakers think about the scope of this issue.