Security News

Modernizing fraud prevention with machine learning
2023-09-15 05:30

Nearly 70% of businesses said that fraud losses have increased in recent years and most businesses reported that they plan to increase their fraud management budgets by at least 8% to as much as 19%. Despite their plans to increase their fraud prevention budgets, data shows that businesses may not be completely aligned with consumer expectations. Enable real-time fraud detection: Machine learning can help businesses detect and prevent fraud threats in real time, helping to identify both known and unknown threats to stay ahead of fraudsters.

Uncovering a privacy-preserving approach to machine learning
2023-08-28 05:00

Machine learning models are algorithms that process data to generate meaningful insights and inform critical business decisions. When these data sources contain sensitive or proprietary information, using them for machine learning model training or evaluation/inference raises significant privacy and security concerns.

Using Machine Learning to Detect Keystrokes
2023-08-09 11:08

Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy. Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever.

Unveiling the Unseen: Identifying Data Exfiltration with Machine Learning
2023-06-22 11:10

Data exfiltration often serves as the final act of a cyberattack, making it the last window of opportunity to detect the breach before the data is made public or is used for other sinister activities, such as espionage. While prevention of data exfiltration through security controls is ideal, the escalating complexity and dispersion of infrastructures, accompanied by the integration of legacy devices, makes prevention a strenuous task.

Malware and machine learning: A match made in hell
2023-04-03 09:11

Automated malware campaigns will drastically change the reaction speed of malware gangs. The technology to run malware campaigns and automatically bypass new defenses is most definitely doable nowadays, but thus far, we haven't seen anything of the kind.

Putting Undetectable Backdoors in Machine Learning Models
2023-02-24 12:34

Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier.

Attacking Machine Learning Systems
2023-02-06 11:02

There is a lesson in that similarity: the complex mathematical attacks make for good academic papers, but we mustn't lose sight of the fact that insecure software will be the likely attack vector for most ML systems. At their core, modern ML systems have complex mathematical models that use training data to become competent at a task.

Machine-Learning Python package compromised in supply chain attack
2023-01-04 17:00

Dec. 31, 2022, the PyTorch machine learning framework announced on its website that one of its packages had been compromised via the PyPI repository. According to the PyTorch team, a malicious torchtriton dependency package was uploaded to the PyPI code repository on Friday, Dec. 30, 2022, at around 4:40 p.m. The malicious package had the same package name as the one shipped on the PyTorch nightly package index.

PyTorch Machine Learning Framework Compromised with Malicious Dependency
2023-01-02 14:27

The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a dependency confusion attack. "PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index code repository and ran a malicious binary," the PyTorch team said in an alert over the weekend.

PyTorch: Machine Learning toolkit pwned from Christmas to New Year
2023-01-01 21:36

So what looked like an innocent, if pointless, DNS lookup for a "Server" such as S3CR3TPA55W0RD.DODGY.EXAMPLE would quietly leak your access key under the guise of a simple lookup that directed to the official DNS server listed for the DODGY.EXAMPLE domain. LIVE LOG4SHELL DEMO EXPLAINING DATA EXFILTRATION VIA DNS. If you can't read the text clearly here, try using Full Screen mode, or watch directly on YouTube.