All news with #research tag

🧠 In episode 73 of The AI Fix, hosts Graham Cluley and Mark Stockley explore a sweep of recent AI developments, from the rise of AI-generated content to high-profile figures relying on chatbots. They discuss research suggesting Google Gemini exhibits behaviours resembling pathological gambling and report on a Gemma-style model uncovering a potential cancer therapy pathway. The show also highlights legal and security concerns— including a lawyer criticised for repeated AI use, generals consulting chatbots, and techniques for poisoning LLMs with only a few malicious samples.

🔍 Cloudflare investigated a production soft lockup traced to the Linux BPF LPM trie, a core data structure for IP and IP+Port longest-prefix matching. Benchmarks on 96-core AMD EPYC hardware showed lookups remain relatively fast at modest sizes, but updates, deletes and especially freeing maps degrade severely at scale, causing multi-second CPU stalls and customer packet loss. The post refreshes trie basics, presents measured results (lookups, updates, deletes, free costs), and diagnoses kernel implementation limits — notably binary child pointers, absent level compression, and allocator-induced cache and dTLB pressure — then outlines plans to upstream benchmarks and refactor toward a level-compressed multibit trie to reduce traversal height, cache/TLB misses, and freeing overhead.

🔍 This article frames the shift from legacy SOCs to AI-SOC platforms, arguing leaders must evaluate impact, transparency, and integration rather than pursue AI for its own sake. It outlines four architectural dimensions—functional domain, implementation model, integration architecture, and deployment—and prescribes a phased adoption path with concrete vendor questions. The piece flags key risks including explainability gaps, data residency, vendor lock-in, model drift, and cost surprises, and highlights mitigation through governance, human-in-the-loop controls, and measurable POCs.

🔐 The arrival of cryptographically relevant quantum computers will create a "silent boom" where adversaries can capture encrypted traffic today and decrypt it later, making intrusions neither observed nor observable. This undermines traditional incident response and shifts responsibility to engineering teams, not a vendor checkbox. Organizations must pursue quantum readiness by engaging developers to inventory algorithms and data, assess internet-facing assets for PQC support, and build testing capability for new ciphers within their release cycles.

🛡️ Penetration testing remains a critical control, but the classic, one-size-fits-all approach can create hidden financial and operational burdens. Administrative overheads, complex scoping decisions and indirect remediation work all add time and cost while risking scope creep and disruption. The article recommends flexible, consumption-based models—such as PTaaS and Outpost24's CyberFlex—to improve coverage, transparency and ROI.

⚖️ More than seven in 10 IT leaders list regulatory compliance as a top-three challenge when deploying generative AI, according to a recent Gartner survey. Fewer than 25% are very confident in managing security, governance, and compliance risks. With the EU AI Act already in effect and new state laws in Colorado, Texas, and California on the way, CIOs worry about conflicting rules and rising legal exposure. Experts advise centralized governance, rigorous model testing, and external audits for high-risk use cases.

🔒 Phishing remains a pervasive threat—IBM attributes roughly 15% of data breaches to these attacks—yet standard training approaches are delivering limited protection. Recent studies cited in the article show annual awareness modules and embedded simulated-phish interventions often fail to change user behavior or secure genuine engagement, with many users closing training pages outright. Security leaders are advised to treat training as one element of a broader risk-reduction strategy that pairs behavioral design, clear escalation steps, measurable metrics, incentives, and technical controls such as two-factor authentication and improved phishing detection.

🔍 Janice Richardson, researcher and Council of Europe expert, reflects on Google’s Future Report, based on more than 7,000 teens from seven EU countries. She highlights young people’s use of the internet for learning, cultural exploration and creative problem solving, noting strong critical thinking and pragmatic attitudes toward algorithms. Richardson stresses closing the digital literacy gap and equipping teachers and parents to support safe, balanced online engagement.

🔒 Two independent research teams demonstrated practical physical attacks that extract encrypted data from server trusted execution environments by intercepting DDR4 memory traffic. The U.S. WireTap proof-of-concept slowed memory clocks and used an inexpensive legacy logic analyzer to recover keys from Intel SGX. The Battering RAM team employed a tiny interposer and a Raspberry Pi Pico to mirror writes and target both Intel SGX and AMD SEV-SNP covertly. Both efforts drastically lower cost and complexity compared with prior work, though vendors note that physical attacks sit outside their threat model.

🔍 Researchers at GreyNoise have identified a large-scale, multi-country botnet that began targeting Remote Desktop Protocol (RDP) services in the United States on October 8. The campaign uses over 100,000 IP addresses and employs two RDP-specific techniques: RD Web Access timing attacks to infer valid usernames and RDP Web Client login enumeration to observe differing server behaviors. Nearly all sources share a common TCP fingerprint, indicating coordinated clusters. Administrators should block attacking IPs, review RDP logs, and avoid exposing remote desktop services to the public internet—use VPNs and enable multi-factor authentication.

🔒 DarkAtlas researchers warn that APT groups are leveraging legitimate RMM platforms to gain initial access, increasingly favoring ScreenConnect as it evades basic detection. Attackers abuse features like unattended access, VPN, REST API and file transfer, deploy in-memory installers that leave little disk artefacts, and register persistent services such as ScreenConnect.WindowsClient.exe. Defenders should monitor invite links, config files, in-memory activity and specific event IDs for effective DFIR.

🔐 Apple has increased the top award in its Apple Security Bounty program to $2m for exploit chains that emulate sophisticated mercenary spyware. Bonuses for Lockdown Mode bypasses and vulnerabilities found in beta software can more than double that payout, potentially exceeding $5m. Apple also raised many category rewards — including $100,000 for a Gatekeeper bypass and $1m for broad unauthorized iCloud access — and introduced a Target Flags initiative to speed and standardize exploitability demonstrations.

🤖 As organizations scale and threats increase in sophistication and velocity, SOCs are integrating AI to augment detection, investigation, and response. The market ranges from prompt-dependent copilots to autonomous, mesh agentic systems that coordinate specialized AI agents across triage, correlation, and remediation. Leading solutions prioritize contextual intelligence, non-disruptive integration, staged trust, and measurable ROI rather than promising hands-off autonomy.

⚠️ Researchers have identified 175 malicious packages on the npm registry used as infrastructure for a widespread phishing campaign called Beamglea. The packages, collectively downloaded about 26,000 times, host redirect scripts served via unpkg.com that route victims to credential-harvesting pages. Attackers automated package publication and embedded victim-specific emails into generated HTML, pre-filling login fields to increase the likelihood of successful credential capture.

🖱️ Researchers at the University of California, Irvine demonstrated a proof-of-concept called Mic-E-Mouse, showing that high-end optical mice can pick up desk-transmitted voice vibrations and be used to reconstruct nearby conversations. The attack can be executed on PC, Mac and Linux by non-privileged user-space programs, and Wiener and neural-network filtering was used to enhance muffled signals into intelligible speech. Practical limits include a quiet environment, thin desks (≈3 cm or less), mostly stationary mice and very high-DPI hardware; placing a rubber pad or mouse mat under the mouse prevents the leakage.

🔍 Cloudflare engineers describe discovering a rare race condition in the Go arm64 compiler that caused goroutine stack-unwinding crashes in production. They traced sporadic fatal panics and segfaults to async preemption interrupting a split stack-pointer adjustment, leaving an invalid stack frame. A minimal reproducer showed the assembler could split a large ADD into multiple instructions, creating a one-instruction window where preemption caused unwinder corruption. The issue was fixed upstream in go1.23.12, go1.24.6, and go1.25.0.

🔍 A leaked Geekbench entry allegedly from an unreleased iPad shows an Apple M5 chip delivering a 4,133 single‑core score and 15,437 multi‑core score, with the processor reported at 4.42 GHz and paired with 12GB of RAM and likely 256/512GB storage. In early comparisons, Apple's per‑core performance edges out Qualcomm's Snapdragon X Elite 2 in single‑thread tests, while the Snapdragon's higher core count gives it a clear multi‑core lead. The results highlight Apple's continued CPU design strength but should be treated as an unverified leak until independently confirmed.

🔍An alleged Apple M5 benchmark for an iPad Pro has surfaced on Geekbench, reporting a single-core score of 4,133 and a multi-core score of 15,437 for a variant clocked at about 4.42 GHz. The listing shows 12 GB of RAM, likely paired with 256 GB or 512 GB of storage. Early comparisons place the M5 narrowly ahead in single-thread tests versus Qualcomm's Snapdragon X Elite 2 but behind in multi-core throughput, underscoring Apple's strong per-core design.

🔓 Researchers disclosed two physical interposer attacks—Battering RAM and Wiretrap—that bypass Trusted Execution Enclaves on Intel (SGX) and AMD (SEV‑SNP) platforms. Both attacks exploit deterministic memory encryption by inserting an interposer between CPU and DRAM to capture ciphertext in transit. Battering RAM can replay ciphertext and create memory aliases to expose plaintext and implant backdoors, while Wiretrap enables ciphertext-based key recovery. Practical mitigation today is limited to preventing physical access and strengthening supply‑chain and data‑center controls such as those in ISO/IEC 27001.

🔬 Researchers from Georgia Institute of Technology and Purdue University describe WireTap, a physical memory-bus interposer attack that passively inspects DDR4 traffic to recover secrets from Intel SGX enclaves. By exploiting deterministic memory encryption, the team built an oracle enabling a full key-recovery of an SGX ECDSA attestation key from the Quoting Enclave. The prototype uses inexpensive, off-the-shelf equipment (roughly $1,000) and can be introduced via supply-chain compromise or local physical access. Intel says the scenario requires physical access and falls outside its memory-encryption threat model.