Aggregator
OpenAI Snags OpenClaw Creator for Agent Push
4 months 1 week ago
Steinberger to Lead AI Giant's Multi-Agent Development Team
Peter Steinberger is joining OpenAI to lead development of personal agents, culminating weeks of viral attention paid to his OpenClaw open-source artificial intelligence assistant project. Security experts dubbed it a "dumpster fire" after hackers were quick to add malicious functions.
Peter Steinberger is joining OpenAI to lead development of personal agents, culminating weeks of viral attention paid to his OpenClaw open-source artificial intelligence assistant project. Security experts dubbed it a "dumpster fire" after hackers were quick to add malicious functions.
A Misconfigured AI Could Trigger Infrastructure Collapse
4 months 1 week ago
AI Fumbles, Not Hackers, Pose Next Shutdown Threat by 2028: Gartner
A misconfigured artificial intelligence system could do what hackers have tried and failed to accomplish: shut down an advanced economy's critical infrastructure. The warning centers on scenarios where AI autonomously shuts down vital services, misinterprets sensor data or triggers unsafe actions.
A misconfigured artificial intelligence system could do what hackers have tried and failed to accomplish: shut down an advanced economy's critical infrastructure. The warning centers on scenarios where AI autonomously shuts down vital services, misinterprets sensor data or triggers unsafe actions.
Feds Launch Portal to Report Substance Use Disorder Breaches
4 months 1 week ago
New HHS Enforcement Program Focuses on Patient Confidentiality, Aligning With HIPAA
The U.S. Department of Health and Human Services has launched a new breach reporting website and guidance materials to support its duties of enforcing compliance mandates that went into effect Monday to better align the confidentiality of substance use disorder records with the HIPAA privacy rule.
The U.S. Department of Health and Human Services has launched a new breach reporting website and guidance materials to support its duties of enforcing compliance mandates that went into effect Monday to better align the confidentiality of substance use disorder records with the HIPAA privacy rule.
Exploitable Flaws Found in Cloud-Based Password Managers
4 months 1 week ago
'Malicious Server Threat Model' Threatens 'Zero Knowledge Encryption' Guarantees
Claims by leading stand-alone password managers that their implementation of "zero knowledge encryption" means stored passwords can withstand the worst of hacker assaults are vastly overblown, say academic security researchers. They said vendors are in the process of patching the flaws they found.
Claims by leading stand-alone password managers that their implementation of "zero knowledge encryption" means stored passwords can withstand the worst of hacker assaults are vastly overblown, say academic security researchers. They said vendors are in the process of patching the flaws they found.
How does innovation in NHIs contribute to better secrets security?
4 months 1 week ago
Could the Innovation in Non-Human Identities Be the Key to Enhanced Secrets Security? Where progressively leaning towards automation and digital transformation, how can we ensure that the creation and management of Non-Human Identities (NHIs) maintain robust security and compliance? Machine identities, better known as NHIs, are becoming pivotal in cybersecurity solutions across various industries, including […]
The post How does innovation in NHIs contribute to better secrets security? appeared first on Entro.
The post How does innovation in NHIs contribute to better secrets security? appeared first on Security Boulevard.
Alison Mack
Why does Agentic AI provide a calm approach to crisis management?
4 months 1 week ago
How Can Non-Human Identities Reshape Cybersecurity in Crisis Management? Have you ever considered the hidden guardians of digital infrastructure? These are the often overlooked Non-Human Identities (NHIs), which are pivotal in managing cybersecurity threats across various industries. Understanding NHIs and their significance is imperative within the context of crisis management strategies, especially when organizations increasingly […]
The post Why does Agentic AI provide a calm approach to crisis management? appeared first on Entro.
The post Why does Agentic AI provide a calm approach to crisis management? appeared first on Security Boulevard.
Alison Mack
How adaptable are Agentic AI systems to evolving cyber threats?
4 months 1 week ago
The Importance of Managing Non-Human Identities in Cloud Security What’s the real cost of neglecting Non-Human Identities (NHIs) in your cybersecurity strategy? When organizations increasingly move to the cloud, understanding and managing NHIs is crucial to ensuring robust, comprehensive security. NHIs, primarily comprised of machine identities, use encrypted secrets like passwords, tokens, or keys to […]
The post How adaptable are Agentic AI systems to evolving cyber threats? appeared first on Entro.
The post How adaptable are Agentic AI systems to evolving cyber threats? appeared first on Security Boulevard.
Alison Mack
How are stakeholders reassured by enhanced secrets scanning methodologies?
4 months 1 week ago
Why is Managing Non-Human Identities Essential for Cybersecurity? Have you ever wondered how secure your cloud environment truly is in interconnected digital? When organizations increasingly migrate their operations to the cloud, the management of Non-Human Identities (NHIs) and Secrets Security Management becomes more critical. These elements are pivotal for closing the security gaps that can […]
The post How are stakeholders reassured by enhanced secrets scanning methodologies? appeared first on Entro.
The post How are stakeholders reassured by enhanced secrets scanning methodologies? appeared first on Security Boulevard.
Alison Mack
New Data Leak Targeting Brazilian Educational Sector
4 months 1 week ago
You must login to view this content
cohenido
Washington Hotel in Japan discloses ransomware infection incident
4 months 1 week ago
The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. [...]
Bill Toulas
数世咨询祝大家新春大吉!
4 months 1 week ago
马跃新春,福暖乾坤
NDSS 2025 – SiGuard: Guarding Secure Inference With Post Data Privacy
4 months 1 week ago
Session 12C: Membership Inference
Authors, Creators & Presenters: Xinqian Wang (RMIT University), Xiaoning Liu (RMIT University), Shangqi Lai (CSIRO Data61), Xun Yi (RMIT University), Xingliang Yuan (University of Melbourne)
PAPER
SIGuard: Guarding Secure Inference with Post Data Privacy
Secure inference is designed to enable encrypted machine learning model prediction over encrypted data. It will ease privacy concerns when models are deployed in Machine Learning as a Service (MLaaS). For efficiency, most of recent secure inference protocols are constructed using secure multi-party computation (MPC) techniques. They can ensure that MLaaS computes inference without knowing the inputs of users and model owners. However, MPC-based protocols do not hide information revealed from their output. In the context of secure inference, prediction outputs (i.e., inference results of encrypted user inputs) are revealed to the users. As a result, adversaries can compromise output privacy of secure inference, i.e., launching Membership Inference Attacks (MIAs) by querying encrypted models, just like MIAs in plaintext inference. We observe that MPC-based secure inference often yields perturbed predictions due to approximations of nonlinear functions like softmax compared to its plaintext version on identical user inputs. Thus, we evaluate whether or not MIAs can still exploit such perturbed predictions on known secure inference protocols. Our results show that secure inference remains vulnerable to MIAs. The adversary can steal membership information with high successful rates comparable to plaintext MIAs. To tackle this open challenge, we propose SIGuard, a framework to guard the output privacy of secure inference from being exploited by MIAs. SIGuard's protocol can seamlessly be integrated into existing MPC-based secure inference protocols without intruding on their computation. It proceeds with encrypted predictions outputted from secure inference, and then crafts noise for perturbing encrypted predictions without compromising inference accuracy; only the perturbed predictions are revealed to users at the end of protocol execution. SIGuard achieves stringent privacy guarantees via a co-design of MPC techniques and machine learning. We further conduct comprehensive evaluations to find the optimal hyper-parameters for balanced efficiency and defense effectiveness against MIAs. Together, our evaluation shows SIGuard effectively defends against MIAs by reducing the attack accuracy to be around the random guess with overhead (1.1s), occupying ~24.8% of secure inference (3.29s) on widely used ResNet34 over CIFAR-10.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – SiGuard: Guarding Secure Inference With Post Data Privacy appeared first on Security Boulevard.
Marc Handelman
A security flaw at DavaIndia Pharmacy allowed attackers to access customers’ data and more
4 months 1 week ago
A security flaw at DavaIndia Pharmacy exposed customer data and gave outsiders full admin control of its systems. DavaIndia is a large Indian pharmacy retail chain focused on selling affordable generic medicines. Operated by Zota Health Care Ltd., the brand promotes low-cost alternatives to branded drugs to make healthcare more accessible across India. DavaIndia runs […]
Pierluigi Paganini
Eurail says stolen traveler data now up for sale on dark web
4 months 1 week ago
Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. [...]
Bill Toulas
Man arrested for demanding reward after accidental police data leak
4 months 1 week ago
Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless he received "something in return." [...]
Sergiu Gatlan
GUEST ESSAY: The hidden risks lurking beneath legal AI — permission sprawl, governance drift
4 months 1 week ago
In many law firms today, leadership believes their data is secure. Policies are documented, annual reviews are completed, and vendor questionnaires are answered with confidence. On paper, the safeguards look strong.
Related: The cost of law firm breaches
Yet in … (more…)
The post GUEST ESSAY: The hidden risks lurking beneath legal AI — permission sprawl, governance drift first appeared on The Last Watchdog.
The post GUEST ESSAY: The hidden risks lurking beneath legal AI — permission sprawl, governance drift appeared first on Security Boulevard.
bacohido
CoinBase Cartel
4 months 1 week ago
You must login to view this content
cohenido
AL26-003 - Vulnerability affecting BeyondTrust - CVE-2026-1731
4 months 1 week ago
Canadian Centre for Cyber Security
CoinBase Cartel
4 months 1 week ago
You must login to view this content
cohenido