Daily Archives: November 6, 2017

Machine learning of neural representations of suicide and emotion concepts identifies suicidal youth | Nature Human Behaviour

Posted on by
Reply

The clinical assessment of suicidal risk would be substantially complemented by a biologically based measure that assesses alterations in the neural representations of concepts related to death and life in people who engage in suicidal ideation. This study used machine-learning algorithms (Gaussian Naive Bayes) to identify such individuals (17 suicidal ideators versus 17 controls) with high (91%) accuracy, based on their altered functional magnetic resonance imaging neural signatures of death-related and life-related concepts. The most discriminating concepts were ‘death’, ‘cruelty’, ‘trouble’, ‘carefree’, ‘good’ and ‘praise’. A similar classification accurately (94%) discriminated nine suicidal ideators who had made a suicide attempt from eight who had not. Moreover, a major facet of the concept alterations was the evoked emotion, whose neural signature served as an alternative basis for accurate (85%) group classification.

Hackers Compromised the Trump Organization 4 Years Ago—and the Company Never Noticed

Posted on by
Reply

In 2013, a hacker (or hackers) apparently obtained access to the Trump Organization’s domain registration account and created at least 250 website subdomains that cybersecurity experts refer to as “shadow” subdomains. Each one of these shadow Trump subdomains pointed to a Russian IP address, meaning that they were hosted at these Russian addresses. (Every website domain is associated with one or more IP addresses. These addresses allow the internet to find the server that hosts the website. Authentic Trump Organization domains point to IP addresses that are hosted in the United States or countries where the company operates.) The creation of these shadow subdomains within the Trump Organization network was visible in the publicly available records of the company’s domains.

[…]

The subdomains and their associated Russian IP addresses have repeatedly been linked to possible malware campaigns, having been flagged in well-known research databases as potentially associated with malware. The vast majority of the shadow subdomains remained active until this week, indicating that the Trump Organization had taken no steps to disable them. This suggests that the company for the past four years was unaware of the breach. Had the infiltration been caught by the Trump Organization, the firm should have immediately decommissioned the shadow subdomains, according to cybersecurity experts contacted by Mother Jones.

How we fooled Google’s AI into thinking a 3D-printed turtle was a gun

Posted on by
Reply

Students at MIT in the US claim they have developed an algorithm for creating 3D objects and pictures that trick image-recognition systems into severely misidentifying them. Think toy turtles labeled rifles, and baseballs as cups of coffee.

It’s well known that machine-learning software can be easily hoodwinked: Google’s AI-in-the-cloud can be misled by noise; protestors and activists can wear scarves or glasses to fool people-recognition systems; intelligent antivirus can be outsmarted; and so on. It’s a crucial topic of study because as surveillance equipment, and similar technology, relies more and more on neural networks to quickly identify things and people, there has to be less room for error.

Signed Malware: using digital certificates to circumvent malware checks

Posted on by
Reply

Digitally signed malware can bypass system protection mechanisms that install or launch only programs with valid signatures. It can also evade anti-virus programs, which often forego scanning signed binaries. Known from advanced threats such as Stuxnet and Flame, this type of abuse has not been measured systematically in the broader malware landscape. In particular, the methods, effectiveness window, and security implications of code-signing PKI abuse are not well understood. We propose a threat model that highlights three types of weaknesses in the code-signing PKI.

Source: Signed Malware

Security researchers at the University of Maryland found 72 compromised certificates after analysing field data collected by Symantec on 11 million hosts worldwide. “Most of these cases were not previously known, and two thirds of the malware samples signed with these 72 certificates are still valid, the signature check does not produce any errors,” Tudor Dumitras, one of the researchers, told El Reg.

“Certificate compromise appears to have been common in the wild before Stuxnet, and not restricted to advanced threats developed by nation-states. We also found 27 certificates issued to malicious actors impersonating legitimate companies that do not develop software and have no need for code-signing certificates, like a Korean delivery service.”
Hackers abusing digital certs smuggle malware past security scanners – the Register

Millions of South Africans’ personal information may have been leaked online

Posted on by
Reply

The personal information of more than 30 million South Africans has apparently been leaked online. This is according to Australian security researcher and creator of ‘Have I Been Pwned’, Troy Hunt. His website allows people to check if their personal information has been compromised in a data breach.He took to Twitter on Tuesday to say he had “a very large breach titled ‘masterdeeds’”.The title of the data led him and others commentators to speculate that the leak was likely from the deeds office. Identity numbersIf the information Hunt has is legitimate, it may be the biggest breach of Popi (Protection of Personal Information Act) to have ever taken place. Hunt said the database contained names of people, their gender, ethnicity, home ownership and contact information. The data also contained people’s identity numbers and other information like their estimated income and details of their employer. He said the information appeared to be from a government agency.MyBroadband reported that the database was a 27.2GB backup file that Hunt found on Torrent and he gained 31.6 million records before it crashed. He said there could be over 47 million records in the database.

Source: Millions of South Africans’ personal information may have been leaked online | Fin24

Virtually everyone in Malaysia pwned in telco, govt data hack spree

Posted on by
Reply

Information on 46.2 million cellphone accounts was slurped from Malaysians telecoms providers. To put that in context, the population of Malaysia is 31.2 million; obviously, some people have more than one number.The stolen telco records include people’s mobile phone numbers, SIM card details, device serial numbers, and home addresses, all of which are useful to identity thieves and scammers. Some 80,000 medical records were also accessed during the hacking spree, and government websites as well as Jobstreet.com were attacked and infiltrated, too, we’re told.
[…]
Malaysian officials confirmed this week that nearly 50 million mobile phone account records were accessed by hackers unknown. The authorities also warned that people’s private data was stolen from the Malaysian Medical Council, the Malaysian Medical Association, the Academy of Medicine, the Malaysian Housing Loan Applications body, the Malaysian Dental Association, and the National Specialist Register of Malaysia.

It’s believed the systems were actually hacked as far back as 2014, The Star reported.

Source: Virtually everyone in Malaysia pwned in telco, govt data hack spree • The Register