A naukri.com initiative
Cyber Security News
VentureBeat
1M
146
Goodbye cloud, Hello phone: Adobe’s SlimLM brings AI to mobile devices
- Adobe researchers have created a breakthrough AI system called SlimLM that processes documents directly on smartphones, without internet connectivity, potentially transforming how businesses handle sensitive information. SlimLM represents a significant shift in artificial intelligence deployment, away from massive cloud computing centers and onto the phones in users’ pockets. Large language models have attracted significant attention but the practical implementation and performance of small language models on real mobile devices remain understudied, explained Adobe Research, Auburn University and Georgia Tech scientists. SlimLM enters the scene at a pivotal moment in the tech industry’s shift toward edge computing. Enterprises currently spend millions on cloud-based AI solutions, paying for API calls to services like OpenAI or Anthropic to process documents, answer questions, and generate reports.
- What sets SlimLM apart is its precise optimization for real-world use, tested for various configurations, with their smallest model at just 125 million parameters, compared to models like GPT-4o, which contain hundreds of billions, thus efficiently processing documents up to 800 words long on a smartphone. Larger SlimLM variants scaling up to 1 billion parameters could resemble the performance of more resource-intensive models while still maintaining smooth operation on mobile hardware. SlimLM's development points to a future where sophisticated AI doesn't require constant cloud connectivity, democratizing access to AI tools while addressing growing concerns about data privacy and high costs of cloud computing.
- The implications of this breakthrough extend far beyond technical achievement. By processing data directly on the device, companies can avoid the risks associated with sending confidential information to cloud servers. Industries that handle sensitive information, such as healthcare providers, law firms, and financial institutions, stand to benefit the most. SlimLM's on-device processing helps ensure compliance with strict data protection regulations like GDPR and HIPAA. Smartphones that can intelligently process emails, analyze documents and assist with writing, all without sending sensitive data to external servers, could transform how professionals in industries like law, healthcare and finance interact with their mobile devices.
- The technical breakthrough behind SlimLM lies in how the researchers rethought language models to meet the hardware limitations of mobile devices. Instead of merely shrinking existing large models, they conducted a series of experiments to find the “sweet spot” between model size, context length and inference time, ensuring that the models could deliver real-world performance without overloading mobile processors. Another key innovation was the creation of DocAssist, a specialized dataset designed to train SlimLM for document-related tasks like summarization and question answering.
- For the broader tech industry, SlimLM represents a compelling alternative to the “bigger is better” mentality that has dominated AI development. While companies like OpenAI are pushing toward trillion-parameter models, Adobe’s research demonstrates that smaller, more efficient models can still deliver impressive results when optimized for specific tasks.
- The (soon-to-be) public release of SlimLM’s code and training dataset could accelerate this shift, empowering developers to build privacy-preserving AI applications for mobile devices. As smartphone processors continue to evolve, the balance between cloud-based and on-device AI processing could tip dramatically toward local computing.
- What SlimLM offers is more than just another step forward in AI technology; it’s a new paradigm for how we think about artificial intelligence. Instead of relying on vast server farms and constant internet connections, the future of AI could be personalized, running directly on the device in your pocket, maintaining privacy, and reducing dependence on cloud computing infrastructure. This development marks the beginning of a new chapter in AI’s evolution.
Read Full Article
8 Likes
Digitaltrends
1M
364
Image Credit: Digitaltrends
LastPass review: Is this popular password manager still worth using?
- LastPass offers affordable prices on individual and family plans.
- However, the security track record of LastPass remains poor.
- LastPass has low-cost individual and family subscription plans with big discounts.
- LastPass is easy to set up and supports Chrome, Edge, Firefox, Opera, Safari, and even Explorer.
- Autofill is a critical feature for a password manager and LastPass handles it well.
- Sharing logins is a unique feature that adds great value to password managers.
- LastPass offers 24/7 live chat support for customers.
- LastPass has suffered several security incidents, most recently a serious breach in 2022.
- LastPass is a new and unproven password manager with a short security and privacy track record.
- If you don’t feel comfortable sharing your logins, check out our list of five password managers with better long-term security records than LastPass.
Read Full Article
21 Likes
Digitaltrends
1M
355
Image Credit: Digitaltrends
Hackers were caught hiding password-stealing tricks in people’s physical mail
- Hackers have been observed using snail mail to steal sensitive information.
- Victims received a letter from the 'Federal Office of Meteorology and Climatology in Switzerland' containing a QR code.
- Scanning the QR code takes them to a third-party site instead of the official Google Play Store.
- The malware-infected app aims to steal credentials and data from Android devices.
Read Full Article
21 Likes
TechCrunch
1M
232
Image Credit: TechCrunch
PSA: You shouldn’t upload your medical images to AI chatbots
- Think twice before uploading your private medical data to AI chatbots.
- People upload medical imagery to AI chatbots to interpret their results.
- Uploaded sensitive data can be used to train AI models and potentially expose private information.
- The privacy and security risks associated with uploading medical data to AI chatbots.
Read Full Article
13 Likes
Tech Radar
1M
346
Image Credit: Tech Radar
Update now — Fortinet Windows VPN hacked to steal user data
- Chinese threat actor BrazenBamboo has been exploiting a vulnerability in Fortinet's Windows VPN client to steal user login credentials and VPN server information.
- The flaw allows DeepData malware to find and decrypt JSON objects in the client's process memory, enabling the theft of sensitive information.
- Fortinet was informed of the vulnerability in July 2024 but has not yet addressed it or assigned a CVE number for it.
- Users are advised to restrict VPN access and remain vigilant for unusual login activity until a patch becomes available.
Read Full Article
20 Likes
Tech Radar
1M
423
Image Credit: Tech Radar
Fake DocuSign emails are targeting some top US contractors
- Cybersecurity researchers have discovered an increase in fraudsters using DocuSign impersonations to target businesses interacting with government agencies.
- Attacks impersonating various government entities have spiked by 98% in the last month.
- Impersonators create a false sense of urgency, urging victims to renew fake contracts using DocuSign.
- Victims face financial loss, business disruption, and potential data breaches from these fraudulent attacks.
Read Full Article
25 Likes
Amazon
1M
155
Image Credit: Amazon
Important changes to CloudTrail events for AWS IAM Identity Center
- AWS IAM Identity Center is making changes to simplify user identification in CloudTrail events, enhancing correlation between IAM Identity Center users and external directory services, such as Okta Universal Directory or Microsoft Active Directory.
- From January 13, 2025, IAM Identity Center will stop emitting userName and principalId fields under the user identity element in CloudTrail events.
- IAM Identity Center will emit user ID and Identity Store ARN fields to replace the userName and principalId fields, enhancing user identification and action tracking in CloudTrail.
- IAM Identity Center CloudTrail events will also specify IdentityCenterUser as the identity type instead of Unknown, providing a clear identifier for users.
- Group's displayName value will be excluded from the requestParameters and responseElements elements for CreateGroup and UpdateGroup CloudTrail events.
- IAM Identity Center will replace the displayName value in the administrative CloudTrail events for CreateGroup and UpdateGroup with a fixed text value of HIDDEN_DUE_TO_SECURITY_REASONS, which restricts access to the group displayName only to workflows that are authorized to access group attributes in the Identity Store.
- IAM Identity Center will add the userId and identityStoreArn fields to help workflows associate users with external directories and link CloudTrail events to a specific user.
- The changes are effective from January 13, 2025, and customers are recommended to update their workflows that process the userName, principalId, userIdentity type, or group displayName fields in CloudTrail events for IAM Identity Center.
- To prepare workflows for these changes, IAM Identity Center users can update their workflows by using the Identity Store DescribeGroup API operation.
- IAM Identity Center users can use the updated user identity element for the sample CloudTrail event shared in the article and gain deeper insights into specific CloudTrail events and API operations impacted by the changes.
Read Full Article
9 Likes
Medium
1M
77
Image Credit: Medium
Enhancing LLM Workflows with Secure Data Proxy and Azure Confidential Clean Rooms (ACCR)
- SafeLiShare Secure Data Proxy (SDP) integrates with Microsoft Azure Confidential Clean Rooms to enhance LLM workflows.
- SafeLiShare's SDP secures critical stages of the LLM workflow and enforces fine-grained security policies.
- Integration with Azure Confidential Clean Rooms provides trusted execution environment and verifiable attestation for stronger isolation.
- SafeLiShare SDP offers scalable and adaptive security measures for securing sensitive AI services.
Read Full Article
4 Likes
VentureBeat
1M
45
Microsoft debuts custom chips to boost data center security and power efficiency
- Microsoft unveils custom chips for data center security and efficiency.
- Azure Integrated HSM: A security chip with dedicated hardware security module to ensure secure key management.
- Azure Boost DPU: Data processing unit optimized for multiplexed data streams and power efficiency.
- Additional advancements in data center cooling and power management announced.
Read Full Article
2 Likes
Tech Radar
1M
207
Image Credit: Tech Radar
A major VMware vCenter Server security bug is now being exploited, so patch now
- A VMware bug that grants Remote Code Execution abilities is being exploited in the wild
- The bug was first spotted in September 2024, but the patch did not solve the problem
- A second patch was released, and users are urged to apply now
- Broadcom warns that two vulnerabilities in VMware vCenter Server are being actively exploited by hackers
Read Full Article
12 Likes
Siliconangle
1M
442
Image Credit: Siliconangle
Cyber resilience evolves into a team sport for organizations battling ransomware
- Companies are broadening from traditional enterprise security operations to full-fledged cyber resilience, to pre-empt and respond to attacks without disruptions and minimal resource/reputation loss.
- Traditional business continuity and disaster recovery strategies are no longer sufficient to handle modern cyber incidents like ransomware.
- Organizations must move from restoring operations to actively investigating and mitigating threats, which involve a multi-staged approach.
- NIST and the SANS can help establish frameworks to systemize the teams to detect, contain, and recover from cyber threats systematically.
- There’s a strong need for a collaboration across IT, security, and infrastructure teams.
- Vendor ecosystems also play a critical role, facilitating seamless integration between tools and enhancing containment, investigation, and recovery efforts.
- One of Cohesity’s standout strategies is its “clean room” approach, a methodical framework for cyber resilience.
- Preparation begins long before an incident occurs. The ‘digital jump bag’ is an immutable, vaulted storage area containing essential tools, workflows, and authentication mechanisms.
- This resource ensures teams can quickly establish a trusted environment to initiate response efforts, even if primary systems are compromised.
- The mitigation stage of two strategies: rebuilding systems with golden masters or rebuilding with information obtained at the investigation stage.
Read Full Article
26 Likes
TechCrunch
1M
237
Image Credit: TechCrunch
YC-backed Formal brings a clever security reverse-proxy out of stealth
- Security startup Formal has emerged from stealth mode with a reverse-proxy solution for securing access to sensitive data.
- Formal's reverse-proxy is deployed in the virtual private cloud (VPC) to log and enforce access policies for data stores and APIs.
- Founder Mokhtar Bacha, a former software engineer at ConsenSys, pivoted his startup idea to create Formal.
- Formal raised $5.8 million in a seed round led by Thrive Capital and has notable customers including Gusto, Notion, and Ramp.
Read Full Article
14 Likes
Medium
1M
452
Image Credit: Medium
HackTheBox Walkthrough: Introduction to Web Applications
- The CSS property 'text-align: left' is used to align an HTML element's text to the left.
- The login form should be checked for exposed passwords.
- If the payload 'Click Me' is used, a clickable link with the text 'Click Me' will be displayed on the page.
- XSS can be used to extract the cookie value on the above page.
- 'WAMP' is commonly used with the Windows operating system.
- If a web server returns an HTTP code 201, it stands for 'Created'.
- Google's Firebase Database is a NoSQL database.
- With a GET request of '/index.php?id=0', the name of the user with id number 1 can be searched for. The answer is 'superadmin'.
- The public vulnerability 'CVE-2014–6271' belongs to the category of public vulnerabilities.
- The CVSS score of the public vulnerability 'CVE-2017–0144' is not provided.
- The HackTheBox's Introduction to Web Applications module covers the fundamental structure of web applications, front-end and back-end technologies, common vulnerabilities, practical exercises, and foundational knowledge for aspiring web application penetration testers.
Read Full Article
27 Likes
Tech Radar
1M
378
Image Credit: Tech Radar
US Congressional staff exposed in Library of Congress email hack
- Emails from the US Library of Congress have been compromised in a hack believed to be carried out by a foreign adversary.
- The breach occurred between January and September 2024 and involves emails between congressional legislative staff and researchers.
- The extent of the compromised emails is currently unknown, but the sensitive nature of the communication raises concerns.
- The attack highlights the increasing vulnerability of US government institutions to cyber threats.
Read Full Article
22 Likes
Medium
1M
31
Image Credit: Medium
The Risks of Digital Identity: Why We Need a More Secure System
- The current digital identity system is not enough to keep our identities secure on various digital platforms, which include shopping, communicating, and voting.
- The main challenges faced by current digital identity systems include password fatigue, vulnerability to ever-evolving cyber threats, and privacy breaches.
- Emerging technologies such as Blockchain and biometric verification systems offer promising solutions in creating a tamper-proof, verifiable identity record that is under user control and offers significant convenience and security.
- A universal digital identity system would benefit users in terms of enhanced security, multi-layered authentication, control over identity information, and streamlining the processes for various transactions.
- Moreover, the government and businesses would gain from a universal digital identity system since it could reduce fraud, cut down administrative overhead and improve online transactions.
- Implementing a universal digital identity system could add trillions of dollars to the global economy and act as a catalyst to drive growth in fintech and healthcare sectors.
- The challenge lies in building trust by prioritizing user privacy and implementing strong safeguards to address privacy concerns.
- Cooperation among governments, tech companies, and privacy advocates is crucial to establishing clear regulatory frameworks that protect user rights while promoting the adoption of secure digital identity systems.
- By adopting secure digital identity systems, we can create a safer, more efficient, and more inclusive digital world.
- The vision for a universal digital identity system will require careful consideration of privacy concerns, transparency in data usage, and building trust between users, businesses, and governments.
Read Full Article
1 Like
For uninterrupted reading, download the app