HESPIDS: A Hierarchical and Extensible System for Process Injection Detection using Sysmon

Advanced Persistent Threat (APT) actors are increasingly utilizing Living-off-the-Land (LotL) cyber attack techniques to avoid detection. LotL are techniques that abuse legitimate functionality to perform malicious cyber activities. A common LotL attack technique, that is currently very difficult to detect and prevent, is malicious process injection, MITRE ATT\&CK Process Injection ID: T1055. We report on the initial results for HESPIDS: A Hierarchical and Extensible System for Process Injection Detection using Sysmon. We developed a hierarchical graph-based detection approach for accurate and automated detection for five process injection techniques in Windows clients. These techniques include four of 11 T1055 sub-techniques: DLL Injection, PE Injection, APC Injection, Process Hollowing, and a T1056 sub-technique: API Hooking (T1056.004). Our novel detection approach exhibits, within the limitations of our small testing environment, very high sensitivity and specificity. HESPIDS demonstrates a promising avenue for development of automated detection of advanced cybersecurity threats

MAHIVE: Modular Analysis Hierarchical Intrusion Detection System Visualization Event Cybersecurity Engine for Cyber-Physical Systems and Internet of Things Devices

Cyber-Physical Systems (CPS), including Industrial Control Systems (ICS) and Industrial Internet of Things (IIoT) networks, have become critical to our national infrastructure. The increased occurrence of cyber-attacks on these systems and the potential for catastrophic losses illustrates the critical need to ensure our CPS and ICS are properly monitored and secured with a multi-pronged approach of prevention, detection, deterrence, and recovery. Traditional Intrusion Detection Systems (IDS) and Intrusion Detection and Prevention Systems (IDPS) lack features that would make them well-suited for CPS and ICS environments. We report on the initial results for MAHIVE: Modular Analysis Hierarchical IDS Visualization Event cybersecurity engine. MAHIVE differs from traditional IDS in that it was specifically designed and developed for CPS, ICS, a IIoT systems and networks. We describe the MAHIVE architecture, the design, and the results of our evaluation using two ICS testbed penetration testing experiments

Vector competence of Aedes aegypti, Culex tarsalis, and Culex quinquefasciatus from California for Zika virus.

Zika virus (ZIKV) has emerged since 2013 as a significant global human health threat following outbreaks in the Pacific Islands and rapid spread throughout South and Central America. Severe congenital and neurological sequelae have been linked to ZIKV infections. Assessing the ability of common mosquito species to transmit ZIKV and characterizing variation in mosquito transmission of different ZIKV strains is important for estimating regional outbreak potential and for prioritizing local mosquito control strategies for Aedes and Culex species. In this study, we evaluated the laboratory vector competence of Aedes aegypti, Culex quinquefasciatus, and Culex tarsalis that originated in areas of California where ZIKV cases in travelers since 2015 were frequent. We compared infection, dissemination, and transmission rates by measuring ZIKV RNA levels in cohorts of mosquitoes that ingested blood meals from type I interferon-deficient mice infected with either a Puerto Rican ZIKV strain from 2015 (PR15), a Brazilian ZIKV strain from 2015 (BR15), or an ancestral Asian-lineage Malaysian ZIKV strain from 1966 (MA66). With PR15, Cx. quinquefasciatus was refractory to infection (0%, N = 42) and Cx. tarsalis was infected at 4% (N = 46). No ZIKV RNA was detected in saliva from either Culex species 14 or 21 days post feeding (dpf). In contrast, Ae. aegypti developed infection rates of 85% (PR15; N = 46), 90% (BR15; N = 20), and 81% (MA66; N = 85) 14 or 15 dpf. Although MA66-infected Ae. aegypti showed higher levels of ZIKV RNA in mosquito bodies and legs, transmission rates were not significantly different across virus strains (P = 0.13, Fisher's exact test). To confirm infectivity and measure the transmitted ZIKV dose, we enumerated infectious ZIKV in Ae. aegypti saliva using Vero cell plaque assays. The expectorated plaque forming units PFU varied by viral strain: MA66-infected expectorated 13±4 PFU (mean±SE, N = 13) compared to 29±6 PFU for PR15-infected (N = 13) and 35±8 PFU for BR15-infected (N = 6; ANOVA, df = 2, F = 3.8, P = 0.035). These laboratory vector competence results support an emerging consensus that Cx. tarsalis and Cx. quinquefasciatus are not vectors of ZIKV. These results also indicate that Ae. aegypti from California are efficient laboratory vectors of ancestral and contemporary Asian lineage ZIKV

Redox-engineering enhances maize thermotolerance and grain yield in the field

Contains fulltext : 252904.pdf (Publisher’s version ) (Open Access)08 juli 202

Waterproofed Photomultiplier Tube Assemblies for the Daya Bay Reactor Neutrino Experiment

In the Daya Bay Reactor Neutrino Experiment 960 20-cm-diameter waterproof photomultiplier tubes are used to instrument three water pools as Cherenkov detectors for detecting cosmic-ray muons. Of these 960 photomultiplier tubes, 341 are recycled from the MACRO experiment. A systematic program was undertaken to refurbish them as waterproof assemblies. In the context of passing the water leakage check, a success rate better than 97% was achieved. Details of the design, fabrication, testing, operation, and performance of these waterproofed photomultiplier-tube assemblies are presented.Comment: 16 pages, 11 figures. Submitted to Nucl. Instr. Met

Statistical analysis plan for the ‘Tranexamic acid for hyperacute primary IntraCerebral Haemorrhage’ (TICH-2) trial

Rationale Aside from blood pressure lowering, treatment options for intracerebral haemorrhage remain limited and a proportion of patients will undergo early haematoma expansion with resultant significant morbidity and mortality. Tranexamic acid (TXA), an anti-fibrinolytic drug, has been shown to significantly reduce mortality in patients, who are bleeding following trauma, when given rapidly. TICH-2 is testing whether TXA is effective at improving outcome in spontaneous intracerebral haemorrhage (SICH). Methods and design TICH-2 is a pragmatic, phase III, prospective, double-blind, randomised placebo-controlled trial. Two thousand adult (aged ≥ 18 years) patients with an acute SICH, within 8 h of stroke onset, will be randomised to receive TXA or the placebo control. The primary outcome is ordinal shift of modified Rankin Scale score at day 90. Analyses will be performed using intention-to-treat. Results This paper and its attached appendices describe the statistical analysis plan (SAP) for the trial and were developed and published prior to database lock and unblinding to treatment allocation. The SAP includes details of analyses to be undertaken and unpopulated tables which will be reported in the primary and key secondary publications. The database will be locked in early 2018, ready for publication of the results later in the same year. Discussion The SAP details the analyses that will be done to avoid bias arising from prior knowledge of the study findings. The trial will determine whether TXA can improve outcome after SICH, which currently has no definitive therapy. Trial registration ISRCTN registry, ID: ISRCTN93732214. Registered on 17 January 2013

Spin-locking in low-frequency reaction yield detected magnetic resonance

The purported effects of weak magnetic fields on various biological systems from animal magnetoreception to human health have generated widespread interest and sparked much controversy in the past decade. To date the only well established mechanism by which the rates and yields of chemical reactions are known to be influenced by magnetic fields is the radical pair mechanism, based on the spin-dependent reactivity of radical pairs. A diagnostic test for the operation of the radical pair mechanism was proposed by Henbest et al. [J. Am. Chem. Soc., 2004, 126, 8102] based on the combined effects of weak static magnetic fields and radiofrequency oscillating fields in a reaction yield detected magnetic resonance experiment. Here we investigate the effects on radical pair reactions of applying relatively strong oscillating fields, both parallel and perpendicular to the static field. We demonstrate the importance of understanding the effect of the strength of the radiofrequency oscillating field; our experiments demonstrate that there is an optimal oscillating field strength above which the observed signal decreases in intensity and eventually inverts. We establish the correlation between the onset of this effect and the hyperfine structure of the radicals involved, and identify the existence of ‘overtone’ type features appearing at multiples of the expected resonance field positio

A Racist Attack Managing Complex Relationships with Traumatised Service Users – a Psychodynamic Approach

Notions of whiteness, white supremacy and racial hatred such as the recent multiple racist murders by a white supremacist in New Zealand are at the forefront of public consciousness. How does whiteness and racism play out in a clinical and social welfare context? This article illustrates the impact of trauma on a vulnerable young white woman who although was not the direct target of a racist assault was left traumatized by witnessing it. It discusses how initially she sought refuge in a racist solution synonymous with a psychic retreat to her own detriment. Working with such complex, unconscious and bewildering dynamics are extremely challenging for clinicians. It describes the impact of these dynamics on a clinician of colour who attempted to work with this young woman in a child and adolescent mental health service after the family were referred as a consequence of her assaulting her child shortly after witnessing the racist attack. The unconscious responses to trauma and challenges for clinicians and clinician of colour in particular when working with racism in the consulting room are also discussed

Measurement of Neutrino Oscillation with KamLAND: Evidence of Spectral Distortion

We present results of a study of neutrino oscillation based on a 766 ton-year exposure of KamLAND to reactor anti-neutrinos. We observe 258 \nuebar\ candidate events with energies above 3.4 MeV compared to 365.2 events expected in the absence of neutrino oscillation. Accounting for 17.8 expected background events, the statistical significance for reactor \nuebar disappearance is 99.998%. The observed energy spectrum disagrees with the expected spectral shape in the absence of neutrino oscillation at 99.6% significance and prefers the distortion expected from \nuebar oscillation effects. A two-neutrino oscillation analysis of the KamLAND data gives \DeltaMSq = 7.9$^{+0.6}_{-0.5}\times10^{-5}$ eV$^2$. A global analysis of data from KamLAND and solar neutrino experiments yields \DeltaMSq = 7.9$^{+0.6}_{-0.5}\times10^{-5}$ eV$^2$ and \ThetaParam = 0.40$^{+0.10}_{-0.07}$, the most precise determination to date.Comment: 5 pages, 4 figures; submitted to Phys.Rev.Letter