Daily Tech Digest - February 15, 2020

How Can Companies Minimize Risk Against Emerging Threats?

It's estimated that there is a ransomware attack every 14 seconds somewhere in the world. By far, the single greatest vulnerability that companies continue to face is the infiltration of malware from phishing campaigns. Other vulnerabilities stem from the proliferation of IoT components, cloud storage and computing, and new data and financial apps that external vendors provide and install on the organization's system. To battle the threat, I believe a dedicated effort must go all the way up to the C-level to ensure that everyone is put to the task because when an intrusion attempt succeeds, it's already too late. It can take hackers as little as 19 minutes to get into a system and up to eight hours for many companies to respond due to their obligation to internal processes. Many larger companies install a variety of specialized solutions to protect themselves in different areas, and it seems that endless products answer very specific threats. Too often, though, that buildup of solutions from a multitude of vendors exacerbates the risk that each patch is intended to guard against.

Emotion AI researchers say overblown claims give their work a bad name

Emotion recognition, also known as affective computing, is still a nascent technology. As AI researchers have tested the boundaries of what we can and can’t quantify about human behavior, the underlying science of emotions has continued to develop. There are still multiple theories, for example, about whether emotions can be distinguished discretely or fall on a continuum. Meanwhile, the same expressions can mean different things in different cultures. In July, a meta-study concluded that it isn’t possible to judge emotion by just looking at a person’s face. The study was widely covered, often with headlines suggesting that “emotion recognition can’t be trusted.” Emotion recognition researchers are already aware of this limitation. The ones we spoke to were careful about making claims of what their work can and cannot do. Many emphasized that emotion recognition cannot actually assess an individual’s internal emotions and experience. It can only estimate how that individual’s emotions might be perceived by others, or suggest broad, population-based trends.

AIoT – Convergence of Artificial Intelligence with the Internet of Things

Large volumes of confidential company information and user data are tempting targets for dark web hackers as well as the global government entities. The high level of risk has also brought in newer and more responsibilities that accompany the increased capability. Sensors are now applied to almost everything. This indicates that infinitely more data can be collected from every transaction or process in real-time. IoT devices are the front line of the data collection process in manufacturing environments and also in the customer service departments. Any device with a chipset can potentially be connected to a network and begin streaming data 24/7. Complex algorithms allow performing predictive analytics from all conceivable angles. Machine learning (ML), a subset of AI, continues to upgrade workflows and simplify problem-solving. Companies now capture all the meaningful data surrounding their processes and problems to develop specific solutions for real challenges within the organization, improving efficiency, reliability, and sustainability. 

8 steps to being (almost) completely anonymous online

9 steps to make you completely anonymous online
The universe believes in encryption, a wise man once opined, because it is astronomically easier to encrypt than it is to brute force decrypt. The universe does not appear to believe in anonymity, however, as it requires significant work to remain anonymous. We are using privacy and anonymity interchangeably, and this is incorrect. An encrypted message may protect your privacy — because (hopefully) no one else can read it besides you and your recipient — but encryption does not protect the metadata, and thus your anonymity. Who you're talking to, when, for how long, how many messages, size of attachments, type of communication (text message? email? voice call? voice memo? video call?), all this information is not encrypted and is easily discoverable by sophisticated hackers with a mass surveillance apparatus, which is most these days. A final thought before we dig into specific technical tools: "Online" is now a meaningless word. Meatspace and cyberspace have merged. We used to live in the "real world" and "go online."

MIT finds massive security flaws with blockchain voting app

MIT researchers released a lengthy paper on Thursday that said hackers could change votes through the app, which has already been used in Oregon, West Virginia, Washington and Utah since 2018. "Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted," MIT said in a news release. Additionally, the researchers found that Voatz' use of a third-party vendor for voter identification and verification poses potential privacy issues for users," the MIT press release said. In a blog post and call with reporters, Voatz defended its security practices and disputed the claims made by the MIT researchers. The company said the research paper was based on an "old version" of the app and that because of this, many of their claims were invalid.  "Voatz has worked for nearly five years to develop a resilient ballot marking system, a system built to respond to unanticipated threats and to distribute updates worldwide with short notice.

The time is now: How to manufacture your smart factory with Industrial IoT

Although the value of digital innovation is apparent, widespread adoption has been slow. This is due to a myriad of challenges. For many organisations, the biggest challenge is available talent — they simply don’t have the internal expertise to plan and execute digital innovation initiatives. With continued strain on IT budgets, organisations struggle to both manage the priorities of today and invest in the talent needed to help them transform their business. A new report by PwC identified hiring more Internet of Things (IoT) engineers and data scientists – while training the wider workforce in digital skills – as a key change CEOs must implement if they want to maximise the benefits from digitisation of manufacturing. Legacy technology is another factor holding manufacturers back. The average factory today is 25 years old, according to McKinsey, with machinery that’s approaching nine years old. Before any plans of integrating the IoT can begin at these plants, they must first upgrade equipment to enable digital readiness. Driven by immediate goals of reducing costs and returns, some manufacturing companies have deferred technology investment.

Microsoft's Windows Terminal: This is the final preview of its new command-line tool

This update brings new command-line arguments, such as the 'wt' execution alias. Users can now launch Terminal with new tabs and split panes, which open with preferred profiles and directories.  Terminal developers point out that the 'wt' design was "heavily inspired by that of the venerable and beloved GNU screen competitor" called tmux, a terminal for Unix-like systems. "You can wt new-tab, wt split-pane, wt new-tab -p Debian ; split-pane -p PowerShell until your heart's content," says Dustin Howett, an engineer lead at Microsoft. .. This release also has some goodies for PowerShell Core fans, with Terminal now automatically finding PowerShells on a system. "The Windows Terminal will now detect any version of PowerShell and automatically create a profile for you," explains Kayla Cinnamon, Windows Terminal program manager. "The PowerShell version we think looks best (starting from highest version number, to the most GA version, to the best-packaged version) will be named as 'PowerShell' and will take the original PowerShell Core slot in the dropdown."

Machine learning could lead cybersecurity into uncharted territory

Security threats are evolving to include adversarial attacks against AI systems; more expensive ransomware targeting cities, hospitals, and public-facing institutions; misinformation and spear phishing attacks that can be spread by bots in social media; and deepfakes and synthetic media have the potential to become security vulnerabilities. In the cover story, European correspondent Chris O’Brien dove into how the spread of AI in security can lead to less human agency in the decision-making process, with malware evolving to adapt and adjust to security firm defense tactics in real time. Should costs and consequences of security vulnerabilities increase, ceding autonomy to intelligent machines could begin to seem like the only right choice. We also heard from security experts like McAfee CTO Steve Grobman, F-Secure’s Mikko Hypponen, and Malwarebytes Lab director Adam Kujawa, who talked about the difference between phishing and spear phishing, addressed an anticipated rise in personalized spear phishing attacks ahead, and spoke generally to the fears — unfounded and not — around AI in cybersecurity.

Cloud Threat Report Shows Need for Consistent DevSecOps

Image: areebarbar - Adobe Stock
Despite efforts to educate developers on the importance of security, he says most developers believe their top priority is getting new features and functionality out as quickly as possible. “Yes, they’re supposed to engineer-in security but that doesn’t happen in many cases,” Chiodi says. “Many organizations have not yet embraced the concept of DevSecOps.” Unit 42’s research shows that forward leaning organizations such as consumer companies want to operate with cloud-scale, serving a multitude of users, while maintaining security. Chiodi cites Netflix as a company that does so because it fully integrated development, security, and operations. He suggests that security teams should also embrace infrastructure as code to automatically put written security policies into code. “That way when a developer creates a new cloud environment, if it has security standards coded right in, every time they create from that template it will be the same every time,” he says. Conversely, Chiodi says a template with vulnerabilities will repeat those vulnerabilities each time it is applied.

Election hacking: is it the end of democracy as we know it?

Election hacking: is it the end of democracy as we know it? image
According to David Emm, senior security researcher at Kaspersky Lab, “the term ‘hacking’ often gets used loosely to refer to different attempts to interfere in elections. These include using social media to try and shape opinions or stealing data held on compromised computers to try and shame political figures, as well as tampering directly with machines used to manage the voting process.” Mateo Meier, the founder and CEO of Artmotion, a cloud security company, agrees that “threat actors will use all available tools at their disposal to hack the outcome [of an election]. So it’s always likely to be a multi-pronged approach rather than a single data breach during election season.” In recent years, governments have made some serious accusations, and researchers have demonstrated how vulnerabilities in voting machines can be targeted. “Such vulnerabilities have also been seen in the real-world, with NSW election results being challenged over [the] iVote security flaw. Yet, it’s difficult to gauge the impact a successful real world attack would have.

Quote for the day:

"Leaders need to be optimists._ Their vision is beyond the present." -- Rudy Giuliani

No comments:

Post a Comment