Quote for the day:
“Remember, teamwork begins by building trust. And the only way to do that is to overcome our need for invulnerability.” -- Patrick Lencioni
Algorithm can make AI responses increasingly reliable with less computational overhead
The algorithm uses the structure according to which the language information is
organized in the AI's large language model (LLM) to find related information.
The models divide the language information in their training data into word
parts. The semantic and syntactic relationships between the word parts are then
arranged as connecting arrows—known in the field as vectors—in a
multidimensional space. The dimensions of space, which can number in the
thousands, arise from the relationship parameters that the LLM independently
identifies during training using the general data. ... Relational arrows
pointing in the same direction in this vector space indicate a strong
correlation. The larger the angle between two vectors, the less two units of
information relate to one another. The SIFT algorithm developed by ETH
researchers now uses the direction of the relationship vector of the input query
(prompt) to identify those information relationships that are closely related to
the question but at the same time complement each other in terms of
content. ... By contrast, the most common method used to date for selecting
the information suitable for the answer, known as the nearest neighbor method,
tends to accumulate redundant information that is widely available. The
difference between the two methods becomes clear when looking at an example of a
query prompt that is composed of several pieces of information.
Bring Your Own Malware: ransomware innovates again
The approach taken by DragonForce and Anubis shows that cybercriminals are
becoming increasingly sophisticated in the way they market their services to
potential affiliates. This marketing approach, in which DragonForce positions
itself as a fully-fledged service platform and Anubis offers different revenue
models, reflects how ransomware operators behave like “real” companies. Recent
research has also shown that some cybercriminals even hire pentesters to test
their ransomware for vulnerabilities before deploying it. So it’s not just dark
web sites or a division of tasks, but a real ecosystem of clear options for
“consumers.” We may also see a modernization of dark web forums, which currently
resemble the online platforms of the 2000s. ... Although these developments in
the ransomware landscape are worrying, Secureworks researchers also offer
practical advice for organizations to protect themselves. Above all, defenders
must take “proactive preventive” action. Fortunately and unfortunately, this
mainly involves basic measures. Fortunately, because the policies to be
implemented are manageable; unfortunately, because there is still a lack of
universal awareness of such security practices. In addition, organizations must
develop and regularly test an incident response plan to quickly remediate
ransomware activities.
Phishing attacks thrive on human behaviour, not lack of skill
Phishing draws heavily from principles of psychology and classic social
engineering. Attacks often play on authority bias, prompting individuals to
comply with requests from supposed authority figures, such as IT personnel,
management, or established brands. Additionally, attackers exploit urgency and
scarcity by sending warnings of account suspensions or missed payments, and
manipulate familiarity by referencing known organisations or
colleagues. Psychologs has explained that many phishing techniques bear
resemblance to those used by traditional confidence tricksters. These attacks
depend on inducing quick, emotionally-driven decisions that can bypass normal
critical thinking defences. The sophistication of phishing is furthered by
increasing use of data-driven tactics. As highlighted by TechSplicer, attackers
are now gathering publicly available information from sources like LinkedIn and
company websites to make their phishing attempts appear more credible and
tailored to the recipient. Even experienced professionals often fall for
phishing attacks, not due to a lack of intelligence, but because high workload,
multitasking, or emotional pressure make it difficult to properly scrutinise
every communication.
What Steve Jobs can teach us about rebranding
Humans like to think of themselves as rational animals, but it comes as no news
to marketers that we are motivated to a greater extent by emotions. Logic brings
us to conclusions; emotion brings us to action. Whether we are creating a poem
or a new brand name, we won’t get very far if we treat the task as an
engineering exercise. True, names are formed by putting together parts, just as
poems are put together with rhythmic patterns and with rhyming lines, but that
totally misses what is essential to a name’s success or a poem’s success.
Consider Microsoft and Apple as names. One is far more mechanical, and the other
much more effective at creating the beginning of an experience. While both
companies are tremendously successful, there is no question that Apple has the
stronger, more emotional experience. ... Different stakeholders care about
different things. Employees need inspiration; investors need confidence;
customers need clarity on what’s in it for them. Break down these audiences and
craft tailored messages for each group. Identifying the audience groups can be
challenging. While the first layer is obvious—customers, employees, investors,
and analysts—all these audiences are easy to find and message. However, what is
often overlooked is the individuals in those audiences who can more positively
influence the rebrand. It may be a particular journalist, or a few select
employees.
Coaching AI agents: Why your next security hire might be an algorithm
Like any new team member, AI agents need onboarding before operating at maximum
efficacy. Without proper onboarding, they risk misclassifying threats,
generating excessive false positives, or failing to recognize subtle attack
patterns. That’s why more mature agentic AI systems will ask for access to
internal documentation, historical incident logs, or chat histories so the
system can study them and adapt to the organization. Historical security
incidents, environmental details, and incident response playbooks serve as
training material, helping it recognize threats within an organization’s unique
security landscape. Alternatively, these details can help the agentic system
recognize benign activity. For example, once the system knows what are allowed
VPN services or which users are authorized to conduct security testing, it will
know to mark some alerts related to those services or activities as benign. ...
Adapting AI isn’t a one-time event, it’s an ongoing process. Like any team
member, agentic AI deployments improve through experience, feedback, and
continuous refinement. The first step is maintaining human-in-the-loop
oversight. Like any responsible manager, security analysts must regularly review
AI-generated reports, verify key findings, and refine conclusions when
necessary.
Cyber insurance is no longer optional, it’s a strategic necessity
Once the DPDPA fully comes into effect, it will significantly alter how
companies approach data protection. Many enterprises are already making efforts
to manage their exposure, but despite their best intentions, they can still fall
victim to breaches. We anticipate that the implementation of DPDPA will likely
lead to an increase in the uptake of cyber insurance. This is because the Act
clearly outlines that companies may face penalties in the event of a data breach
originating from their environment. Since cyber insurance policies often include
coverage for fines and penalties, this will become an increasingly important
risk-transfer tool. ... The critical question has always been: how can we
accurately quantify risk exposure? Specifically, if a certain event were to
occur, what would be the financial impact? Today, there are advanced tools and
probabilistic models available that allow organisations to answer this question
with greater precision. Scenario analyses can now be conducted to simulate
potential events and estimate the resulting financial impact. This, in turn,
helps enterprises determine the appropriate level of insurance coverage, making
the process far more data-driven and objective. Post-incident technology also
plays a crucial role in forensic analysis. When an incident occurs, the
immediate focus is on containment.
Adversary-in-the-Middle Attacks Persist – Strategies to Lessen the Impact
One of the most recent examples of an AiTM attack is the attack on Microsoft 365
with the PhaaS toolkit Rockstar 2FA, an updated version of the DadSec/Phoenix
kit. In 2024, a Microsoft employee accessed an attachment that led them to a
phony website where they authenticated the attacker’s identity through the link.
In this instance, the employee was tricked into performing an identity
verification session, which granted the attacker entry to their account. ... As
more businesses move online, from banks to critical services, fraudsters are
more tempted by new targets. The challenges often depend on location and sector,
but one thing is clear: Fraud operates without limitations. In the United
States, AiTM fraud is progressively targeting financial services, e-commerce and
iGaming. For financial services, this means that cybercriminals are intercepting
transactions or altering payment details, inducing hefty losses. Concerning
e-commerce and marketplaces, attackers are exploiting vulnerabilities to
intercept and modify transactions through data manipulation, redirecting
payments to their accounts. ... As technology advances and fraud continues to
evolve with it, we face the persistent challenge of increased fraudster
sophistication, threatening businesses of all sizes.
From legacy to lakehouse: Centralizing insurance data with Delta Lake
Centralizing data and creating a Delta Lakehouse architecture significantly
enhances AI model training and performance, yielding more accurate insights and
predictive capabilities. The time-travel functionality of the delta format
enables AI systems to access historical data versions for training and testing
purposes. A critical consideration emerges regarding enterprise AI platform
implementation. Modern AI models, particularly large language models, frequently
require real-time data processing capabilities. The machine learning models
would target and solve for one use case, but Gen AI has the capability to learn
and address multiple use cases at scale. In this context, Delta Lake effectively
manages these diverse data requirements, providing a unified data platform for
enterprise GenAI initiatives. ... This unification of data engineering, data
science and business intelligence workflows contrasts sharply with traditional
approaches that required cumbersome data movement between disparate systems
(e.g., data lake for exploration, data warehouse for BI, separate ML platforms).
Lakehouse creates a synergistic ecosystem, dramatically accelerating the path
from raw data collection to deployed AI models generating tangible business
value, such as reduced fraud losses, faster claims settlements, more accurate
pricing and enhanced customer relationships.
How AI and Data-Driven Decision Making Are Reshaping IT Ops
Rather than relying on intuition, IT decision-makers now lean on insights drawn
from operational data, customer feedback, infrastructure performance, and market
trends. The objective is simple: make informed decisions that align with broader
business goals while minimizing risk and maximizing operational efficiency. With
the help of analytics platforms and business intelligence tools, these insights
are often transformed into interactive dashboards and visual reports, giving IT
teams real-time visibility into performance metrics, system anomalies, and
predictive outcomes. A key evolution in this approach is the use of predictive
intelligence. Traditional project and service management often fall short when
it comes to anticipating issues or forecasting success. ... AI also helps IT
teams uncover patterns that are not immediately visible to the human eye.
Predictive models built on historical performance data allow organizations to
forecast demand, manage workloads more efficiently, and preemptively resolve
issues before they disrupt service. This shift not only reduces downtime but
also frees up resources to drive innovation across the enterprise. Moreover,
companies that embrace data as a core business asset tend to nurture a culture
of curiosity and informed experimentation.
The DFIR Investigative Mindset: Brett Shavers On Thinking Like A Detective
You must be technical. You have to be technically proficient. You have to be
able to do the actual technical work. And I’m not to rely on- not to bash a
vendor training for a tool training, you have to have tool training, but you
have to have exact training on “This is what the registry is, this is how you
pull the-” you have to have that information first. The basics. You gotta have
the basics, you have the fundamentals. And a lot of people wanna skip
that. ... The DF guys, it’s like a criminal case. It’s “This is the
computer that was in the back of the trunk of a car, and that’s what we got.”
And the IR side is “This is our system and we set up everything and we can
capture what we want. We can ignore what we want.” So if you’re looking at it
like “Just in case something is gonna be criminal we might want to prepare a
little bit,” right? So that makes DF guys really happy. If they’re coming in
after the fact of an IR that becomes a case, a criminal case or a civil
litigation where the DF comes in, they go, “Wow, this is nice. You guys have
everything preserved, set up as if from the start you were prepared for this.”
And it’s “We weren’t really prepared. We were prepared for it, we’re hoping it
didn’t happen, we got it.” But I’ve walked in where drives are being wiped on a
legal case.
