Lifeboat Foundation

Machine learning (ML) is making incredible transformations in critical areas such as finance, healthcare, and defense, impacting nearly every aspect of our lives. Many businesses, eager to capitalize on advancements in ML, have not scrutinized the security of their ML systems. Today, along with MITRE, and contributions from 11 organizations including IBM, NVIDIA, Bosch, Microsoft is releasing the Adversarial ML Threat Matrix, an industry-focused open framework, to empower security analysts to detect, respond to, and remediate threats against ML systems.

During the last four years, Microsoft has seen a notable increase in attacks on commercial ML systems. Market reports are also bringing attention to this problem: Gartner’s Top 10 Strategic Technology Trends for 2020, published in October 2019, predicts that “Through 2022, 30% of all AI cyberattacks will leverage training-data poisoning, AI model theft, or adversarial samples to attack AI-powered systems.” Despite these compelling reasons to secure ML systems, Microsoft’s survey spanning 28 businesses found that most industry practitioners have yet to come to terms with adversarial machine learning. Twenty-five out of the 28 businesses indicated that they don’t have the right tools in place to secure their ML systems. What’s more, they are explicitly looking for guidance. We found that preparation is not just limited to smaller organizations. We spoke to Fortune 500 companies, governments, non-profits, and small and mid-sized organizations.

Our survey pointed to marked cognitive dissonance especially among security analysts who generally believe that risk to ML systems is a futuristic concern. This is a problem because cyber attacks on ML systems are now on the uptick. For instance, in 2020 we saw the first CVE for an ML component in a commercial system and SEI/CERT issued the first vuln note bringing to attention how many of the current ML systems can be subjected to arbitrary misclassification attacks assaulting the confidentiality, integrity, and availability of ML systems. The academic community has been sounding the alarm since 2004, and have routinely shown that ML systems, if not mindfully secured, can be compromised.

Plus this Chrome one being exploited in the wild, we note.

The largest DDoS attack in history was done against Google on 2017. It was done by a state-backed group.

Read article for more details.

Continue reading “Google Says Biggest DDoS Attack on Record Hit the Company in 2017” »

Hang bugs—when software gets stuck, but doesn’t crash—can frustrate both users and programmers, taking weeks for companies to identify and fix. Now researchers from North Carolina State University have developed software that can spot and fix the problems in seconds.

“Many of us have experience with hang bugs—think of a time when you were on website and the wheel just kept spinning and spinning,” says Helen Gu, co-author of a paper on the work and a professor of computer science at NC State. “Because these bugs don’t crash the program, they’re hard to detect. But they can frustrate or drive away customers and hurt a company’s bottom line.”

Continue reading “Software spots and fixes hang bugs in seconds, rather than weeks” »

In the race to launch smallsats into low earth orbit quickly and cost-effectively, operators and manufacturers have compromised on security and left themselves vulnerable to cyber attacks. Let’s not make Newspace a paradise for hackers.

Smallsat operators and manufacturers need to consider why their smallsats are so vulnerable to cyber attacks, the harm attacks can cause, cyber security weaknesses, why basic encryption is not enough and what can be done about it now. These are the issues that this article addresses.

Moscow said there was no evidence for the accusation, calling it a “serious and wilful provocation”.

The Russian hacking network was behind a ransomware attack that ensnared hundreds of hospitals. Its next target could’ve been elections.

Nice looking website you’ve got there. It’d be a shame if someone DDoS’d it.

Ten days after it learned it was targeted by a ransomware attack, the College of Nurses of Ontario (CNO) is still trying to figure out if the personal information of its 300 employees and 195,500 members has been compromised, officials tell CBC News.

“We are aware of a claim on the dark web regarding data theft from CNO,” the nursing regulatory body told CBC News in a statement.