Security News

Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning systems. Just as artificial intelligence and ML are being deployed in a wide variety of novel applications, threat actors can not only abuse the technology to power their malware but can also leverage it to fool machine learning models with poisoned datasets, thereby causing beneficial systems to make incorrect decisions, and pose a threat to stability and safety of AI applications.

International Data Corporation published a new assessment of eleven companies offering the tools and frameworks for developing advanced machine learning models and solutions. The eleven advanced machine learning platform providers evaluated in this MarketScape report are: Alteryx, Amazon Web Services, Cloudera, Dataiku, DataRobot, Google, H2O.ai, IBM, MathWorks, Microsoft, and SAS. Advanced machine learning platforms provide a range of ML methods primarily working with structured and semi-structured data to create predictive and prescriptive models that are then used in applications.

Success in the digital economy requires organizations to move beyond a traditional, cost-sensitive view of infrastructure and adopt a broader recognition that a responsive, scalable, and resilient cloud-centric infrastructure will help drive revenue while aligning technology adoption and IT operational governance with positive business outcomes. The transition to a cloud-centric digital infrastructure, which is already underway within many organizations, depends upon commitment to a digital strategy accompanied by a new set of key performance indicators focused on resource optimization, consistent resilience, and continual enhancement.

Microsoft on Tuesday announced the release of Project OneFuzz, an open source fuzzing framework for Azure that the tech giant has been using internally for the past year to find and patch bugs. Project OneFuzz, which Microsoft describes as an extensible fuzz testing framework, is designed to address some of the challenges typically associated with fuzzing, enabling developers to conduct this type of testing themselves and allowing security engineers to focus on other important tasks.

Google patched a critical vulnerability in the Media Framework of its Android operating system, which if exploited could lead to remote code execution attacks on vulnerable devices. "The most severe of these issues is a critical security vulnerability in the Media Framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," according to the Android security update.

To help companies proactively address AI ethics and integrity, the Deloitte AI Institute announced its Trustworthy AI framework. "C-suite executives and boards must ask tough questions about ethical use of technology and provide active governance to safeguard their organization's reputation and preserve the trust of internal and external stakeholders," said Irfan Saif, AI co-leader, Deloitte & Touche LLP. "Organizations must demonstrate readiness to manage the new breed of risk that comes with human-machine collaboration. Our Trustworthy AI framework provides a common language to help organizations develop the appropriate safeguards and use AI in an ethical manner."

Kaspersky's security researchers have identified a multi-platform malware framework that they believe North Korea-linked hackers have been leveraging in attacks over the past couple of years. Called MATA, the platform appears to have been in use since spring 2018 to target computers running Windows, Linux, and macOS. The framework, which consists of components such as a loader, an orchestrator, and plugins, is believed to be linked to the prolific North Korean hacking group Lazarus.

Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware. Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the infrastructure as "MataNet" - comes with a wide range of features designed to carry out a variety of malicious activities on infected machines.

Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware. Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the infrastructure as "MataNet" - comes with a wide range of features designed to carry out a variety of malicious activities on infected machines.

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. As far as victimology, known organizations hit by the MATA framework have been located in Germany, India, Japan, Korea, Turkey and Poland - indicating that the attacks cast a wide net.