Security News

A report published last year has noted that most attacks against artificial intelligence systems are focused on manipulating them, but that new attacks using machine learning are within attackers' capabilities. Microsoft now says that attacks on machine learning systems are on the uptick and MITRE notes that, in the last three years, "Major companies such as Google, Amazon, Microsoft, and Tesla, have had their ML systems tricked, evaded, or misled." At the same time, most businesses don't have the right tools in place to secure their ML systems and are looking for guidance.

Organizations are often forced to make critical security decisions based on threat data that is not accurate, relevant and fresh, a Neustar report reveals. Just 60% of cybersecurity professionals surveyed indicate that the threat data they receive is both timely and actionable, and only 29% say the data they receive is both extremely accurate and relevant to the threats their organization is facing at that moment.

A Finnish psychotherapy centre was hit by hackers who stole therapy session notes - before threatening patients of the clinic with ransom demands amid selective dark web leaks of stolen material. "Psychotherapy Center Vastaamo has been the victim of data breaches and blackmail," said the Helsinki-based clinical chain late last week, adding: "In recent days, the blackmailer has published sections of the information he obtained during the hacking. Now the blackmailer has begun to approach the victims of the breach with blackmail letters demanding a ransom."

The purpose of threat intelligence is to collect data from a variety of sources outside of the organization's perimeters and generate intelligence on what is happening "Out there", enriching the organization's security operations. Threat intelligence provides visibility that extends beyond the organization's perimeters - and this visibility is based on the vendor's coverage on intelligence sources.

Securonix announced it signed an OEM agreement with Opora, a next-generation cybersecurity provider that uses pre-attack adversary behavior analytics to protect organizations from emerging threats. The partnership provides customers Securonix Adversary Behavior Analytics, an advanced capability that helps organizations protect mission critical assets by monitoring adversary behavior and delivering automated, preemptive actions that prevent attacks and help contain adversary threats.

Microsoft and MITRE, in collaboration with a dozen other organizations, have developed a framework designed to help identify, respond to, and remediate attacks targeting machine learning systems. The Adversarial ML Threat Matrix, which Microsoft has released in collaboration with MITRE, IBM, NVIDIA, Airbus, Bosch, Deep Instinct, Two Six Labs, Cardiff University, the University of Toronto, PricewaterhouseCoopers, the Software Engineering Institute at Carnegie Mellon University, and the Berryville Institute of Machine Learning, is an industry-focused open framework that aims to address this issue.

Source Defense announced its new offering of Website in Page Protection, as well as product enhancements and performance improvements to the VICE sandboxing technology within the Source Defense Platform. The Source Defense Platform protects online businesses and their customers from automated attacks and client-side threats, and improves operational efficiency.

Some of the world's most skilled nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms, according to a report from Accenture. The report examines the tactics, techniques and procedures employed by some of the most sophisticated cyber adversaries and explores how cyber incidents could evolve over the next year.

Sweden is banning Chinese tech companies Huawei and ZTE from building new high-speed wireless networks after a top security official called China one of the country's biggest threats. The Swedish telecom regulator said Tuesday that four wireless carriers bidding for frequencies in an upcoming spectrum auction for the new 5G networks must not use equipment from Huawei or ZTE. Wireless carriers that plan to use existing telecommunications infrastructure for 5G networks must also rip out any existing gear from Huawei or ZTE, the Swedish Post and Telecom Authority said.

Insider threats, ransomware and cyber espionage were all in decline in the early part of 2020, according to the EU's cybersecurity agency - though the risk of an "Uncontrolled cyber arms race" among nation states is growing. The EU Agency for Cybersecurity said in its annual report issued today that those three categories of cyber threat were in decline up until April this year when COVID-19-related lockdowns began.