Security & Privacy


Google Chrome can now spot even brand new phishing pages

ZDNet

Google is stepping up defenses against phishing through a new predictive feature coming to Chrome and its Advanced Protection Program for high-risk Gmail users. Google has updated its Safe Browsing technology to warn users when they visit a new phishing page that hasn't existed long enough to be detected by Safe Browsing as a known phishing site. The new predictive phishing protection for Chrome is designed to prevent users from typing their credentials in a phishing site that was "created and used for attacks moments later". According to Google, Safe Browsing's historical data allow it to make predictions about risks in real-time. Predictive phishing protection will initially only protect the Google account password, however it will eventually be used to protect all passwords saved in Chrome's password manager.


Apple responds to Sen. Al Franken's Face ID concerns in letter

Engadget

Apple has responded to Senator Al Franken's concerns over the privacy implications of its Face ID feature, which is set to debut on the iPhone X next month. In his letter to Tim Cook, Franken asked about customer security, third-party access to data (including requests by law enforcement), and whether the tech could recognize a diverse set of faces. In its response, Apple indicates that it's already detailed the tech in a white paper and Knowledge Base article -- which provides answers to "all of the questions you raise". But, it also offers a recap of the feature regardless (a TL:DR, if you will). Apple reiterates that the chance of a random person unlocking your phone is one in a million (in comparison to one in 500,000 for Touch ID).


Trusted MCUs for IoT applications

@machinelearnbot

As IoT technology continues to make our lives more comfortable through greater intelligence enabled by networking smart devices, it becomes increasingly important to protect the information stored and transmitted by these devices. Embedded MCUs are at the core of IoT-based products, and selecting the right MCU is key to meeting the present and future needs of your customers. An MCU designed for IoT applications needs to have sufficient processing capabilities, hardware-based security, and software algorithms to provide a safe and secure solution. Secure MCUs should offer multiple levels of security elements to support various security algorithms like Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Secure Hash Algorithm (SHA). The MCU needs to provide a complete chain of security, secure boot process, hardware-based root of trust, true random number generation functionality in hardware, and user application code authentication, among other capabilities.


Can you be hacked by the world around you?

PBS NewsHour

As someone who researches 3-D modeling, including assessing 3-D printed objects to be sure they meet quality standards, I'm aware of being vulnerable to methods of storing malicious computer code in the physical world. Researchers at the University of Washington tested another possibility recently, embedding a computer virus in DNA. Closer to home, when you scan a QR code, your computer or phone processes the data in the code and takes some action – perhaps sending an email or going to a specified URL. For example, to prevent the infection of our 3-D printing quality sensing system by a conventional attack, we proposed placing it on another computer, one disconnected from the internet and other sources of potential cyberattacks.


7 Surprising Facts about AI and Big Data in Cybersecurity - insideBIGDATA

@machinelearnbot

In this special guest feature, Kumar Saurabh, CEO and co-founder of Logichub, observes how the correlation between data volumes and IT security seems straightforward, but in reality it's complex and at times paradoxical. He provides 7 surprising facts about big data and artificial intelligence (AI) as they are used in cybersecurity. He has a passion for helping organizations improve the efficacy of their security operations, and personally witnessed the limitations of existing solutions in helping SOC analysts detect threats buried deep within mountains of alerts and events. Here are 7 surprising facts about big data and artificial intelligence (AI) as they are used in cybersecurity.


The future of surveillance is hidden in airport ads

Engadget

According to officials presenting the security and customs tunnel at the 37th Gulf Information Technology Exhibition (GITEX) Technology Week at the World Trade Centre in Dubai, its video shows will not be limited to chicken of the sea. "The fish is a sort of entertainment and something new for the traveller but, at the end of the day, it attracts the vision of the travellers to different corners in the tunnel for the cameras to capture his/her face print," Major Gen Obaid Al Hameeri, deputy director general of Dubai residency and foreign affairs, told press. Australia is currently considering the same thing, where passengers are filtered through a tunnel that seamlessly captures their biometrics (facial scanning) as they go through the airport. But considering that the Dubai International Airport is already talking about its security scanner as an advertising surveillance tunnel, it feels like science fiction is letting our current world off the hook by comparison.


How artificial intelligence is becoming a key weapon in the cyber security war

#artificialintelligence

In the last 12 months, 60% of Australian organisations experienced a ransomware attack. A significant challenge for businesses is that legacy antivirus technology is too slow to stop cyber-attacks in time. Throughout the last year, 24 percent of Australian organisations experienced a ransomware incident on at least a monthly basis and it took five hours or more to recover. As we reflect on the way organisations around the world have been impacted by breaches this year, it's clear that traditional approaches to security have failed.


Alibaba Launches Global Research Program for Cutting-Edge Technology Development

#artificialintelligence

HANGZHOU, China--(BUSINESS WIRE)--Alibaba Group Holding Ltd. ("Alibaba Group") announced today the launch of an innovative global research program, "Alibaba DAMO Academy ("Academy")," which is designed to increase technological collaboration worldwide, advance the development of cutting-edge technology and strive to make the world more inclusive by narrowing the technology gap. The Academy, which stands for the "Academy for Discovery, Adventure, Momentum and Outlook," will oversee the opening of research and development labs worldwide and seek to recruit talented scientists and researchers to join the program. We aim to discover breakthrough technologies that will enable greater efficiency, network security and ecosystem synergy for end-users and businesses everywhere," said Jeff ZHANG. We are now looking for talented and driven researchers to join us in the quest for new disruptive technologies that would advance our every-day lives, benefit small businesses and narrow the technology gap to make our world a more inclusive place," Zhang added.


8 Unicorns Grazing Across the European Union - Nanalyze

#artificialintelligence

Denmark's Saxo Bank, a licensed and regulated bank, develops technologies in online trading, including web and mobile platforms for trading multiple asset classes. Valued at $1.1 billion with $771.8 million in total funding, OVH offers hosting solutions for web, dedicated, and cloud platforms. Valued at $1.1 billion and with $565.47 million in funding, the company works to bring online fashion to emerging markets. Previously featured in our list of 9 Hot Cybersecurity Startups, Avast has taken $100 million in funding and turned it into protection for over 400 million people online, offering digital security software for Android, PC, and Mac.


North Korea Hacking War: Attack Planned To Target US Power Grid

International Business Times

North Korea had plans to direct a cyber attack against power grids in the United States and successfully launched an attack directed at South Korea's Ministry of Defense, NBC News reported. While the campaign may have failed, the attempts of North Korean hackers to target utility companies presents a growing risk for American companies that are responsible for keeping the lights on for millions of homes across the country. Many power grids operate on a network separate from the public internet, insulating the systems that control the grid from attackers. North Korean hackers were able to successfully infiltrate South Korea's defense ministry and stole a large collection of military documents that purport to detail wartime contingency plans developed by South Korea and the U.S. A total of 235 gigabytes of military documents were reported to be stolen from South Korea's Defense Integrated Data Centre in a breach that took place in September 2016, and 80 percent of those stolen files have yet to be identified.