Recently, a considerable amount of malware research has focused on the use of powerful image-based machine learning techniques, which generally yield impressive results. However, before image-based techniques can be applied to malware, the samples must be converted to images, and there is no generally-accepted approach for doing so. The malware-to-image conversion strategies found in the literature often appear to be ad hoc, with little or no effort made to take into account properties of executable files. In this paper, we experiment with eight distinct malware-to-image conversion techniques, and for each, we test a variety of learning models. We find that several of these image conversion techniques perform similarly across a range of learning models, in spite of the image conversion processes being quite different. These results suggest that the effectiveness of image-based malware classification techniques may depend more on the inherent strengths of image analysis techniques, as opposed to the precise details of the image conversion strategy.

Code hidden inside PC motherboards left millions of machines vulnerable to malicious updates, researchers revealed this week. Staff at security firm Eclypsium found code within hundreds of models of motherboards created by Taiwanese manufacturer Gigabyte that allowed an updater program to download and run another piece of software. While the system was intended to keep the motherboard updated, the researchers found that the mechanism was implemented insecurely, potentially allowing attackers to hijack the backdoor and install malware. Elsewhere, Moscow-based cybersecurity firm Kaspersky revealed that its staff had been targeted by newly discovered zero-click malware impacting iPhones. Victims were sent a malicious message, including an attachment, on Apple's iMessage. The attack automatically started exploiting multiple vulnerabilities to give the attackers access to devices, before the message deleted itself.

Kaspersky has become a shareholder of Motive Neuromorphic Technologies, a company specialising in neuromorphic computing technologies, with a 15% stake. The organisations' joint development efforts are aimed at creating new opportunities for machine learning-based solutions: self-learning systems and smart devices of the future. In 2019, Kaspersky concluded a cooperation agreement with Motive NT, joining it in the development of the Altai neuromorphic processor, which accelerates the hardware of systems using Machine Learning. During the partnership, the companies' specialists together produced their first batch of neuromorphic processors, developed a software package for them and successfully confirmed their performance on measures of speed and energy efficiency through experimentation. The companies are currently working on developing a second version of the neuromorphic processor, as well as searching for technological partners to establish joint pilot projects using the Altai neurochip.

Almost half of dating app users would trust AI to find them a match, according to new research from cybersecurity firm Kaspersky. Their trust could put them in danger, however. Kaspersky also warned that many dating apps have major privacy risks. Up front: The mass adoption of dating apps means people now find potential partners through algorithmic recommendations. Here's how your business can benefit from free citizen data To investigate the tech's effect on relationships, Kaspersky commissioned Sapio to survey more than 18,000 dating app users from six continents.

From smart infrastructure grids to bot-authored news reports, algorithms and artificial intelligence capabilities are routinely working behind the scenes in various aspects of our day-to-day lives. COVID-19 only accelerated the adoption of automation across industries and Gartner pegged "smarter, responsible [and] scalable AI" as one of its top 2021 data and analytics tech trends. In this roundup, we've highlighted some of the ways AI is transforming everything from animal conversation efforts to matchmaking in the digital age. The agtech company AppHarvest is using a number of transformative practices to reimagine farming in the 21st century, including AI. The company is tapping computer vision and AI to help its robo-harvester, Virgo, pick ripe produce right from the vine.

Malware recognition modules decide if an object is a threat, based on the data they have collected on it. This data may be collected at different phases: – Pre-execution phase data is anything you can tell about a file without executing it. This may include executable file format descriptions, code descriptions, binary data statistics, text strings and information extracted via code emulation and other similar data. In the early epochs of the cyber era, the number of malware threats was relatively low, and simple handcrafted pre-execution rules were often enough to detect threats. But a decade ago, the tremendous growth of the malware stream did not allow anti-malware solutions to rely solely on the expensive manual creation of detection rules. It was natural for anti-malware companies to start augmenting their malware detection and classification with machine learning, a computer science area that has shown great success in image recognition, searching and decision- making. Machine Learning Methods for Malware Detection In this article, we summarize our decade's worth of experience with implementing machine learning into protecting our customers from cyberthreats. In other words, a machine learning algorithm discovers and formalizes the principles that underlie the data it sees. With this knowledge, the algorithm can reason the properties of previously unseen samples. In malware detection, a previously unseen sample could be a new file. Its hidden property could be malware or benign. A mathematically formalized set of principles underlying data properties is called the model. Machine learning has a broad variety of approaches that it takes to a solution rather than a single method. These approaches have different capacities and different tasks that they suit best. Unsupervised learning One machine learning approach is unsupervised learning. In this setting, we are given only a data set without the right answers for the task. The goal is to discover the structure of the data or the law of data generation. One important example is clustering. Clustering is a task that includes splitting a data set into groups of similar objects. Another task is representation learning – this includes building an informative feature set for objects based on their low- level description (for example, an autoencoder model). Large unlabeled datasets are available to cybersecurity vendors and the cost of their manual labeling by experts is high – this makes unsupervised learning valuable for threat detection. Clustering can help with optimizing efforts for the manual labeling of new samples. With informative embedding, we can decrease the number of labeled objects needed for the usage of the next machine learning approach in our pipeline: supervised learning.

Apple finally announced the iPhone X this week, complete with a facial recognition system that Apple calls FaceID. Preliminary impressions are that FaceID will be difficult to trick, and should be secure for the average user, but researchers are eager to test its robustness. Consumer facial recognition has been around, but not yet at this scale, inviting questions about what its implications will be, particularly for privacy. Apple's new iOS 11 mobile operating system does have more crucial privacy protections against muggers and government officials alike but researchers detailed doubts this week about the "differential privacy" techniques Apple uses that are meant to aggregate and analyze customer data without invading their privacy. Over at the astounding, ongoing dumpster fire that is the Equifax data breach, Equifax admitted that hackers accessed its network through an Apache Struts web application vulnerability that had a patch available for two months before the initial intrusion.

This Tuesday morning, we're still talking about the eclipse, getting a name for Google's latest version of Android and testing the best virtual assistants out there. It'll be on the Pixel very soon. Google loves to make a big splash when it reveals the name for the latest version of Android. But the company is going all out this year, using the solar eclipse as an opportunity to reveal that Android O will henceforth be referred to as Oreo. It makes at least a little sense to tie this reveal into the eclipse -- those iconic photos of the solar event are at least a little bit evocative of Oreos, after all.

Welcome to today's channel rundown, containing vital news and analysis on the channel's comings and goings. Distributor Tech Data said it will offer Windows 10 Enterprise E3 as a subscription for cloud service providers (CSPs) to sell to SMBs. The distributor said it will offer the automated service, which provides enterprise-grade security and management capabilities, to its solution providers in the Americas and Europe through the Tech Data Cloud Solutions Store. Windows 10 Enterprise E3 features the complete stack of Microsoft's CSP cloud solutions, including Windows 10 Enterprise, Office 365, Enterprise Mobility Suite, Azure and Dynamics Customer Relationship Management Online as a pay-as-you-go, partner-delivered managed service. Kaspersky has rolled out Kaspersky Endpoint Security Cloud, a new SaaS-based solution that aims to provide SMBs with multi-layered IT security.

A specially programmed AI can'think' about cybersecurity in a more complex detail than a human can. It's not unreasonable to suggest the cybersecurity battle is being lost - and on more than one front. Not only are more efficient and organised cybercriminals winning the security arms race against their corporate targets, there's also a shortage of cybersecurity professionals equipped with the skills required to fight hackers. Some claim the fight against online crooks will be bolstered not by hiring more people but rather by machines using techniques based around artificial intelligence, machine learning, and deep learning. This doesn't mean self-learning machines will be outright replacing cybersecurity professionals, however, but rather augmenting what they're able to do and taking care of the most basic tasks.