Tag Archive for: build

Nexusflow raises $10.6 to build a conversational interface for security tools

/in


Nexusflow, a startup using generative AI to help companies make sense of cybersecurity data, today announced that it raised $10.6 million in a seed round led by Point72 Ventures with participation from Fusion Fund and several AI luminaries in Silicon Valley.

The tranche, which values Nexusflow at $53 million post-money, will be put toward hiring, R&D and ongoing product development, founder and CEO Jiantao Jiao said.

“We’re helping customers pioneer the adoption of generative AI,” Jiao said. “Nexusflow delivers substantial benefits to security teams by enhancing their capabilities in various ways.”

Jiao, a computer science professor at UC Berkeley, teamed up with Jian Zhang (formerly director of machine learning software at SambaNova) and Kurt Keutzer (previously CTO at Synopsys) to found Nexusflow after arriving at the realization that generative AI was poised to disrupt cybersecurity.

Evidently, he was onto something — others have come to the same conclusion. This year, both Google and Microsoft have rolled out generative AI enhancements to their security product lines in an effort to make it easier to find information from a massive amount of security data simply by asking questions in plain language.

“In today’s digital era, security professionals grapple with an unending stream of evolving threats,” Jiao told TechCrunch in an email interview. “They wrestle with countless data sources and tools, their work feeling like an eternal grind. Security operations centers perennially operate with too few hands to manage the ever-increasing workload. The intersection of generative AI and cybersecurity is heating up but remains less crowded than fields like sales or legal.”

Nexusflow, in Jiao’s words, attempts to synthesize data from various security knowledge sources and tap into existing security tools via their APIs. Leveraging open source large language models that operate behind a customer’s firewall or in the cloud, Nexusflow lets users control security software and get metrics and insights using natural language commands.

“The security team can instruct Nexusflow in plain English to seamlessly operate evolving security tools, avoiding steep learning curves and misconfigurations,” Jiao…

Source…

Nokia 5.4 & Nokia 3.4 receive (Android 12 Build) March Security update 2023 now (Markets)

/in


Nokia 5.4 and Nokia 3.4 are now receiving March security update 2023. Both the smartphones are also receiving new Android 12 builds along with the Android patch for March 2023. Check below for the update size, list of markets and the update changelog for Nokia 5.4 and Nokia 3.4.

For all software update news related to other Nokia smartphones click here. If you want to track February update roll-out to Nokia smartphones you can do it here.

On the basis of tips received from our readers, we will collate a list of markets for Nokia 5.4 and Nokia 3.4 in which March security update is now available. So, do let us know if you have received the update in the comments section. You can also try the VPN trick for getting the update and see if it works.

List of markets:

  • Nokia 5.4 in India
  • Nokia 3.4 in India

Nokia 3.4 Android 12 + March security update size:

The update size for Nokia 3.4 is 56.7MB. It brings Android 12 build V3.500 along with itself. You will either be prompted to download this update, or you can check by going to Settings and searching system updates and then by checking for the update.

Nokia 5.4 Android 12 + March security update size:

The update size for Nokia 5.4 is 57.28MB. It brings Android 12 build V3.460 along with itself. You will either be prompted to download this update, or you can check by going to Settings and searching system updates and then by checking for the update.

Nokia 5.4 and Nokia 3.4 March security update changelog:

Nokia 5.4 and Nokia 3.4 are receiving the 2023 March Android security patch with a new Android 12 Build. The official changelog however mentions generic UI enhancements and stability improvements. Here is what the March 2023 security update addresses as mentioned by Google on its official Security bulletin page.

The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes…

Source…

Cybercriminals Using ChatGPT to Build Hacking Tools, Write Code

/in


Expert and novice cybercriminals have already started to use OpenAI’s chatbot ChatGPT in a bid to build hacking tools, security analysts have said. 

In one documented example, the Israeli security company Check Point spotted(Opens in a new window) a thread on a popular underground hacking forum by a hacker who said he was experimenting with the popular AI chatbot to “recreate malware strains.” 

The hacker had gone on to compress and share Android malware that had been written by ChatGPT across the web. The malware had the ability to steal files of interest, Forbes reports(Opens in a new window)

The same hacker showed off a further tool that installed a backdoor on a computer and could infect a PC with more malware. 

Check Point noted in its assessment(Opens in a new window) of the situation that some hackers were using ChatGPT to create their first scripts. In the aforementioned forum, another user shared Python code he said could encrypt files and had been written using ChatGPT. The code, he said, was the first such one he had written. 

While such code could be used for harmless reasons, Check Point said that it could “easily be modified to encrypt someone’s machine completely without any user interaction.”

The security company stressed that while ChatGPT-coded hacking tools appeared “pretty basic,” it is “only a matter of time until more sophisticated threat actors enhance the way they use AI-based tools for bad.”

Recommended by Our Editors

A third case of ChatGPT being used for fraudulent activity flagged by Check Point included a cybercriminal who showed it was possible to create a Dark Web marketplace using the AI chatbot. The hacker posted in the underground forum that he had used ChatGPT to create a piece of code that uses third-party API to retrieve up-to-date cryptocurrency prices, which is used for the Dark Web market payment system.

ChatGPT’s developer, OpenAI, has implemented some controls which prevent obvious requests for the AI to build spyware. However, the AI chatbox has come under yet more scrutiny after security analysts and journalists found it could write grammatically correct phishing emails without typos(Opens in a new…

Source…

Guest Perspective: Geofences can let businesses build a digital moat around sensitive data

/in


Carl Mazzanti

E-commerce is a wonderful development: utilizing the power of the web for commercial transactions has meant that even the smallest business can easily connect with existing and potential customers across the world. But the very ability to wipe out border barriers and turbocharge sales has also exposed enterprises to new, potentially deadly threats.

Consider the case of an East Coast municipality that — like many others have done — opened its website to international traffic and allowed anyone to log in, regardless of location. In theory, this open e-door policy would help the municipality get the message out to a global audience about its desirability as a live, work and play destination.

The move did indeed attract visitors, but some were state-sponsored hackers who tried to seize control of the municipality’s bank accounts. Fortunately, quick-thinking local officials contacted the FBI, Homeland Security, and other agencies and quashed the ransomware attempt.

In the wake of the attack, the municipality sent out a Request for Proposal (RFP), seeking help to secure their systems and sensitive data. eMazzanti Technologies answered the RFP and won the contract. After scrubbing their systems and ensuring that the hijacking viruses were completely erased, our professionals input a series of cyber defenses. We recommended a custom-designed suite of antivirus programs, password enhancements, and other security measures — and, most importantly, advised the municipality to set up a geofence.

Securing the Perimeter

A geofence is a firewall-based feature that lets an organization control entry into its digital domain. It starts by determining the physical location or origination point of incoming traffic or network requests by automatically reviewing the visitor’s IP address and comparing that to a digital list of prohibited places. If the entity is trying to enter from a forbidden spot, it will be blocked from the system.

Geofences, along with other digital security systems, are increasingly important as more state-sponsored hackers target U.S.-based entities. In 2021, the FBI announced it had logged more than 791,790 reports of suspected internet

Source…