Tag Archive for: deep

Deep data inspection: The overlooked element in government data security

/in


When people think about data security in government, they immediately think about encryption. And rightfully so: Encrypting data at rest and in motion has been a best practice for the past decade. In recent years, however, the data security arsenal has expanded to include what is becoming known as “deep data inspection.”  

Deep data inspection goes one step deeper into data security and looks inside packaged data for threats and quality defects.

We’ve been trained to believe that security threats — malicious or unintentional exploits  –emerge as data is first created. What has been overlooked in many instances, however, is that data quality issues are actually an intrinsic part of data security. 

Deep data inspection is analogous in many ways to network-based deep packet inspection. In the earliest days of the internet, information crossed the internet in clear text. As hacking became more common, IT managers concluded they needed to look inside individual network packets to determine whether the data contained in those packets was legitimate.

Today, data security is beginning to conduct deep data inspection on data files – especially those that fuel artificial intelligence and machine learning products that make sense of today’s enormous data warehouses. 

A comprehensive data security strategy now must include both inspection and encryption – and, in fact, it makes the most sense to start with inspection. After all, if data is encrypted before it is inspected, it’s akin to locking the criminal inside the house, from a security perspective.

Consider the example of a comma-separated-value (CSV) file, similar to a spreadsheet. In the world of big data, these files can contain millions of rows and columns. Data files like these are typically encrypted because they must be protected as they move across the internet and are shared from one authorized user to the next. All that’s needed is an intentional or unintentional exploit in a single cell in one file for systems to be corrupted, crashed or taken over. 

It’s essential, therefore, to be able to scan all those rows and columns to validate that not only are there no threats hidden in the data, but that the data…

Source…

NeGD, MeitY organises 30th Batch of Chief Information Security Officers’ (CISOs) Deep Dive Training Programme under Cyber Surakshit Bharat Initiative

/in


NeGD, MeitY organises 30th Batch of Chief Information Security Officers’ (CISOs) Deep Dive Training Programme under Cyber Surakshit Bharat Initiative – Odisha Diary

Source…

Supply chain security goes deep – forget this at your peril

/in


Everyone is talking about supply chain assurance like it is new. This is basically because of recent high-profile cases such as SolarWinds and Log4j. It’s not new.

But, and this is partly evident in the way the question is framed, the focus is still on IT and cyber security in the supply chain, not security. Security has many pillars and it includes places and people, not just technology.

By forgetting the impact of these other areas, we are ignoring their potential to harm us. We also know that the vast majority of security incidents are human behaviour-facilitated, including the way in which the tech is managed.

For instance, consider IT managers who have not been given enough time to take systems or platforms offline in order to patch them. We have been schooled for years in the importance of patching, but does our understanding go far enough to ensure that it is made possible? This is the way that known vulnerabilities get exploited and while we may be hypnotised by zero-day exploits, the depressing truth is that many exploits have been around for years but still get traction.

The IT solution for the patching issue, in my example, exists. It is the human perspective – allowing the IT manager to effect this solution – that is missing. This will only change when organisations understand that people have to be part of the security budget. You can’t expect 100% uptime and security, even in critical systems. This is on a par with refusing to fix fire exits because the corridor is very busy.

Are we expecting supply chain partners and their people to be better at security than we are? But if we are not prepared to invest in these human issues, why are we expecting our supply chain partners to be willing to do that?

A unilateral approach doesn’t work. Multilateral is the way because it isn’t really a supply chain, it’s an ecosystem, with connections in many directions and forward links that we cannot pretend to know. That ecosystem is only as strong as its weakest link, but maybe we’re not being honest that the weakest link potentially might be ourselves.

High expectations are fine, but we need to ensure that this is communicated to them effectively. Complex…

Source…

Elon Musk deep fakes promote new cryptocurrency scam

/in


Elon Musk

Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency.

This fake BitVex cryptocurrency trading platform claims to be owned by Elon Musk, who created the site to allow everyone to earn up to 30% returns on their crypto deposits.

This scam campaign started earlier this month with threat actors creating or hacking existing YouTube accounts to host deep fake videos of Elon Musk, Cathie Wood, Brad Garlinghouse, Michael Saylor, and Charles Hoskinson.

These videos are legitimate interviews modified with deep fake technology to use the person’s voice in a script provided by the threat actors.

An example of one of the scam videos can be seen below, where Elon promotes the new scam site and says he invested $50 million into the platform.

However, if you look carefully, you will see that the deep fake synchronizes the person’s talking to the threat actor’s script, which is so silly as to be comical.

How do we know this is a scam?

While it is obvious that the interviews have been altered to simulate Elon Musk’s voice to promote the BitVex trading platform, numerous other clues show that this is a scam.

Many YouTube channels promoting this trading platform have been hacked to suddenly show YouTube videos or YouTube Shorts that promote the BitVex trading site.

For example, a YouTube channel that displayed gaming videos in Arabic suddenly began showing a series of YouTube Shorts that promoted the BitVex scam. In addition, BleepingComputer has found dozens of other YouTube channels hijacked similarly to promote this scam.

YouTube Shorts promoting BitVex on hacked YouTube channels
YouTube Shorts promoting BitVex on hacked YouTube channels
Source: BleepingComputer

Once you visit the BitVex trading site itself, it becomes more apparent that this is a scam.

For example, the site claims that Elon Musk is the CEO of the trading platform and contains endorsements from Ark Invest’s Cathie Wood and Binance CEO Changpeng Zhao.

Site claiming that Elon Musk is the CEO
Site claiming that Elon Musk is the CEO
Source: BleepingComputer

To use the BitVex platform, users must register an account at bitvex[.]org or bitvex[.]net to access the investment platform.

Once you log in, the…

Source…