Tag Archive for: Helps

How disinformation monitoring helps agencies break down attacks — GCN

/in


online disinformation (SkyPics Studio/Shutterstock.com)

INDUSTRY INSIGHT

How disinformation monitoring helps agencies break down attacks

  • By Dan Brahmy
  • Jul 16, 2021

As hacks, ransomware attacks and data breaches continue to make their way into the spotlight, it can be easy to forget about another more subtle, yet perhaps more sinister, aspect of cyberwarfare: disinformation and influence campaigns.

As we’ve seen in recent years, instances of disinformation campaigns and cyberattacks targeting government agencies have increased, making monitoring tools vital in the fight against interference within elections, government initiatives, public health crises and more. Nefarious campaigns within these spaces can easily reach mainstream consumers, drawing more attention to false and even harmful narratives.

These efforts are believed to primarily target the U.S., based on data pulled from Facebook. The Justice Department recently seized 36 websites, linked to Iranian news website domains that were believed to be launching disinformation campaigns against the U.S. With tensions already on the rise, now is the perfect time for agencies to consider platforms and tools that can help them monitor and counter disinformation.

Disinformation detection platforms offer specific tools that help in identifying these attacks and breaking them down. An attack against a government agency will certainly affect the agency itself, but the impact on social media users and constituents could be even more damaging. As many across the U.S. saw last fall, false narratives about the election amplified by influential authors can take social media by storm. While Facebook, Twitter and YouTube all vowed to “clamp down on election misinformation,” false statements made by former President Donald Trump circled Twitter and were shared and engaged with widely, despite being flagged as “misleading.”

Through semi-supervised machine-learning algorithms, monitoring platforms can detect disinformation by defining suspicious behavior parameters and flagging unusual activity. Over time, the algorithm…

Source…

ASSA ABLOY Helps Organizations To Adopt Mobile Access Control

/in


The smartphone is changing access control and security management at every scale and level, from global corporations to small companies. Making the switch to mobile access control, however, can seem daunting. Questions may arise around cost, practicality and the potential need for new door hardware. Yet going mobile is actually a lot simpler and quicker than many think, as one new guide explains.

Data from the recent Wireless Access Control Report 2021 suggests almost two-thirds of organizations have already adopted mobile access control, or plan to do so within two years. Industry analysts Omdia estimate that downloads of mobile credentials grew by 220% between 2018 and 2019 alone.

Mobile access control

The main benefits of mobile access control, the report suggests, are convenience, cost and security. All three of these advantages apply for any scale of organization. The user convenience of replacing plastic key-cards with secure ‘mobile keys’ on a smartphone is obvious. Identical benefits have already brought a mobile-first ethos to banking, travel booking, food delivery and many more sectors.

The ability to get the job done efficiently from anywhere is becoming essential

From a business perspective, too, the option for facilities managers to use their own smart device to issue, amend or revoke an employee’s mobile key brings added flexibility. It frees security staff from the desk and its dedicated admin PC. As the work patterns become fluid — IBM estimates 1.87 billion people will be mobile workers by 2022 — the ability to get the job done efficiently from anywhere is becoming essential. Access management via smartphone offers this.

Reissuing mobile credential

Secondly, mobile credentials are simpler and quicker to administer than key-cards, which brings significant cost savings. Deploying mobile keys on employee smartphones removes any need to purchase plastic cards or pay for their printing. Any missing plastic credential needs replacing; canceling and reissuing a mobile credential is essentially costless. Mobile access control also enables a business to reduce its use of non-recyclable plastics.

Third, the…

Source…

New algorithm helps BYU team put best face forward in security | Education

/in


A group of students and professor Dr. D.J. Lee at BYU have come together to build an algorithm that could possibly bring two-factor authentication to facial recognition technologies in everything from cell phones to surveillance systems.

The project started almost two years ago as Lee and some students tried to think of an interesting research project. The group started looking into facial motion and how it could be analyzed.

That evolved into seeing if students are paying attention in class and it eventually morphed into improved security for facial recognition with the use of facial motion.

With the world of security constantly changing and hackers adapting to those changes, Lee acknowledged that nothing is perfect in terms of security.

“Fingerprinting is easy to do and people even make fake fingerprints,” Lee said. “The most common one is facial recognition and the biggest problem is, all of these can be used when the user is not aware. When you’re sleeping or unconscious, someone could use your biometrics to get into the system. It’s difficult, people come up with all kinds of ideas to hack into the system.”

He added that a company in Japan makes facial masks that look like people and some access social media pages to unlock devices needing facial recognition. Even algorithms can be fooled by photos and this technology can address the biggest concern, which is unintentional identity verification.

Two-factor authentication is not new technology, as companies like Apple and social media apps use it to verify someone’s identity, but integrating it into facial recognition is.

Lee said it is called Concurrent Two-Factor Identity Verification.

“Meaning you show your face and make the facial motion just once, you don’t have to do it twice,” Lee said. “With the facial motion, if people want to use your photo they cannot fool the system since the photo is not moving.”

The technology first uses facial recognition and then a secret phrase is mouthed, a movement with one’s lips is made, or a facial motion is made to satisfy the second step of authentication.

Even if a video is used, the chances of that video matching the secret facial…

Source…

Milton Argos Platform (MAP) 2.0 Helps Customers Locate Potential Exchange Attacks

/in


BREA, Calif., March 9, 2021 /PRNewswire/ — Milton Security, a leading provider of Threat Hunting as a Service, XDR & MDR (MxDR) SOC Services, announced today the Milton Argos Platform (MAP) 2.0 is successful in locating potential Exchange Server attacks, including the four recent zero-day vulnerabilities that have been actively exploited on over 30,000 servers. The AI assisted threat hunting tool uses Artificial Intelligence and Machine Learning coupled with human expertise to detect, deter, and mitigate threats in real time.

The MAP 2.0 platform can analyze millions of security events every second which allows the highly-trained Threat Hunting Team at Milton Security to focus on the most relevant instances. The Exchange Server vulnerabilities allow cyberattackers to gain access to the admin controls in order to install additional malware or stealing data. These web shells are password protected remote interfaces with the purpose of allowing access from anywhere in the world.

The zero-day vulnerabilities impact on-premise Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019, however, Exchange Online is not affected.

  • CVE-2021-26855: CVSS 9.1: a Server Side Request Forgery (SSRF) vulnerability leading to crafted HTTP requests being sent by unauthenticated attackers. Servers need to be able to accept untrusted connections over port 443 for the bug to be triggered.
  • CVE-2021-26857: CVSS 7.8: an insecure deserialization vulnerability in the Exchange Unified Messaging Service, allowing arbitrary code deployment under SYSTEM. However, this vulnerability needs to be combined with another or stolen credentials must be used.
  • CVE-2021-26858: CVSS 7.8: a post-authentication arbitrary file write vulnerability to write to paths.
  • CVE-2021-27065: CVSS 7.8: a post-authentication arbitrary file write vulnerability to write to paths.

“Our team at Milton Security has been working closely with industry partners, including Microsoft, to understand the nature of these vulnerabilities, how they are being used, and where the attacks are originating from,” said James McMurry, Milton Security CEO. “Our clients entrust us to be efficient and effective when it comes to retro hunting and…

Source…