Tag Archive for: Models

How AI and large language models can help cybersecurity firms improve their services

/in


Just about every cybersecurity provider has an artificial intelligence-related story to tell these days.

There are many security products and services that now come with built-in AI features, offering better ways to seek out and neutralize malware. Or they have new “co-pilot” add-ons that allow human operators to work hand-in-mouse with an AI-driven assistant to screen security alerts. Or they use AI add-on tools for better phishing detection, new threat discovery or troubleshooting of network and application problems or misconfigurations.

SiliconANGLE analyzed both the good and bad sides of AI-based cybersecurity. Now, let’s examine some of the products that offer the most promise.

The spread of AI-infused security cuts across startup and established companies alike. For example, Palo Alto Networks Inc. is developing its own large language model or LLM that will use AI to improve its operational efficiencies. SentinelOne Inc. will have an LLM so that security analysts can query potential threats with a simple search box without the need to learn complex jargon or syntax. Cloudflare Inc. is using machine learning to help more quickly find and neutralize botnets. And both Blink Ops and Trend Micro Inc. will integrate AI into their tools with copilot-like features.

That’s not all. Darktrace Holdings Ltd. has already used AI to identify several cyberattacks, such as one targeting a power grid that its AI found within a few hours. BreachLock Inc.’s penetration testing as a service has been tapping AI to improve its efficiency in handling security audits and analysis services. Cybersixgill has its IQ service that amplifies its dark web scanning tools, as SiliconANGLE wrote about recently.

Then there’s Sentra Inc., which has a browser extension that will anonymize chatbot queries and block inadvertent private data transmissions. Guardz has enhanced its phishing protection with AI. Earlier this year, HiddenLayer Inc. won the RSA Conference Innovation Sandbox for best new product, a tool that can help defend against adversarial AI-based attacks. And those are by no means exhaustive.

Even companies not selling security services want to call attention to their AI…

Source…

First post-Android 13 update for unlocked Galaxy S21 USA models is out

/in


Unlocked Galaxy S21 models in the USA received Android 13 and One UI 5.0 almost a month ago, but that update came with a slightly older security patch (it had the October patch instead of the November patch, for those wondering). Now, Samsung is rolling out another Android 13-based update for unlocked Galaxy S21 modes, and this one doesn’t have the latest security patch, either.

Unlocked Galaxy S21, S21+, and S21 Ultras in the USA are currently receiving an update with firmware version G991U1UEU5DVL1, G996U1UEU5DVL1, and G998U1UEU5DVL1 respectively. The update includes the November 2022 security patch, even though the December patch is already available for Galaxy S21 models elsewhere in the world and for some carrier-locked variants in the country.

December security update still not here for unlocked Galaxy S21 in the US

Thankfully, it seems the update isn’t just about security enhancements. Unfortunately, we don’t have the changelog at this time, so there’s no telling what’s new or changed. However, Samsung has hopefully fixed some bugs that may have slipped past it in the initial Android 13 release and some users will find their One UI 5.0 experience getting better after installing the latest update.

Speaking of installing updates, the procedure remains the same as usual. You can either wait for a notification about the update’s availability to show up on its own, try a manual over-the-air download from the phone’s Settings » Software update menu, or upgrade by downloading the latest firmware from our site and installing it on your S21, S21+, or S21 Ultra using a Windows PC.

Image of Galaxy S21

SamsungGalaxy S21

Image of Galaxy S21+

SamsungGalaxy S21+

Image of Galaxy S21 Ultra

SamsungGalaxy S21 Ultra

Source…

Ransomware Business Models: Future Pivots and Trends

/in


RDP port 3389 remains a popular service abused by ransomware actors to gain initial access to systems located and connected to on-premise infrastructure. However, as more organizations shift to the cloud services for file storage and active directory systems, ransomware groups will look for more opportunities to develop and/or exploit vulnerabilities not yet leveraged at scale.

Evolutions

Gradual evolutions in the current modern ransomware models as we know them are expected to be tweaked in order to adapt to the triggers that prompt them. From a business perspective, these are “naturally occurring” movements that prompt movement from their current state.  In this section, we list two gradual evolutions that ransomware actors will likely be undergoing to adapt to the upcoming triggers in the short term. For the full list of evolutions and their respective discussions, you can download our paper here.

Evolution 1: Change of targeted endpoints – The internet of things (IoT)/Linux

The Mirai botnet, which emerged in 2016, was a decisive point that realized the possibility of expanding its reach to Linux devices and the cloud. While it’s not ransomware, the availability of the botnet’s source code allowed parties with the interest and skillset to simply download and recompile the code to infect Linux-based routers to create their own botnet. These address two points for this specific evolution:

  • They have the code ready to target Linux-based devices and can simply recode for other similar devices.
  • They are ready to use this capability as soon as there are visible targets with internet-facing security gaps.

From these two points, ransomware groups can find new Linux-based targets or tweak the threat they currently have at hand to target new platforms such as cloud infrastructures, prompting possible developments:

  • Ransomware groups focus their sights on regular Linux servers
  • Ransomware groups start targeting backup servers
  • Ransomware groups start targeting other IoT Linux-based devices

With the increased use of Linux-based servers, the cloud, and — as another entry point — the internet of things (IoT), ransomware groups have realized an opportunity in attacks against…

Source…

Sequitur Labs and Lenovo join forces to secure AI models at the edge

/in


Sequitur Labs announced that it has been selected by Lenovo as the technology vendor of choice for protecting edge AI computing applications utilized as part of the Lenovo ThinkEdge SE70 platform.

Sequitur Labs Lenovo

ThinkEdge SE70 is a powerful and flexible AI edge platform for enterprise designed to meet the expanding intelligent transformation needs from logistics, transportation and smart cities to retail, healthcare and manufacturing. The new edge solution from Lenovo is powered by the NVIDIA Jetson Xavier NX system on module. Implementing Sequitur as the security suite better ensures that Lenovo’s SE70 isolates dedicated hardware running AI models and delivering inferences and relevant data — thereby helping to secure AI models at the edge.

“Internet of Things (IoT) deployment is a tremendous market opportunity for both solution providers and enterprises based on the ability of AI solutions at the edge to make decisions to optimize operations and support new strategies,” said Blake Kerrigan, General Manager of ThinkEdge, Lenovo Intelligent Devices Group. “Although these devices offer significant upside, there remains an equally great need to better secure and protect the devices and IP in deployment. That’s why we are committed to work with Sequitur Labs to develop our first appliance designed to better protect AI models at the edge.”

Sequitur Labs’ EmSPARK Security Suite was designed to address solutions in industries where embedded security is paramount, in particular, protection of AI models at the edge. Supporting security functions for encryption, storage, data transmission and key/certificate management are delivered by EmSPARK and housed in a microprocessor’s secure memory partition. IoT hardware manufacturers use EmSPARK to easily implement device-level security by addressing technical, IP, supply chain and business process challenges.

Developers can easily build applications that use security enhanced resources without having to become experts in cryptography and complex chip-level security technologies. Overall, the solution reduces security development and deployment time and investment by 40 to 70 percent, significantly reduces risk, and reduces BOM…

Source…