We were recently informed of a design flaw in our third-party ecommerce fulfillment system, cleverbridge, that could have potentially allowed customers to accidentally disclose their purchasing information (i.e., last 4 digits of credit card used, credit card expiration date, business contact information, product purchased and taxpayer ID, if provided) by sharing a private URL.
In response and out of an abundance of caution, we’ve worked with cleverbridge to implement additional controls to the ecommerce system to further reduce the risk of a customer accidentally sharing this information.
We would like to thank Lucas Lavarello of Kulkan Security and cleverbridge for their quick actions and collaboration.
Computer vision cybersecurity startup PIXM has expanded its line of antiphishing products with the launch of PIXM Mobile, a solution to protect individuals and enterprises from targeted and unknown phishing attacks on mobile devices.
The cloud-based mobile product is aimed at identifying phishing attacks on mobile devices in real time, as a user clicks on a malicious link, using computer vision technology.
PIXM Mobile is designed to support any mobile application, including SMS — used in “smishing” attacks — social media, and business collaboration apps, as well as email and web-based phishing pages.
CIS has made CIS SecureSuite Membership free to SLTT governments in the United States. Learn how this can help you revamp your organization’s cybersecurity […]
Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order.
So what happens if the bad guys can cause the order to be not random? You guessed it—all bets are off. Suppose for example a company or a country wanted to have a credit-scoring system that’s secretly sexist, but still be able to pretend that its training was actually fair. Well, they could assemble a set of financial data that was representative of the whole population, but start the model’s training on ten rich men and ten poor women drawn from that set then let initialisation bias do the rest of the work.
Does this generalise? Indeed it does. Previously, people had assumed that in order to poison a model or introduce backdoors, you needed to add adversarial samples to the training data. Our latest paper shows that’s not necessary at all. If an adversary can manipulate the order in which batches of training data are presented to the model, they can undermine both its integrity (by poisoning it) and its availability (by causing training to be less effective, or take longer). This is quite general across models that use stochastic gradient descent.
