vim-9.0.412-1.fc37

Read Time:14 Second

FEDORA-2022-b9edf60581

Packages in this update:

vim-9.0.412-1.fc37

Update description:

Security fix for CVE-2022-3099, CVE-2022-3016, CVE-2022-2980, CVE-2022-2982

Security fixes for CVE-2022-2849, CVE-2022-2862, CVE-2022-3037, CVE-2022-2845

Read More

Why does preparing for AI attacks need to be your next big agenda?

Read Time:5 Minute, 8 Second

This blog has been written by an independent guest blogger.

Since its advent, the debate over its ethical and unethical use of AI has been ongoing. From movies to discussions and research, the likely adversarial impact AI has had over the world has been a constant cause of concern for every privacy and security-conscious person out there.

AI indeed plays a core role in the modern milestones the world has achieved nowadays. Nevertheless, despite graphic movies like I-Robot splaying out the potential damages of integrating AI into normal functions of life, AI has continued to grow rapidly. Its roots and impacts are evident in every sphere of life, be it medical, technological, educational, or industrial sectors. Its flipside that everyone has long since been dreading is rapidly starting to take form.

The emergence of AI-based attacks

AI-based attacks are still relatively rare, but according to a survey by Forrester, 88% of security experts believe that these AI-powered attacks will become more common in recent years. For now, some of the most prevalent AI-based cyber-attacks that have surfaced are as follows:

 AI manipulation or data poisoning

For a long time, AI manipulation or data poisoning has become the typical type of AI-based cyber-attack. It is an adversarial attack that features hackers implementing data poisoning on trained AI models forcing them to become malicious. Nowadays, the use of AI is prevalent in almost every organization. AI tools play an essential part in data storage and analysis along with protection from various cyber-attacks such as malware or phishing. Such tools that are designed to automate tasks, but may enable threat protection to become a target of data poisoning.

Since the AI works by observing behavior patterns and pre-fed information, a hacker can easily remove the pre-fed information and feed the AI tool with malicious data. Such an act can cause an adversarial impact. For example, hackers can manipulate a phishing tool designed to detect and delete phishing emails into accepting them within its users’ inboxes. One common example of data poisoning attacks is AI-manipulated deepfakes that have taken the social media platform by storm. 

 AI-based social engineering attacks

Since AI is designed to develop principles and tasks typically associated with human cognition, cybercriminals can exploit it for several nefarious purposes, such as enhancing social engineering attacks. AI works by trying to identify and replicate anomalies in human behavior, making them a convenient tool to persuade users into undermining systems and handing over confidential information. Apart from that, during the reconnaissance phase of an attack, AI can be used to study the target by scouring social media and various databases.

AI can find out the behavioral patterns of the target, such as the language they use, their interests, and what topics they usually talk about. The information collected can be used to create a successful spear phishing or BEC attack.

 AI automation

Another significant advantage cyber criminals have in using AI-based attacks is automation. AI tools can significantly endanger endpoint security by automating intrusion detection techniques and launching attacks at unprecedented speeds. Moreover, AI can also scour target networks, computers, and applications for possible vulnerabilities and loopholes that hackers can exploit. Apart from that, automation allows cybercriminals to launch significantly larger attack campaigns.

With AI automating most of their work, such as vulnerability assessment and data analysis, cybercriminals now have the leverage to target more companies and organizations and thus increase their overall attack surface. AI automation was evident in the TaskRabbit attack, which featured the use of massive zombies controlled by AI to launch DDoS attacks on TaskRabbit servers. The online freelance platform had the personal information such as credit card and banking details of 3.75million website users stolen from their database.

How to ensure cybersecurity

AI is a powerful tool that with rapid development occurring each passing day. Since it plays a significant role in how the world runs today, completely avoiding AI-based tools is downright impossible. However, with every form of cyber-attack, there can be some serious security measures that organizations can take to improve their cybersecurity posture.

Like defending against any other cyber-attack, the most efficient way of ensuring cybersecurity for any organization is to strengthen its defense system—using technical tools such as vulnerability assessment. Threat hunting and penetration testing can help organizations remain secure in the long run. These methods can help organizations identify their weaknesses, allowing them the leverage to patch them timely and thus ensure security.

Apart from that, another crucial step toward cybersecurity that organizations can take is to ensure proper training and awareness. Since cybersecurity is an area that is continuing to grow rapidly, the masses need adequate understanding and training to ensure relevant security. Organizations deploying practical training and education programs for their employees can help them identify the tell-tale signs of various cyber-attacks such as malware pushing or invasion and alert the security teams on time.

Moreover, despite having state-of-the-art, AI-powered security tools and systems, organizations must maintain regular security check-ups of these tools. It is crucial that these AI tools go through regular maintenance to ensure there are no vulnerabilities that hackers can exploit. The security teams that have designed these products also need to release routine security patches to patch possible vulnerabilities in the system.

Final words

AI is undergoing rapid development. However, its growth will get stunted if its adversarial impact is not recognized and given the attention it requires. For proper use and implementation of AI technology, it is downright crucial to acknowledge the potential downsides it can pose so that there can be appropriate measures against them, as cybercriminals are getting more sophisticated with each passing day.

The cyber threat landscape is now a thriving hub of criminal activity and demands the use of equally sophisticated cybersecurity measures to ensure robust security. Amidst this, it is crucial to scale and adequately analyze any new technology such as AI that is now being developed so that its potential downsides can be recognized and met with proper security measures.

Read More

Intro to crypto wallet authentication

Read Time:45 Second

Modern application development has wrestled with numerous shortcomings in the security paradigm.  Blockchain can mitigate several of those shortcomings, but it requires devising means to integrate with conventional applications. 

Mainstream cyber security businesses are already working on this, accelerating the blockchain-enabled security landscape.

This article will give you an understanding of how crypto wallets work and the role they play in authentication.

What is a crypto wallet?

A crypto wallet is, at its heart, a software client that manages cryptographic keys. 

In asymmetric cryptography, which blockchain is built on, two keys are generated that are known as a key pair.  The public key is able to create encrypted cipher text that only the private key can decrypt.  The pair can also be used to sign data, proving the sender holds the private keys (without revealing the private key).

To read this article in full, please click here

Read More

How posting personal and business photos can be a security risk

Read Time:56 Second

Marketers in every industry enjoy evidencing their reach to their superiors and providing tangible examples of their width and breadth of influence via social networks, media, and other means of engagement. Photos of both customers and employees engaging at hosted social events, trade shows, conferences, and direct one-on-one encounters are often viewed as gold. Couple this with the individual employee’s or customer’s photos working their way onto social network platforms for others to see and admire, and the value of that gold increases, success being quantified by impressions, views and individual engagements.

Harvesting photo data for competitive intelligence, targeting attacks

The value of that gold doubles when not only does the company harvest data and call it a success, but their competitors also analyze such photos capturing a plethora of useful data points, including geotagged data, metadata of the photo, and identity of the individuals caught in the frame. They, too, call it a success. Yes, the digital engagement involving location data and or location hints within photos is a double-edged sword.

To read this article in full, please click here

Read More