Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Advanced Technology. Show all posts
Windows
Advanced Technology Microsoft Microsoft Copilot Security Feature Windows

Windows 11’s Recall feature is Now Ready For Release, Microsoft Claims

 

Microsoft has released an update regarding the Recall feature in Windows 11, which has been on hold for some time owing to security and privacy concerns. The document also details when Microsoft intends to move forward with the feature and roll it out to Copilot+ PCs. 

Microsoft said in a statement that the intention is to launch Recall on CoPilot+ laptops in November, with a number of protections in place to ensure that the feature is safe enough, as explained in a separate blog post. So, what are these measures supposed to appease the critics of Recall - a supercharged AI-powered search in Windows 11 that uses regular screenshots ('snapshots' as Microsoft calls them) of the activity on your PC - as it was originally intended? 

One of the most significant changes is that, as Microsoft had previously informed us, Recall will only be available with permission, rather than being enabled by default as it was when the function was first introduced. 

“During the set-up experience for Copilot+ PCs, users are given a clear option whether to opt-in to saving snapshots using Recall. If a user doesn’t proactively choose to turn it on, it will be off, and snapshots will not be taken or saved,” Microsoft noted. 

Additionally, as Microsoft has stated, snapshots and other Recall-related data would be fully permitted, and Windows Hello login will be required to access the service. In other words, you'll need to check in through Hello to prove that you're the one using Recall (not someone else on your PC). 

Furthermore, Recall will use a secure environment known as a Virtualization-based Security Enclave, or VBS Enclave, which is a fully secure virtual computer isolated from the Windows 11 system that can only be accessed by the user via a decryption key (given with the Windows Hello sign-in).

David Weston, who wrote Microsoft’s blog post and is VP of Enterprise and OS Security, explained to Windows Central: “All of the sensitive Recall processes, so screenshots, screenshot processing, vector database, are now in a VBS Enclave. We basically took Recall and put it in a virtual machine [VM], so even administrative users are not able to interact in that VM or run any code or see any data.”

Similarly, Microsoft cannot access your Recall data. And, as the software giant has already stated, all of this data is stored locally on your machine; none of it is sent to the cloud. This is why Recall is only available on Copilot+ PCs - it requires a strong NPU for acceleration and local processing to function properly. 

Finally, Microsoft addresses a previous issue about Recall storing images of, say, your online banking site and perhaps sensitive financial information - the tool now filters out things like passwords and credit card numbers.
Read more »
Machine learning
Advanced Technology AI cybersecurity AI technology Cyber Security cybersecurity solutions Machine learning

How AI and Machine Learning Are Revolutionizing Cybersecurity

 

The landscape of cybersecurity has drastically evolved over the past decade, driven by increasingly sophisticated and costly cyberattacks. As more businesses shift online, they face growing threats, creating a higher demand for innovative cybersecurity solutions. The rise of AI and machine learning is reshaping the cybersecurity industry, offering powerful tools to combat these modern challenges. 

AI and machine learning, once seen as futuristic technologies, are now integral to cybersecurity. By processing vast amounts of data and identifying patterns at incredible speeds, these technologies surpass human capabilities, providing a new level of protection. Traditional cybersecurity methods relied heavily on human expertise and signature-based detection, which were effective in the past. However, with the increasing complexity of cybercrime, AI offers a significant advantage by enabling faster and more accurate threat detection and response. Machine learning is the engine driving AI-powered cybersecurity solutions. 

By feeding large datasets into algorithms, machine learning models can uncover hidden patterns and predict potential threats. This ability allows AI to detect unknown risks and anticipate future attacks, significantly enhancing the effectiveness of cybersecurity measures. AI-powered systems can mimic human thought processes to some extent, enabling them to learn from experience, adapt to new challenges, and make real-time decisions. These systems can block malicious traffic, quarantine files, and even take independent actions to counteract threats, all without human intervention. By analyzing vast amounts of data rapidly, AI can identify patterns and predict potential cyberattacks. This proactive approach allows security teams to defend against threats before they escalate, reducing the risk of damage. 

Additionally, AI can automate incident response, acting swiftly to detect breaches and contain damage, often faster than any human could. AI also plays a crucial role in hunting down zero-day threats, which are previously unknown vulnerabilities that attackers can exploit before they are patched. By analyzing data for anomalies, AI can identify these vulnerabilities early, allowing security teams to address them before they are exploited. 

Moreover, AI enhances cloud security by analyzing data to detect threats and vulnerabilities, ensuring that businesses can safely transition to cloud-based systems. The integration of AI in various cybersecurity tools, such as Security Orchestration, Automation, and Response (SOAR) platforms and endpoint protection solutions, is a testament to its potential. With AI’s ability to detect and respond to threats faster and more accurately than ever before, the future of cybersecurity looks promising.
Read more »
Technology Threats
Advanced Technology Cyber Warfare malware Technology Threats

Sitting Ducks DNS Attack Hijack 35,000 Domains

 

Cybersecurity researchers have uncovered a significant threat affecting the internet's Domain Name System (DNS) infrastructure, known as the "Sitting Ducks" attack. This sophisticated method allows cybercriminals to hijack domains without needing access to the owner's account at the DNS provider or registrar. 

Researchers from DNS security firm Infoblox and hardware protection company Eclypsium revealed that more than one million domains are vulnerable to this attack daily. This has resulted in over 35,000 confirmed domain hijackings, primarily due to poor domain verification practices by DNS providers. The Sitting Ducks attack exploits misconfigurations at the registrar level and insufficient ownership verification. Attackers leverage these vulnerabilities to take control of domains through "lame" delegations, making the hijacking process more effective and harder to detect. 

Once in control, these hijacked domains are used for malware distribution, phishing, brand impersonation, and data theft. Russian threat actors have been particularly active, with twelve known cyber-gangs using this method since 2018 to seize at least 35,000 domains. These attackers often view weak DNS providers as "domain lending libraries," rotating control of compromised domains every 30-60 days to avoid detection. 

The Sitting Ducks attack has been exploited by several cybercriminal groups. "Spammy Bear" hijacked GoDaddy domains in late 2018 for spam campaigns. "Vacant Viper" began using Sitting Ducks in December 2019, hijacking 2,500 domains yearly for the 404TDS system to distribute the IcedID malware and set up command and control (C2) domains. "VexTrio Viper" started using the attack in early 2020, employing the hijacked domains in a massive traffic distribution system (TDS) that supports the SocGholish and ClearFake operations. 

Additionally, several smaller and unknown actors have used Sitting Ducks to create TDS, spam distribution, and phishing networks. Despite the Sitting Ducks attack being reported in 2016, the vulnerability remains largely unresolved. This highlights the critical yet often neglected aspect of DNS security within broader cybersecurity efforts. 

To effectively combat this pressing cybersecurity threat, a collaborative effort is essential involving domain holders, DNS providers, registrars, regulatory bodies, and the broader cybersecurity community. Infoblox and Eclypsium are playing a crucial role by partnering with law enforcement agencies and national Computer Emergency Response Teams (CERTs) to mitigate and diminish the impact of this critical security issue.
Read more »
smart speakers
Advanced Technology Cyber Security Facial Recognition home security system Machine learning natural language processing smart cameras smart locks smart speakers

Enhancing Home Security with Advanced Technology

 

With global tensions on the rise, ensuring your home security system is up to par is a wise decision. Advances in science and technology have provided a variety of effective options, with even more innovations on the horizon.

Smart Speakers

Smart speakers like Amazon Echo, Google Nest, and Apple HomePod utilize advanced natural language processing (NLP) to understand and process human language. They also employ machine learning algorithms to recognize occupants and detect potential intruders. This voice recognition feature reduces the likelihood of system tampering.

Smart Cameras
Smart cameras offer an even higher level of security. These devices use facial recognition technology to control access to your home and can detect suspicious activities on your property. In response to threats, they can automatically lock doors and alert authorities. These advancements are driven by ongoing research in neural networks and artificial intelligence, which continue to evolve.

Smart Locks
Smart locks, such as those by Schlage, employ advanced encryption methods to prevent unauthorized entry while enhancing convenience for homeowners. These locks can be operated via smartphone and support multiple access codes for family members. The field of cryptography ensures that digital keys and communications between the lock and smartphone remain secure, with rapid advancements in this area.

Future Trends in Smart Home Security Technology

Biometric Security
Biometric technologies, including facial recognition and fingerprint identification, are expected to gain popularity as their accuracy improves. These methods provide a higher level of security compared to traditional keys or passcodes.

Blockchain for Security
Blockchain technology is gaining traction for its potential to enhance the security of smart devices. By decentralizing control and creating immutable records of all interactions, blockchain can prevent unauthorized access and tampering.

Edge Computing
Edge computing processes data locally, at the source, which significantly boosts speed and scalability. This approach makes it more challenging for hackers to steal data and is also more environmentally friendly.

By integrating these advanced technologies, you can significantly enhance the security and convenience of your home, ensuring a safer environment amid uncertain times.
Read more »
USA
Advanced Technology AI Risks AI Safety AI Systems AI technology Innovation NIST Technology USA

NIST Introduces ARIA Program to Enhance AI Safety and Reliability

 

The National Institute of Standards and Technology (NIST) has announced a new program called Assessing Risks and Impacts of AI (ARIA), aimed at better understanding the capabilities and impacts of artificial intelligence. ARIA is designed to help organizations and individuals assess whether AI technologies are valid, reliable, safe, secure, private, and fair in real-world applications. 

This initiative follows several recent announcements from NIST, including developments related to the Executive Order on trustworthy AI and the U.S. AI Safety Institute's strategic vision and international safety network. The ARIA program, along with other efforts supporting Commerce’s responsibilities under President Biden’s Executive Order on AI, demonstrates NIST and the U.S. AI Safety Institute’s commitment to minimizing AI risks while maximizing its benefits. 

The ARIA program addresses real-world needs as the use of AI technology grows. This initiative will support the U.S. AI Safety Institute, expand NIST’s collaboration with the research community, and establish reliable methods for testing and evaluating AI in practical settings. The program will consider AI systems beyond theoretical models, assessing their functionality in realistic scenarios where people interact with the technology under regular use conditions. This approach provides a broader, more comprehensive view of the effects of these technologies. The program helps operationalize the framework's recommendations to use both quantitative and qualitative techniques for analyzing and monitoring AI risks and impacts. 

ARIA will further develop methodologies and metrics to measure how well AI systems function safely within societal contexts. By focusing on real-world applications, ARIA aims to ensure that AI technologies can be trusted to perform reliably and ethically outside of controlled environments. The findings from the ARIA program will support and inform NIST’s collective efforts, including those through the U.S. AI Safety Institute, to establish a foundation for safe, secure, and trustworthy AI systems. This initiative is expected to play a crucial role in ensuring AI technologies are thoroughly evaluated, considering not only their technical performance but also their broader societal impacts. 

The ARIA program represents a significant step forward in AI oversight, reflecting a proactive approach to addressing the challenges and opportunities presented by advanced AI systems. As AI continues to integrate into various aspects of daily life, the insights gained from ARIA will be instrumental in shaping policies and practices that safeguard public interests while promoting innovation.
Read more »
Technology
Advanced Technology AI Models AI technology Artifcial Intelligence communication Dutch Language Model Technology

Teaching AI Sarcasm: The Next Frontier in Human-Machine Communication

In a remarkable breakthrough, a team of university researchers in the Netherlands has developed an artificial intelligence (AI) platform capable of recognizing sarcasm. According to a report from The Guardian, the findings were presented at a meeting of the Acoustical Society of America and the Canadian Acoustical Association in Ottawa, Canada. During the event, Ph.D. student Xiyuan Gao detailed how the research team utilized video clips, text, and audio content from popular American sitcoms such as "Friends" and "The Big Bang Theory" to train a neural network. 

The foundation of this innovative work is a database known as the Multimodal Sarcasm Detection Dataset (MUStARD). This dataset, annotated by a separate research team from the U.S. and Singapore, includes labels indicating the presence of sarcasm in various pieces of content. By leveraging this annotated dataset, the Dutch research team aimed to construct a robust sarcasm detection model. 

After extensive training using the MUStARD dataset, the researchers achieved an impressive accuracy rate. The AI model could detect sarcasm in previously unlabeled exchanges nearly 75% of the time. Further developments in the lab, including the use of synthetic data, have reportedly improved this accuracy even more, although these findings are yet to be published. 

One of the key figures in this project, Matt Coler from the University of Groningen's speech technology lab, expressed excitement about the team's progress. "We are able to recognize sarcasm in a reliable way, and we're eager to grow that," Coler told The Guardian. "We want to see how far we can push it." Shekhar Nayak, another member of the research team, highlighted the practical applications of their findings. 

By detecting sarcasm, AI assistants could better interact with human users, identifying negativity or hostility in speech. This capability could significantly enhance the user experience by allowing AI to respond more appropriately to human emotions and tones. Gao emphasized that integrating visual cues into the AI tool's training data could further enhance its effectiveness. By incorporating facial expressions such as raised eyebrows or smirks, the AI could become even more adept at recognizing sarcasm. 

The scenes from sitcoms used to train the AI model included notable examples, such as a scene from "The Big Bang Theory" where Sheldon observes Leonard's failed attempt to escape a locked room, and a "Friends" scene where Chandler, Joey, Ross, and Rachel unenthusiastically assemble furniture. These diverse scenarios provided a rich source of sarcastic interactions for the AI to learn from. The research team's work builds on similar efforts by other organizations. 

For instance, the U.S. Department of Defense's Defense Advanced Research Projects Agency (DARPA) has also explored AI sarcasm detection. Using DARPA's SocialSim program, researchers from the University of Central Florida developed an AI model that could classify sarcasm in social media posts and text messages. This model achieved near-perfect sarcasm detection on a major Twitter benchmark dataset. DARPA's work underscores the broader significance of accurately detecting sarcasm. 

"Knowing when sarcasm is being used is valuable for teaching models what human communication looks like and subsequently simulating the future course of online content," DARPA noted in a 2021 report. The advancements made by the University of Groningen team mark a significant step forward in AI's ability to understand and interpret human communication. 

As AI continues to evolve, the integration of sarcasm detection could play a crucial role in developing more nuanced and responsive AI systems. This progress not only enhances human-AI interaction but also opens new avenues for AI applications in various fields, from customer service to mental health support.

Read more »
User Priavcy
Advanced Technology Cellphone track Data Breach T-Mobile User Priavcy

User Privacy Threats Around T-Mobile's 'Profiling and Automated Decisions'

In today's digital age, it is no secret that our phones are constantly tracking our whereabouts. GPS satellites and cell towers work together to pinpoint our locations, while apps on our devices frequently ping the cell network for updates on where we are. While this might sound invasive (and sometimes it is), we often accept it as the norm for the sake of convenience—after all, it is how our maps give us accurate directions and how some apps offer personalized recommendations based on our location. 

T-Mobile, one of the big cellphone companies, recently started something new called "profiling and automated decisions." Basically, this means they are tracking your phone activity in a more detailed way. It was noticed by people on Reddit and reported by The Mobile Report. 

T-Mobile says they are not using this info right now, but they might in the future. They say it could affect important stuff related to you, like legal decisions. 

So, what does this mean for you? 

Your phone activity is being tracked more closely, even if you did not know it. And while T-Mobile is not doing anything with that info yet, it could impact you with your information in future. However, like other applications, T-Mobile also offers varied privacy options, so it is important to learn before using the application. 

Let's Understand T-Mobile's Privacy Options 


T-Mobile offers various privacy options through its Privacy Center, accessible via your T-Mobile account. Here is a breakdown of what you can find there: 

  • Data Sharing for Public and Scientific Research: Opting in allows T-Mobile to utilize your data for research endeavours, such as aiding pandemic responses. Your information is anonymized to protect your privacy, encompassing location, demographic, and usage data. 
  • Analytics and Reporting: T-Mobile gathers data from your device, including app usage and demographic details, to generate aggregated reports. These reports do not pinpoint individuals but serve business and marketing purposes. 
  • Advertising Preferences: This feature enables T-Mobile to tailor ads based on your app usage, location, and demographic information. While disabling this won't eliminate ads, it may decrease their relevance to you. 
  • Product Development: T-Mobile may utilize your personal data, such as precise location and app usage, to enhance advertising effectiveness. 
  • Profiling and Automated Decisions: A novel option, this permits T-Mobile to analyze your data to forecast aspects of your life, such as preferences and behaviour. Although not actively utilized currently, it is enabled by default. 
  • "Do Not Sell or Share My Personal Information": Choosing this prevents T-Mobile from selling or sharing your data with external companies. However, some data may still be shared with service providers. 

However, the introduction of the "profiling and automated decisions” tracking feature highlights the ongoing struggle between technological progress and the right to personal privacy. With smartphones becoming essential tools in our everyday routines, the gathering and use of personal information by telecom companies have come under intense examination. The debate over the "profiling and automated decisions" attribute serves as a clear indication of the necessity for strong data privacy laws and the obligation of companies to safeguard user data in our ever-increasingly interconnected society.
Read more »
Technology
Advanced Technology Artificial Intelligence Fundraising Technology

Qloo Raises $25M in Series C Funding to Expand Cultural Reach with AI

 

The consumer industry's success is predicated on making accurate forecasts about what people want, could want if offered, and may want in the future. Until recently, companies were able to collect huge volumes of personal data from multiple sources to make fairly precise predictions about what they should offer and to whom. However, tighter regulations and rules on data collection and storage [including GDPR in the EU] have made finding novel ways to forecast customer interactions and behavioural indications that comply with the new regulations a key objective. 

Some firms have had significant success with this, most notably TikTok, which owes its success in large part to its proprietary algorithm. Unfortunately for other firms, while some information on how it works has been disclosed, this technology has not been made public. 

Qloo, a cultural AI specialist based in New York, has raised $25 million in Series C funding, highlighting its ongoing impact on the dynamic environment of artificial intelligence. The fundraising round, led by AI Ventures and joined by investors such as AXA Venture Partners, Eldridge, and Moderne Ventures, establishes Qloo as a market leader in commercialising novel AI applications and fundamental models based on consumer preferences. 

Revolutionising insights using cultural AI

Qloo runs a powerful AI-powered insights engine that uses very accurate behavioural data from worldwide consumers. This massive dataset has almost half a billion variables, including consumer goods, music, cinema, television, podcasts, restaurants, travel, and more. Qloo's patented AI models identify trillions of links between these entities, providing important insights to major businesses such Netflix, Michelin, Samsung, and JCDecaux. Qloo enables brands to increase consumer engagement and profitability through product innovation by learning and acting on their tastes and preferences without utilising personally identifying information. 

Privacy- friendly 

Qloo's privacy-friendly developments are especially significant in industries such as financial services, media and publishing, technology, and automotive, where demand for privacy-compliant AI solutions is on the rise. The company's commitment to combining cultural expertise with advanced AI establishes it as a trustworthy source of information for understanding customer likes and preferences. 

Alex Elias, founder and CEO of Qloo, said "For over a decade, we have been committed to refining our cultural data science, and we are now entering an exhilarating phase of expansion, fuelled by the growing importance of privacy and the democratisation of AI technology.” 

About Qloo 

Qloo is the premier AI platform focusing on cultural and taste preferences, providing anonymized consumer taste data and suggestions to major companies across various sectors. Qloo's proprietary API, launched in 2012, forecasts consumer preferences and interests across multiple categories, providing important insights to improve customer connections and develop real-world solutions. Qloo is also the parent business of TasteDive, a cultural recommendation engine and social community that allows users to discover tailored content based on their own likes.
Read more »
Technology
Advanced Technology Data Privacy Retail Industry Robocop Pods Technology

Morrisons’ ‘Robocop’ Pods Spark Shopper Backlash: Are Customers Feeling Like Criminals?


 

In a bid to enhance security, Morrisons has introduced cutting-edge anti-shoplifting technology at select stores, sparking a divisive response among customers. The high-tech, four-legged pods equipped with a 360-degree array of CCTV cameras are being considered for a nationwide rollout. These cybernetic sentinels monitor shoppers closely, relaying real-time footage to a control room. 

 However, controversy surrounds the pods' unique approach to suspected theft. When triggered, the pods emit a blaring siren at a staggering 120 decibels, equivalent to the noise level of a jackhammer. One shopper drew parallels to the cyborg enforcer from the 1987 sci-fi film RoboCop, expressing dissatisfaction with what they perceive as a robotic substitute for human staff. 

 This move by Morrisons has ignited a conversation about the balance between technology-driven security measures and the human touch in retail environments. Critics argue that the intrusive alarms create an unwelcoming atmosphere for shoppers, questioning the effectiveness of these robotic guardians compared to traditional, human-staffed security. In this ongoing discourse, the retail giant faces a challenge in finding the equilibrium between leveraging advanced technology and maintaining a customer-friendly shopping experience. 

 Warwickshire resident Mark Powlett expressed his dissatisfaction with Morrisons' new security measure, stating that the robotic "Robocop" surveillance felt unwelcoming. He highlighted the challenge of finding staff as the self-service tills were managed by a single person, emphasising the shift toward more automated systems. 

Another shopper, Anna Mac, questioned the futuristic appearance of the surveillance pods, humorously referring to them as something out of a dystopian setting. Some customers argued that the devices essentially function as additional CCTV cameras and suggested that increased security measures were prompted by shoplifting concerns.

Contrastingly, legal expert Daniel ShenSmith, known as the Black Belt Barrister on YouTube, reassures concerned shoppers about Morrisons' surveillance. He clarifies that the Data Protection Act 2018 and UK GDPR mandate secure and limited storage of personal data, usually around 30 days. Shoppers worried about their images can request their data via a Data Subject Access Request, with Morrisons obliged to obscure others in the footage. In his view, the risk to individuals is minimal, providing valuable insights into the privacy safeguards surrounding the new surveillance technology at Morrisons. 

Paddy Lillis, representing the Union of Shop, Distributive and Allied Workers, supports Morrisons' trial of Safer's 'POD S1 Intruder Detector System.' Originally designed for temporary sites, this innovative technology is being tested in supermarkets for the first time. Morrisons aims to decide on nationwide implementation following a Christmas trial. The system is lauded for deterring violence and abuse. This signals a growing trend in adopting advanced security measures for a safer shopping environment, encompassing the dynamic transformations in the technical fabric of retail security.

Read more »
Technology
Advanced Technology AI Chatbot AI technology Technology

Chatbots: Transforming Tech, Creating Jobs, and Making Waves

Not too long ago, chatbots were seen as fun additions to customer service. However, they have evolved significantly with advancements in AI, machine learning, and natural language processing. A recent report suggests that the chatbot market is set for substantial growth in the next decade. In 2021, it was valued at USD 525.7 million, and it is expected to grow at a remarkable compound annual growth rate (CAGR) of 25.7% from 2022 to 2030. 

This makes the chatbot industry one of the most lucrative sectors in today's economy. Let's take a trip back to 1999 and explore the journeys of platforms that have become major companies in today's market. In 1999, it took Netflix three and a half years to reach 1 million users for its DVD-by-mail service. Moving ahead to the early 2000s, Airbnb achieved this in two and a half years, Facebook in just 10 months, and Spotify in five months. Instagram accomplished the feat in less than three months in 2010. 

Now, let's look at the growth of OpenAI's ChatGPT, the intelligent chatbot that debuted in November 2022 and managed to reach 1 million users in just five days. This is notably faster compared to the growth of other platforms. What makes people so interested in chatbots? It is the exciting new possibilities they offer, even though there are worries about how they handle privacy and security, and concerns about potential misuse by bad actors. 

We have had AI in our tech for a long time – think of Netflix and Amazon recommendations – but generative AI, like ChatGPT, is a different level of smart. Chatbots work with a special kind of AI called a large language model (LLM). This LLM uses deep learning, which tries to mimic how the human brain works. Essentially, it learns a ton of information to handle different language tasks. 

What's cool is that it can understand, summarize, predict, and create new content in a way that is easy for everyone to understand. For example, OpenAI's GPT LLM, version 3.5, has learned from a massive 300 billion words. When you talk to a chatbot using plain English, you do not need to know any fancy code. You just ask questions, known as "prompts" in AI talk. 

This chatbot can then do lots of things like generating text, images, video, and audio. It can solve math problems, analyze data, understand health issues, and even write computer code for you – and it does it really fast, often in just seconds. Chatbots, powered by Natural Language Processing (NLP), can be used in various industries like healthcare, education, retail, and tourism. 

For example, as more people use platforms like Zoom for education, chatbots can bring AI-enabled learning to students worldwide. Some hair salons use chatbots to book appointments, and they are handy for scheduling airport shuttles and rental cars too. 

In healthcare, virtual assistants have huge potential. They can send automated text reminders for appointments, reducing the number of missed appointments. In rural areas, chatbots are helping connect patients with doctors through online consultations, making healthcare more accessible. 

Let’s Understand What is Prompt Engineering Job 

There is a new job in town called "prompt engineering" thanks to this technology. These are folks who know how to have a good chat with chatbots by asking questions in a way that gets the answers they want. Surprisingly, prompt engineers do not have to be tech whizzes; they just need strong problem-solving, critical thinking, and communication skills. In 2023, job listings for prompt engineers were offering salaries of $300,000 or even more.
Read more »
Technology
Advanced Technology data security Data Storage Data Technology Future Technology Technology

Global Businesses Navigate Cloud Shift and Resurgence in In-House Data Centers

In recent times, businesses around the world have been enthusiastically adopting cloud services, with a global expenditure of almost $230 billion on public cloud services last year, a significant jump from the less than $100 billion spent in 2019. The leading players in this cloud revolution—Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure—are witnessing remarkable annual revenue growth of over 30%. 

What is interesting is that these tech giants are now rolling out advanced artificial intelligence tools, leveraging their substantial resources. This shift hints at the possible decline of traditional on-site company data centers. 

Let’s Understand First What is In-House Data Center 

An in-house data center refers to a setup where a company stores its servers, networking hardware, and essential IT equipment in a facility owned and operated by the company, often located within its corporate office. This approach was widely adopted for a long time. 

The primary advantage of an in-house data center lies in the complete control it provides to companies. They maintain constant access to their data and have the freedom to modify or expand on their terms as needed. With all hardware nearby and directly managed by the business, troubleshooting and operational tasks can be efficiently carried out on-site. 

Are Companies Rolling Back? 

Despite the shift towards cloud spending surpassing in-house investments in data centers a couple of years ago, companies are still actively putting money into their own hardware and tools. According to Synergy Research Group, a team of analysts, these expenditures crossed the $100 billion mark for the first time last year. 

Particularly, many businesses are discovering the advantages of on-premises computing. Notably, a significant portion of the data generated by their increasingly connected factories and products, expected to surpass data from broadcast media or internet services soon will remain on their own premises. 

While the public cloud offers convenience and cost savings due to its scale, there are drawbacks. The data centers of major cloud providers are frequently located far from their customers' data sources. Moving this data to where it's processed, sometimes halfway around the world, and then sending it back takes time. While this is not always crucial, as not all business data requires millisecond precision, there are instances where timing is critical. 

What Technology Global Companies Are Adopting? 

Manufacturers are creating "digital twins" of their factories for better efficiency and problem detection. They analyze critical data in real-time, often facing challenges like data transfer inconsistencies in the public cloud. To address this, some companies maintain their own data centers for essential tasks while utilizing hyperscalers for less time-sensitive information. Industrial giants like Volkswagen, Caterpillar, and Fanuc follow this approach. 

Businesses can either build their own data centers or rent server space from specialists. Factors like rising costs, construction delays, and the increasing demand for AI-capable servers impact these decisions. Hyperscalers are expanding to new locations to reduce latency, and they're also providing prefabricated data centers. Despite the cloud's appeal, many large firms prefer a dual approach, maintaining control over critical data.
Read more »
Sensitive data
Advanced Technology Data Breach Israel-Palestine tensions Israeli spyware Malicious actor Middle East Military Intelligence Sensitive data

Israel's Intelligence Failure: Balancing Technology and Cybersecurity Challenges

On October 7, in a startling turn of events, Hamas carried out a planned invasion that escaped Israeli military detection, posing a serious intelligence failure risk to Israel. The event brought to light Israel's vulnerabilities in its cybersecurity infrastructure as well as its over-reliance on technology for intelligence gathering.

The reliance on technology has been a cornerstone of Israel's intelligence operations, but as highlighted in reports from Al Jazeera, the very dependence might have been a contributing factor to the October 7 intelligence breakdown. The use of advanced surveillance systems, drones, and other tech-based solutions, while offering sophisticated capabilities, also poses inherent risks.

Experts suggest that an excessive focus on technological solutions might lead to a neglect of traditional intelligence methods. As Dr. Yasmine Farouk from the Middle East Institute points out, "In the pursuit of cutting-edge technology, there's a danger of neglecting the human intelligence element, which is often more adaptive and insightful."

The NPR investigation emphasizes that cybersecurity played a pivotal role in the intelligence failure. The attackers exploited vulnerabilities in Israel's cyber defenses, allowing them to operate discreetly and avoid detection. The report quotes cybersecurity analyst Rachel Levy, who states, "The attackers used sophisticated methods to manipulate data and deceive the surveillance systems, exposing a critical weakness in Israel's cyber infrastructure."

The incident underscored the need for a comprehensive reassessment of intelligence strategies, incorporating a balanced approach that combines cutting-edge technology with robust cybersecurity measures.

Israel is reassessing its dependence on tech-centric solutions in the wake of the intelligence disaster. Speaking about the need for a thorough assessment, Prime Minister Benjamin Netanyahu said, "We must learn from this incident and recalibrate our intelligence apparatus to address the evolving challenges, especially in the realm of cybersecurity."

The October 7 intelligence failure is a sobering reminder that an all-encompassing and flexible approach to intelligence is essential in this age of lightning-fast technological innovation. Finding the ideal balance between technology and human intelligence, along with strong cybersecurity measures, becomes crucial as governments struggle with changing security threats. This will help to avoid similar mistakes in the future.



Read more »
Major Security Threats
Advanced Technology Automotive Vulnerability Cyber Attacks Cyber Threats Hacking Risk Major Security Threats

Critical Automotive Vulnerability Exposes Fleet-wide Hacking Risk

 

In the fast-evolving landscape of automotive technology, researchers have uncovered a critical vulnerability that exposes an unsettling potential: the ability for hackers to manipulate entire fleets of vehicles, even orchestrating their shutdown remotely. Shockingly, this major security concern has languished unaddressed by the vendor for months, raising serious questions about the robustness of the systems that power these modern marvels. 

As automobiles cease to be mere modes of transportation and transform into sophisticated "computers on wheels," the intricate software governing these multi-ton steel giants has become a focal point for security researchers. The urgency to fortify these systems against vulnerabilities has never been more pronounced, underscoring the need for a proactive approach to safeguarding the increasingly interconnected automotive landscape. 

In the realm of cybersecurity vulnerabilities within the automotive sphere, the majority of bugs tend to concentrate on infiltrating individual cars, often exploiting weaknesses in their infotainment systems. However, the latest vulnerability, unearthed by Yashin Mehaboobe, a security consultant at Xebia, takes a distinctive focus. This particular vulnerability does not zero in on a singular car; instead, it sets its sights on the software utilized by companies overseeing entire fleets of vehicles. 

What sets this discovery apart is its potential for exponential risk. Unlike typical exploits, where hackers target a single vehicle, this vulnerability allows them to direct their efforts towards the backend infrastructure of companies managing fleets. 

What Could be the Consequence? 

A domino effect that could impact thousands of vehicles simultaneously, amplifying the scale and severity of the security threat. 

In the realm of cybersecurity, there's a noteworthy incident involving the Syrus4 IoT gateway crafted by Digital Communications Technologies (DCT). This vulnerability, identified as CVE-2023-6248, provides a gateway for hackers to tap into the software controlling and commanding fleets of potentially thousands of vehicles. Armed with just an IP address and a touch of Python finesse, an individual can breach a Linux server through the gateway. 

Once inside, a suite of tools becomes available, allowing the hacker to explore live locations, scrutinize detailed engine diagnostics, manipulate speakers and airbags, and even execute arbitrary code on devices susceptible to the exploit. This discovery underscores the critical importance of reinforcing cybersecurity measures, particularly in the intricate technologies governing our modern vehicles. What's particularly concerning is the software's capability to remotely shut down a vehicle. 

Although Mehaboobe verified the potential for remote code execution by identifying a server running the software on the Shodan search engine, he limited testing due to safety concerns with live, in-transit vehicles. The server in question revealed a staggering number, with over 4000 real-time vehicles spanning across the United States and Latin America. This discovery raises significant safety implications that warrant careful consideration. 
Read more »
LLM security
Advanced Technology Data Breach data security Language Model LLM security

AI 'Hypnotizing' for Rule bypass and LLM Security


In recent years, large language models (LLMs) have risen to prominence in the field, capturing widespread attention. However, this development prompts crucial inquiries regarding their security and susceptibility to response manipulation. This article aims to explore the security vulnerabilities linked with LLMs and contemplate the potential strategies that could be employed by malicious actors to exploit them for nefarious ends. 

Year after year, we witness a continuous evolution in AI research, where the established norms are consistently challenged, giving rise to more advanced systems. In the foreseeable future, possibly within a few decades, there may come a time when we create machines equipped with artificial neural networks that closely mimic the workings of our own brains. 

At that juncture, it will be imperative to ensure that they possess a level of security that surpasses our own susceptibility to hacking. The advent of large language models has ushered in a new era of opportunities, such as automating customer service and generating creative content. 

However, there is a mounting concern regarding the cybersecurity risks associated with this advanced technology. People worry about the potential misuse of these models to fabricate false responses or disclose private information. This underscores the critical importance of implementing robust security measures. 

What is Hypnotizing? 

In the world of Large Language Model security, there's an intriguing idea called "hypnotizing" LLMs. This concept, explored by Chenta Lee from the IBM Security team, involves tricking an LLM into believing something false. It starts with giving the LLM new instructions that follow a different set of rules, essentially creating a made-up situation. 

This manipulation can make the LLM give the opposite of the right answer, which messes up the reality it was originally taught. Think of this manipulation process like a trick called "prompt injection." It's a bit like a computer hack called SQL injection. In both cases, a sneaky actor gives the system a different kind of input that tricks it into giving out information it should not. 

LLMs can face risks not only when they are in use, but also in three other stages: 

1. When they are first being trained. 

2. When they are getting fine-tuned. 

3. After they have been put to work. 

This shows how crucial it is to have really strong security measures in place from the very beginning to the end of a large language model's life. 

Why your Sensitive Data is at Risk? 

There is a legitimate concern that Large Language Models (LLMs) could inadvertently disclose confidential information. It is possible for someone to manipulate an LLM to divulge sensitive data, which would be detrimental to maintaining privacy. Thus, it is of utmost importance to establish robust safeguards to ensure the security of data when employing LLMs.
Read more »
Subscribe to: Posts (Atom)