Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Analytics. Show all posts
Hacking Techniques
AI technology AI tools Cyber Attacks Cyber Hacking. Data Analytics data security Ethical Hacking Hacking Techniques

The Growing Role of AI in Ethical Hacking: Insights from Bugcrowd’s 2024 Report

Bugcrowd’s annual “Inside the Mind of a Hacker” report for 2024 reveals new trends shaping the ethical hacking landscape, with an emphasis on AI’s role in transforming hacking tactics. Compiled from feedback from over 1,300 ethical hackers, the report explores how AI is rapidly becoming an integral tool in cybersecurity, shifting from simple automation to advanced data analysis. 

This year, a remarkable 71% of hackers say AI enhances the value of hacking, up from just 21% last year, highlighting its growing significance. For ethical hackers, data analysis is now a primary AI use case, surpassing task automation. With 74% of participants agreeing that AI makes hacking more accessible, new entrants are increasingly using AI-powered tools to uncover vulnerabilities in systems and software. This is a positive shift, as these ethical hackers disclose security flaws, allowing companies to strengthen their defenses before malicious actors can exploit them. 

However, it also means that criminal hackers are adopting AI in similar ways, creating both opportunities and challenges for cybersecurity. Dave Gerry, Bugcrowd’s CEO, emphasizes that while AI-driven threats evolve rapidly, ethical hackers are equally using AI to refine their methods. This trend is reshaping traditional cybersecurity strategies as hackers move toward more sophisticated, AI-enhanced approaches. While AI offers undeniable benefits, the security risks are just as pressing, with 81% of respondents recognizing AI as a significant potential threat. The report also underscores a key insight: while AI can complement human capabilities, it cannot fully replicate them. 

For example, only a minority of hackers surveyed felt that AI could surpass their skills or creativity. These findings suggest that while AI contributes to hacking, human insight remains crucial, especially in complex problem-solving and adaptive thinking. Michael Skelton, Bugcrowd’s VP of security, further notes that AI’s role in hardware hacking, a specialized niche, has expanded as Internet of Things (IoT) devices proliferate. AI helps identify tiny vulnerabilities in hardware that human hackers might overlook, such as power fluctuations and unusual electromagnetic signals. As AI reshapes the ethical hacking landscape, Bugcrowd’s report concludes with both a call to action and a note of caution. 

While AI offers valuable tools for ethical hackers, it equally empowers cybercriminals, accelerating the development of sophisticated, AI-driven attacks. This dual use highlights the importance of responsible, proactive cybersecurity practices. By leveraging AI to protect systems while staying vigilant against AI-fueled cyber threats, the hacking community can help guide the broader industry toward safer, more secure digital environments.
Read more »
US Cybersecurity
Breach CISA critical infrastructure risk Cyber Security Data Analytics Information Security supply chain attacks US Cybersecurity

CISA Investigates Sisense Breach: Critical Infrastructure at Risk

 

In the fast-paced landscape of cybersecurity, recent events have once again brought to light the vulnerabilities that critical infrastructure organizations face. The breach of data analytics company Sisense, under investigation by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), serves as a stark reminder of the importance of robust security measures in protecting sensitive data and systems. 

Sisense, a prominent American business intelligence software company, found itself at the center of a security incident impacting not only its own operations but also critical infrastructure sector organizations across the United States. 

With offices in New York City, London, and Tel Aviv, and a clientele including major players like Nasdaq, ZoomInfo, Verizon, and Air Canada, the breach sent shockwaves through the cybersecurity community. CISA's involvement underscores the severity of the situation, with the agency actively collaborating with private industry partners to assess the extent of the breach and its implications for critical infrastructure. 

As investigations unfold, the focus is on understanding the nature of the compromise and mitigating potential risks to affected organizations. In response to the breach, CISA has issued recommendations for all Sisense customers to reset any credentials and secrets that may have been exposed or used to access the company's platform and services.

This proactive measure aims to prevent further unauthorized access and protect sensitive information from exploitation. Sisense's Chief Information Security Officer, Sangram Dash, echoed CISA's advice in a message to customers, emphasizing the importance of promptly rotating credentials used within the Sisense application. This precautionary step aligns with best practices in cybersecurity, where rapid response and mitigation are essential to minimizing the impact of security incidents. 

Additionally, customers are urged to report any suspicious activity related to potentially exposed credentials or unauthorized access to Sisense services to CISA. This collaborative approach between organizations and government agencies is crucial in addressing cybersecurity threats effectively and safeguarding critical infrastructure from harm. The incident involving Sisense is not an isolated event. 

Similar supply chain attacks have targeted critical infrastructure organizations in the past, highlighting the need for heightened vigilance and resilience in the face of evolving cyber threats. One such attack, involving the 3CX breach a year ago, had far-reaching consequences, impacting power suppliers responsible for generating and distributing energy across the grid in the United States and Europe. 

As organizations grapple with the aftermath of the Sisense breach, lessons learned from this incident can inform future cybersecurity strategies. Proactive measures such as continuous monitoring, regular security assessments, and robust incident response plans are essential for mitigating risks and protecting critical infrastructure assets. 

The Sisense breach serves as a wake-up call for the cybersecurity community, emphasizing the interconnected nature of cyber threats and the imperative of collaboration in defending against them. By working together and adopting a proactive stance, organizations can bolster their defenses and safeguard critical infrastructure from cyber adversaries.
Read more »
User Privacy
AI Chatbot Chat GPT Data Analytics Data collection Data Privacy OpenAI Privacy Unauthorized access User Privacy

ChatGPT Joins Data Clean Rooms for Enhanced Analysis

ChatGPT has now entered data clean rooms, marking a big step toward improved data analysis. It is expected to alter the way corporations handle sensitive data. This integration, which provides fresh perspectives while following strict privacy guidelines, is a turning point in the data analytics industry.

Data clean rooms have long been hailed as secure environments for collaborating with data without compromising privacy. The recent collaboration between ChatGPT and AppsFlyer's Dynamic Query Engine takes this concept to a whole new level. As reported by Adweek and Business Wire, this integration allows businesses to harness ChatGPT's powerful language processing capabilities within these controlled environments.

ChatGPT's addition to data clean rooms introduces a multitude of benefits. The technology's natural language processing prowess enables users to interact with data in a conversational manner, making the analysis more intuitive and accessible. This is a game-changer, particularly for individuals without specialized technical skills, as they can now derive insights without grappling with complex interfaces.

One of the most significant advantages of this integration is the acceleration of data-driven decision-making. ChatGPT can understand queries posed in everyday language, instantly translating them into structured queries for data retrieval. This not only saves time but also empowers teams to make swift, informed choices backed by data-driven insights.

Privacy remains a paramount concern in the realm of data analytics, and this integration takes robust measures to ensure it. By confining ChatGPT's operations within data-clean rooms, sensitive information is kept secure and isolated from external threats. This mitigates the risk of data breaches and unauthorized access, aligning with increasingly stringent data protection regulations.

AppsFlyer's commitment to incorporating ChatGPT into its Dynamic Query Engine showcases a forward-looking approach to data analysis. By enabling marketers and analysts to engage with data effortlessly, AppsFlyer addresses a crucial challenge in the industry bridging the gap between raw data and actionable insights.

ChatGPT is one of many new technologies that are breaking down barriers as the digital world changes. Its incorporation into data clean rooms is evidence of how adaptable and versatile it is, broadening its possibilities beyond conventional conversational AI.


Read more »
Third Party Apps
Cyber Security Data Analytics Encryption Microsoft Research Third Party Apps

Researchers Reveal New Side-Channel Attack on Homomorphic Encryption

 

A group of academics from North Carolina State University and Dokuz Eylul University have revealed the "first side-channel attack" on homomorphic encryption, which may be used to disclose data while the encryption process is in progress. 

Aydin Aysu, one of the authors of the study, stated, "Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted. This demonstrates that even next generation encryption technologies need protection against side-channel attacks." 

Homomorphic Encryption is a kind of encryption that enables specific sorts of computations to be done directly on encrypted data without the need to first decrypt it. It's also designed to protect privacy by permitting sensitive data to be shared with other third-party services, such as data analytics organisations, for additional processing while the base data remains encrypted and, as a result, unavailable to the service provider. 

To put it another way, the purpose of homomorphic encryption is to make it easier to establish end-to-end encrypted data storage and computation services that don't require the data owner to provide their secret keys with third-party services. The researchers proposed a data leakage attack based on a vulnerability found in Microsoft SEAL, the tech giant's open-source implementation of the technology, that could be abused in a way that enables the recovery of a piece of plaintext message that is homomorphically encrypted, successfully undoing the privacy safeguards.

The attack, dubbed RevEAL, takes advantage of a "power-based side-channel leakage of Microsoft SEAL prior to v3.6 that implements the Brakerski/Fan-Vercauteren (BFV) protocol" and "targets the Gaussian sampling in the SEAL's encryption phase and can extract the entire message with a single power measurement," as per the researchers. 

SEAL versions 3.6 and after, released on December 3, 2020, and beyond, employ a different sampling technique, according to the researchers, who also warn that future versions of the library may have a "different vulnerability." 

Kim Laine, Microsoft's principal research manager who heads the Cryptography and Privacy Research Group, stated in the release notes, "Encryption error is sampled from a Centered Binomial Distribution (CBD) by default unless 'SEAL_USE_GAUSSIAN_NOISE' is set to ON. Sampling from a CBD is constant-time and faster than sampling from a Gaussian distribution, which is why it is used by many of the NIST PQC finalists."
Read more »
Subscribe to: Posts (Atom)