• Search for:
    18Sep, 2024
    4 Top Security Automation Use Cases

    With Gartner recently declaring that SOAR (security orchestration, automation, and response) is being phased out in favor of generative AI-based solutions, this article will explore in detail four key security automation use cases.

    1. Enriching Indicators of Compromise (IoCs)

    Indicators of compromise (IoCs), such as suspicious IP addresses, domains, and file hashes, are vital in identifying and responding to security incidents.

    Manually gathering information about these IoCs from various sources can be labor-intensive and slow down the response process.

    Automating the enrichment of IoCs can greatly enhance the efficiency of your security operations.

    Automation workflow:

    • Extract IoCs: Automatically extract relevant IoCs from security logs or alerts using text parsing tools or other automated methods.
    • Submit IoCs to Intelligence Services: Once extracted, the IoCs are automatically submitted to various threat intelligence services, such as VirusTotalURLScan, and AlienVault, via their APIs. These services can provide additional context, such as whether the IP address has been associated with known threats or if the domain has been flagged for suspicious activity.
    • Aggregate Results: The results from these intelligence services are aggregated into a single, comprehensive report. This step ensures that all relevant information is available in one place, making it easier for security analysts to assess the threat.
    • Deliver Enriched Data: The enriched IoC data is then delivered through communication channels like Slack, or directly added to the relevant incident ticket within the security management system. This ensures that all necessary information is immediately accessible to those who need it.

    2. Monitoring Your External Attack Surface

    The external attack surface of an organization includes all the external-facing assets that could potentially be exploited by attackers.

    These assets include domains, IP addresses, subdomains, exposed services, and more.

    Regular monitoring of these assets is important for identifying and mitigating potential vulnerabilities before they are exploited.

    Automation workflow:

    • Define Target Assets: Start by defining the domains and IP addresses that make up your external attack surface. These should be documented in a file that the automation system can reference.
    • Automated Reconnaissance: Use tools like Shodan to scan these assets on a weekly or monthly basis. Shodan can help identify open ports, exposed services, and other vulnerabilities.
    • Compile and De-duplicate Findings: The results from these scans are automatically compiled into a report. Any duplicate findings are removed to ensure that the report is concise and actionable.
    • Deliver Weekly Reports: The final report is delivered via email, Slack, or another preferred communication channel. This report highlights new or changed assets, potential vulnerabilities, and any redundant applications that may pose a risk.

    3. Scanning for Web Application Vulnerabilities

    Web applications are frequent targets for attackers, making regular vulnerability scans useful for maintaining security.

    Tools like OWASP ZAP and Burp Suite automate the process of identifying common vulnerabilities, including outdated software and misconfiguration.

    These scans also detect input validation vulnerabilities, helping to secure web applications.

    Automation workflow:

    • Define Web Assets: Begin by listing all the domains and IP addresses that host your organization’s web applications. These assets should be documented in a file for easy reference by the automation system.
    • Automated Vulnerability Scanning: The defined web assets are automatically sent to scanning tools like OWASP ZAP and Burp Suite. These tools perform comprehensive scans to identify vulnerabilities, including those that are commonly exploited by attackers.
    • Collect and Prioritize Results: The results from the scans are automatically collected and prioritized based on the severity of the vulnerabilities detected. Critical/severe vulnerabilities are highlighted for immediate action.
    • Deliver Results: The prioritized results are delivered to the relevant teams via Slack or as an enriched ticket within the incident management system. This ensures that the right people are notified of the vulnerabilities and can take appropriate action.

    4. Monitoring Email Addresses For Stolen Credentials

    Monitoring for compromised credentials is an important aspect of an organization’s cybersecurity strategy.

    Have I Been Pwned (HIBP) is a widely used service that aggregates data from various breaches to help individuals and organizations determine if their credentials have been compromised

    Automating the process of checking HIBP for exposed credentials can help organizations quickly identify and respond to potential security incidents.

    Automation workflow:

    • Compile User Emails and Domains: Create a list of user email addresses or domains that need to be monitored. This list should include all relevant user accounts within the organization, especially those with privileged access.
    • Query HIBP API: Automatically query the HIBP API with the compiled list of email addresses or domains. This step involves sending requests to HIBP to check if any of the email addresses have appeared in known data breaches.
    • Aggregate and Analyze Results: Collect the responses from HIBP. If any email addresses or domains are found in breach data, the details of these breaches (such as the breach source, type of exposed data, and date of the breach) are aggregated and analyzed.
    • Deliver Alerts and Reports: If compromised credentials are detected, automatically generate an alert. This alert can be sent via email, Slack, or integrated into the organization’s incident response system as a high-priority ticket. Include detailed information about the breach, such as the affected email addresses, the nature of the exposure, and recommended actions (e.g., forcing password resets).
    • Enforce Immediate Security Actions: Based on the severity of the breach, the system can automatically enforce security actions. For example, it might trigger a password reset for affected accounts, notify the users involved, and increase monitoring on accounts that were compromised.
    • Regular Scheduled Checks: Set up a schedule for regular checks against HIBP, such as weekly or monthly queries. This ensures that the organization remains aware of any new breaches that might involve their credentials and can respond promptly.

    Frequently Asked Questions

    Below we will answer some frequently asked questions about the automated workflows above and how they can help in a practical way.

    1. Don’t third-party services offer automation workflows anyway?
      Many services provide APIs that allow for automating parts of the workflow, like fetching data. However, building an end-to-end automated workflow typically requires coding and configurations. Replicating the entire workflow with scripts offers flexibility but is less powerful, as changes could break it. Leveraging available APIs with a centralized automation platform provides a stable, scalable solution.
    2. Can’t we just replicate this whole thing with bash scripts?
      Yes, it is possible to write Bash/PowerShell scripts to automate the security tasks mentioned in the article. Scripts offer flexibility that is lacking in manual processes. However, scripts require ongoing maintenance, and any changes could break the workflow. They may also lack advanced features like central management, scheduling, alerting, and reporting, which are offered by dedicated automation platforms like Blink Ops. A proper platform is more reliable and efficient for complex, long-running automation requirements.
    3. How does automating IoC enrichment help?
      Automating IoC enrichment speeds up the response process by gathering threat intelligence on indicators like IPs, domains, and file hashes from multiple sources simultaneously via APIs. This provides security teams with a single comprehensive report with the necessary context to assess threats quickly, rather than spending time manually searching different sources. It improves efficiency and situational awareness, enabling informed decisions to be made quickly.

    Ref: https://www.bleepingcomputer.com/news/security/4-top-security-automation-use-cases-a-detailed-guide/

    6Sep, 2024
    LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks

    Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin speeding up user browsing on over 6 million WordPress sites.

    The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated account takeover issue, was discovered by Patchstack’s Rafie Muhammad on August 22, 2024. A fix was made available with the release of LiteSpeed Cache version 6.5.0.1.

    Debug feature writes cookies to file

    The vulnerability is tied to the plugin’s debug logging feature, which logs all HTTP response headers into a file, including the “Set-Cookie” header, when enabled.

    Those headers contain session cookies used to authenticate users, so if an attacker can steal them, they can impersonate an admin user and take complete control of the site.

    To exploit the flaw, an attacker must be able to access the debug log file in ‘/wp-content/debug.log.’ When no file access restrictions (such as .htaccess rules) have been implemented, this is possible by simply entering the correct URL.

    Of course, the attacker will only be able to steal the session cookies of users who logged in to the site while the debug feature was active, but this includes even login events from the past if the logs are kept indefinitely and not wiped periodically.

    The plugin’s vendor, LiteSpeed Technologies, addressed the problem by moving the debug log to a dedicated folder (‘/wp-content/litespeed/debug/’), randomizing log filenames, removing the option to log cookies, and adding a dummy index file for extra protection.

    Users of LiteSpeed Cache are recommended to purge all ‘debug.log’ files from their servers to delete potentially valid session cookies that could be stolen by threat actors.

    An .htaccess rule to deny direct access to the log files should also be set, as the randomized names on the new system may still be guessed through multiple attempts/brute-forcing.

    WordPress.org reports that just over 375,000 users downloaded LiteSpeed Cache yesterday, the day v6.5.0.1 was released, so the number of sites remaining vulnerable to these attacks may surpass 5.6 million.

    LiteSpeed Cache under fire

    The particular plugin has remained at the epicenter of security research lately for its massive popularity and because hackers are constantly looking for opportunities to attack websites through it.

    In May 2024, it was observed that hackers were targeting an outdated version of the plugin, impacted by an unauthenticated cross-site scripting flaw tracked as CVE-2023-40000, to create administrator users and take control of sites.

    More recently, on August 21, 2024, a critical unauthenticated privilege escalation vulnerability tracked as CVE-2024-28000 was discovered, with researchers sounding the alarm about how easy it was to exploit.

    It only took threat actors a few hours after the disclosure of the flaw before they started attacking sites en masse, with Wordfence reporting blocking nearly 50,000 attacks.

    Today, two weeks have passed since the initial disclosure, and the same portal reports 340,000 attacks in the past 24 hours.

    Ref: https://www.bleepingcomputer.com/news/security/litespeed-cache-bug-exposes-6-million-wordpress-sites-to-takeover-attacks/

    27Aug, 2024
    Google tags a tenth Chrome zero-day as exploited this year

    Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests.

    Tracked as CVE-2024-7965 and reported by a security researcher known only as TheDog, the now-patched high-severity vulnerability is caused by a bug in the compiler backend when selecting the instructions to generate for just-in-time (JIT) compilation.

    Google describes the vulnerability as an inappropriate implementation in Google Chrome’s V8 JavaScript engine that can let remote attackers exploit heap corruption via a crafted HTML page.

    This was announced in an update to a blog post where the company revealed last week that it had fixed another high-severity zero-day vulnerability (CVE-2024-7971) caused by a V8 type confusion weakness.

    “Updated on 26 August 2024 to reflect the in the wild exploitation of CVE-2024-7965 which was reported after this release,” the company said in today’s update. “Google is aware that exploits for CVE-2024-7971 and CVE-2024-7965 exist in the wild.”

    Google has fixed both zero-days in Chrome version 128.0.6613.84/.85 for Windows/macOS systems and version 128.0.6613.84 Linux users, which have been rolling out to all users in the Stable Desktop channel since Wednesday.

    Even though Chrome will automatically update when security patches are available, you can also speed up this process and apply the updates manually by going to the Chrome menu > Help > About Google Chrome, letting the update finish, and clicking the ‘Relaunch’ button to install it.

    While Google confirmed that the CVE-2024-7971 and CVE-2024-7965 vulnerabilities have been used in the wild, it has yet to share more information regarding these attacks.

    “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google says.

    “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

    Since the start of the year, Google has patched eight other zero-days tagged as exploited in attacks or during the Pwn2Own hacking contest:

    • CVE-2024-0519: A high-severity out-of-bounds memory access weakness within the Chrome V8 JavaScript engine, allowing remote attackers to exploit heap corruption via a specially crafted HTML page, leading to unauthorized access to sensitive information.
    • CVE-2024-2887: A high-severity type confusion flaw in the WebAssembly (Wasm) standard. It could lead to remote code execution (RCE) exploits leveraging a crafted HTML page.
    • CVE-2024-2886: A use-after-free vulnerability in the WebCodecs API used by web applications to encode and decode audio and video. Remote attackers exploited it to perform arbitrary reads and writes via crafted HTML pages, leading to remote code execution.
    • CVE-2024-3159: A high-severity vulnerability caused by an out-of-bounds read in the Chrome V8 JavaScript engine. Remote attackers exploited this flaw using specially crafted HTML pages to access data beyond the allocated memory buffer, resulting in heap corruption that could be leveraged to extract sensitive information.
    • CVE-2024-4671: A high-severity use-after-free flaw in the Visuals component that handles the rendering and displaying content in the browser.
    • CVE-2024-4761: An out-of-bounds write problem in Chrome’s V8 JavaScript engine, which is responsible for executing JS code in the application.
    • CVE-2024-4947: Type confusion weakness in the Chrome V8 JavaScript engine enabling arbitrary code execution on the target device.
    • CVE-2024-5274: A type confusion Chrome’s V8 JavaScript engine that can lead to crashes, data corruption, or arbitrary code execution

    Ref: https://www.bleepingcomputer.com/news/security/google-tags-a-tenth-chrome-zero-day-as-exploited-this-year/

    19Aug, 2024
    Ransomware gang deploys new malware to kill security software

    RansomHub ransomware operators are now deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks.

    Named EDRKillShifter by Sophos security researchers who discovered it during a May 2024 ransomware investigation, the malware deploys a legitimate, vulnerable driver on targeted devices to escalate privileges, disable security solutions, and take control of the system.

    This technique is very popular among various threat actors, ranging from financially motivated ransomware gangs to state-backed hacking groups.

    “During the incident in May, the threat actors – we estimate with moderate confidence that this tool is being used by multiple attackers — attempted to use EDRKillShifter to terminate Sophos protection on the targeted computer, but the tool failed,” said Sophos threat researcher Andreas Klopsch.

    “They then attempted to run the ransomware executable on the machine they controlled, but that also failed when the endpoint agent’s CryptoGuard feature was triggered.”

    While investigating, Sophos discovered two different samples, both with proof-of-concept exploits available on GitHub: one exploiting a vulnerable driver known as RentDrv2 and another exploiting a driver called ThreatFireMonitor, a component of a deprecated system-monitoring package.

    Sophos also found that EDRKillShifter can deliver various driver payloads based on the attackers’ needs and that the malware’s language property suggests it was compiled on a computer with Russian localization.

    The loader’s execution involves three steps: first, the attacker launches the EDRKillShifter binary with a password string to decrypt and execute an embedded resource named BIN in memory. This code then unpacks and executes the final payload, which drops and exploits a vulnerable, legitimate driver to escalate privileges and disable active EDR processes and services.

    “After the malware creates a new service for the driver, starts the service, and loads the driver, it enters an endless loop that continuously enumerates the running processes, terminating processes if their name appears in a hardcoded list of targets,” Klopsch added.

    “It is also worth noting that both variants exploit legitimate (though vulnerable) drivers, using proof-of-concept exploits available on Github. We suspect that the threat actors copied portions of these proofs-of-concept, modified them, and ported the code to the Go language.”

    Sophos recommends enabling tamper protection in endpoint security products, maintaining a separation between user and admin privileges to prevent attackers from loading vulnerable drivers, and keeping systems updated, given that Microsoft keeps de-certifying signed drivers known to have been misused in previous attacks.

    Last year, Sophos spotted another EDR-killing malware, dubbed AuKill, which abused a vulnerable Process Explorer driver in Medusa Locker and LockBit ransomware attacks. AuKill is similar to an open-source tool known as Backstab, which also exploits a vulnerable Process Explorer driver and has been used by the LockBit gang in at least one attack observed by Sophos X-Ops.

    Ref: https://www.bleepingcomputer.com/news/security/ransomware-gang-deploys-new-malware-to-kill-security-software/

    15Aug, 2024
    Kicking cyber security down the road can come back to bite you

    The consequences of a successful cyber attack can be disastrous. They can lead to untold operational disruption from substantial financial loss to significant reputational damage. Yet despite the clear and present danger, some businesses continue to deprioritize cyber security, with a concerning 15% failing to invest in cyber security measures. Whether this is a calculated decision or a matter of managing risk, it exposes the businesses’ data and processes to attack.

    Large corporations like Microsoft and AT&T, both of which recently experienced cyber breaches, are particularly vulnerable. These very public incidents can feed the perception that small and medium-sized businesses are unlikely to be targeted by cybercriminals. However, this does not ring true when compared to a recent government survey which showed that 45% of medium-sized businesses, and 50% of all companies in the UK, have suffered some breach or cyber attack in the past 12 months.

    For these smaller businesses, implementing simple security procedures is a strong start. Some quick market research can also highlight that engaging with the right managed services provider (MSP) can be a cost-effective way of enhancing security and reducing cyber risk. Despite this, convincing business leaders to invest in cyber defenses can be an uphill battle – even if decisions to delay only amplify the risk. Turning a blind eye could lead to devastating consequences.

    An overshadowed priority

    Despite a shared understanding of cyber threats among security leaders and the C-suite, cyber security often gets overlooked. The root of this lies in a misalignment of priorities. Immediate business concerns like revenue growth, market expansion, and customer acquisition overshadow cyber security, which has historically been viewed as a cost center, rather than a revenue driver.

    This misalignment relegates security measures to a secondary issue, to be addressed only after a breach occurs. Alarmingly, a third of security leaders only prioritize cyber security expertise after an attack has happened.

    This reactive approach to cyber security is fraught with risk. Neglecting proactive cyber security measures can lead to a raft of negative consequences, including financial repercussions. The immediate costs from a breach might include ransom payments, remediation expenses, and legal fees, while long-term impacts can involve lost business, regulatory fines, and increased insurance premiums.

    Staff retention can also take a hit following a cyber attack – over half of employees indicate they would leave companies that have suffered from a breach. They are often driven by insecurity about the company’s future or frustration over inadequate security measures, leading to higher turnover rates.

    The repercussions also extend to business relationships. Larger or partner companies, particularly those with stringent security standards, may be unwilling to engage with businesses that fail to meet their security expectations, limiting opportunities for growth and collaboration. Similarly, the same could be said for potential customers who might shy away from businesses that have suffered a breach, further isolating the business from lucrative partnerships and contracts.

    Securing buy-in

    To ensure cyber security is prioritized, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks. The most effective way to get this message across is by using business metrics to show the potential financial impact of cyber attacks.

    Presenting case studies of similar organizations that have suffered financial losses from breaches and providing relevant statistics showing the financial and reputational cost can be very powerful to enhance your pitch. It is also key to highlight the benefits that strong cyber security affords a business. This includes building customer confidence, reputational protection, regulatory compliance, and financial security.

    Starting with baseline measures can help secure initial support from the C-suite. Simple steps, such as regular software updates, staff cyber awareness training, and using Endpoint Detection & Response (EDR) tools to quickly identify threats like ransomware can substantially reduce exposure to cyberattacks.

    Even simple changes to a company’s security posture can have long-lasting effects. Many threat actors and hackers are looking for easy targets – companies with exposed vulnerabilities. For example, one of the most common breach points is overlooked or underestimated aspects like poor password security.

    Since the human factor is such a large part of attacks, regular cyber awareness training sessions for all employees help to build a foundational understanding of cyber threats and safe practices. When everyone in the organization is vigilant and informed, the overall security posture is strengthened. For password security in particular, companies can also implement multi-factor authentication tools to ensure employees accessing the network are who they say they are.

    There is a myriad of cyber security tools out there to help secure your systems. Wading through the industry jargon can be tough and is often a daunting task. Tools such as Network Detection and Response (NDR) and Security Incident and Event Management (SIEM) require teams of specialists to constantly monitor and modify settings to maximize efficiency. Achieving this in a small and medium-sized business can be difficult and expensive. This can be overcome by partnering with an MSP who can provide expert advice and technical support to deliver a comprehensive security solution to your organization.

    It is time to implement cyber security measures now

    By deprioritising cyber security, businesses are essentially deferring costs. Every organization accrues a cyber security debt, which can be managed in two ways: it can either be paid upfront through continuous support and rigorous cyber security measures, or it will inevitably be paid later, often at a much higher cost when a breach occurs.

    A proactive approach to cyber security that adopts even simple cyber security solutions can better protect businesses from the risk and cost of a breach and help them build a reputation as a secure and dependable partner.

    Investing in cyber security today is not just about avoiding future costs; it’s about ensuring the long-term success and sustainability of the business.

    Ref: Link

    14Aug, 2024
    Delta vs. CrowdStrike: The duties vendors owe to customers – or do they?

    In a potentially groundbreaking dispute, Delta Air Lines is threatening to sue CrowdStrike, a leading cybersecurity firm, for alleged negligence and breach of contract. This case brings to the forefront critical questions about the duties vendors owe to their customers in an increasingly digital world.

    As cybersecurity threats evolve, the expectations placed on vendors to safeguard sensitive data and maintain robust security measures are higher than ever, but these vendors cannot be responsible for every aspect of their customers’ environments. How can cybersecurity vendors and their customers balance these responsibilities effectively and minimize risk?

    The dispute

    At the end of July, Delta’s CEO indicated that the CrowdStrike-Microsoft event cost the airline $500M because the IT outage stranded thousands of customers and caused them to cancel more than 6,000 flights. This cost includes not only lost revenue but also “the tens of millions of dollars per day in compensation and hotels” for delays stretching over a period of six days.

    Delta states that they have no choice but to seek damages from CrowdStrike for the disruptions due to the high costs incurred by the outage. Delta expected all technology deployed in their ecosystem to be thoroughly tested before release into their mission-critical environment. Unfortunately, CrowdStrike’s testing did not identify the issue.

    Do the legal arguments hold?

    Media reports thus far indicate that Delta believes CrowdStrike was negligent, which they argue is shown by the seemingly weak initial CrowdStrike apology. Delta had to manually reset 40,000 servers to resolve the issue and took longer to bounce back to normal operations than its competitors, sparking an investigation by the US Department of Transportation’s Office of Aviation Consumer Protection. That investigation may result in additional costs for Delta on top of the reputational hits the airline has already endured.

    CrowdStrike, on the other hand, argues that Delta’s claims are meritless and emphasizes their own efforts to appropriately assist vendors with recovery from the outage, satisfying the cybersecurity company’s duty of care to its customers and vendors in the event of a systems failure. If CrowdStrike is found to be negligent in its performance of the Delta contract, a court could declare that the damage caps in its contract moot, thus entitling Delta and other similarly impacted CrowdStrike customers to a much larger financial recovery.

    It remains to be seen whether Delta will file a lawsuit, but such a case may be difficult to win, particularly if CrowdStrike can show that it reasonably fulfilled its contractual obligations. In some respects, the negligence argument is analogous to claiming that a sprinkler system provider should ensure a building can never have a fire, highlighting the unrealistic expectations sometimes placed on cybersecurity vendors.

    This event highlights the challenging dynamic for Delta and any other CrowdStrike customer seeking damages, even though the incident made it impossible for them to operate their business effectively. Incidents like these are a harsh reminder that accidents, just like cyberattacks, can have serious impacts, and customers may still be on the hook for losses.

    Responsibility includes accountability and trust

    Regardless of the allegations from Delta, CrowdStrike appears to be holding up to its responsibility as a cybersecurity vendor. For example, this past week the company released a root cause analysis of the incident detailing the lessons learned, including how they are improving their process and identifying steps to enhance resilience.

    Without question, a lot of things went wrong on July 19. This public volleying between CrowdStrike and Delta highlights the challenges for cybersecurity vendors and their customers in digital environments reliant on multiple integrations and interdependencies. To protect cybersecurity vendors and their customers effectively, both parties must hold themselves accountable and act as trustworthy partners in protecting against cyber and business continuity risks.

    4 ways to manage these risks

    Given the ever-present cyber risks and potential for downtime events that pose a serious threat to business continuity, it makes sense for companies to identify alternative ways to manage these risks.

    1. Understand how incidents like these can impact business and operations. It is now critical to fully understand how an outage could impact the business and enable internal teams to focus on impact mitigation strategies in addition to typical incident response.

    2. Know the status quo when negotiating contracts with vendors to the greatest extent possible. At the beginning of a vendor relationship, consider the impact if that vendor fails to the extent that the customer can’t deliver on its own business obligations. If Delta could have foreseen this event and its impact, they could have negotiated higher limitations of liability in the contract (although unlikely to come anywhere close to the $500M mark).

    3. Consider insurability. Based on various insurance industry estimates, it appears that insurance recovery for this event will only be a fraction of the total estimated losses. Additionally, many cyber insurance policies are designed to primarily cover malicious events, which this event was not. That said, coverage is available for losses of this type and companies should be reviewing their policies right now and seeking to amend coverage as desired.

    4. Evaluate whether it makes sense to have redundant or alternative capabilities in place in case of a vendor failure. It may turn out that entirely redundant capabilities are cost prohibitive or impractical, but by not at least considering the question and understanding the tradeoffs, the business is not fulfilling its own duty of care.

    A new shared responsibility model

    Minimizing risk requires vendors and their customers to work together. No cybersecurity vendor has control over the environments in which their solutions are deployed, but they can and must do their best to minimize the risk that their solutions, intended to protect their customers, do not cause massive IT outages.

    Customers, on the other hand, must maintain a modern IT infrastructure, stay up to date on available software patches, and be prepared for diverse risk scenarios. There is not a shared responsibility model defined for these types of relationships yet, but this may be the defining event that prompts one to emerge.

    Ref: Link

    13Aug, 2024
    Criminal IP and Maltego Collaborate to Broaden Threat Intelligence Data Search

    Criminal IP, an expanding Cyber Threat Intelligence (CTI) search engine from AI SPERA, has recently completed its technology integration with Maltego, a global all-in-one investigation platform that specializes in visualized analysis of combined cyber data.

    This collaboration integrates Criminal IP’s comprehensive database of malicious IPs, domains, and CVEs directly into Maltego’s unified user interface and adds Criminal IP to Maltego’s marketplace, Transform Hub.

    Maltego translates Criminal IP data into a visual data graph, allowing users to easily recognize relationships between each entity and associated risks by adjusting the layouts and assigning weights to them.

     Criminal IP’s C2 tag and vulnerability data visualized through Maltego

    Criminal IP-Maltego Introduces New Features: Visualizing, Tracking Cyber Threat Information

    Now through its partnership with Criminal IP, its trusted data source, and an OSINT CTI tool, Maltego users can also harness Criminal IP’s comprehensive threat intelligence search functionalities to instantly visualize data.

    New key features in Maltego allow users to visualize vulnerabilities by importing Criminal IP’s comprehensive data, including CVEs, assets’ reputation, botnets, Command & Control servers (C2), domain phishing information, and more.

    They can also track exposed personal information in banner data, such as API keys, token values, bank account numbers, and Bitcoin wallet addresses, ensuring prompt identification.

    The tool visually verifies relationships between IP addresses and domains, facilitating rapid response and effective threat tracking.

    Criminal IP’s Domain and IP data visualized through Maltego 

    Maltego: Speeding up Cyber Investigations in a Single Interface

    Maltego is an integration platform with a high impact on the field of threat intelligence and has integrations with several well-known products, including Microsoft Sentinel, IBM QRadar, and Google Maps Geocoding.

    Its existing features drastically accelerate complex cyber investigation by enabling quick preliminary OSINT investigations for digital profiling with Maltego Search as well as complex link analysis for large datasets with Maltego Graph.

    Through Maltego Evidence and Maltego Monitor, the platform enables investigators to collect, monitor, and preserve social media intelligence in real time for prosecution and public safety.

    About AI SPERA

    AI SPERA, renowned for its advanced solutions, has expanded internationally with ‘Criminal IP’ as its flagship offering. Operating in 150+ countries, ‘Criminal IP’ is backed by enterprise-grade security solutions like ‘Criminal IP ASM’ and ‘Criminal IP FDS’. Strategic partnerships with global leaders such as Cisco, VirusTotal, and Quad9 have significantly enhanced ‘Criminal IP’s capabilities. Recently, AI SPERA’s ‘Criminal IP’ has entered the marketplace of major US data warehousing platforms including Amazon Web Services (AWS), Microsoft Azure, and Snowflake, expanding its global reach for threat data.

    Ref: Link

    12Aug, 2024
    LMI buys 3D robot guidance firm, Liberty Robotics
    Liberty Robotics’ VFix technology guides automotive robots using 3D vision to measure six degrees of freedom for large parts or vehicle bodies.

    The Canadian 3D scanning and inspection developer LMI Technologies is buying the US robotic guidance specialist Liberty Robotics for an undisclosed sum. Michigan-based Liberty (formerly known as Liberty Reach), develops 3D machine vision systems to guide robots in automotive, material-handling/packaging, and logistics applications.

    The acquisition will allow LMI to use Liberty Robotics’ strong foothold in North America to expand its global footprint and accelerate its growth in Asia-Pacific and Europe.

    “This acquisition marks a significant milestone in our strategic growth, expanding our solution-based capabilities in the automotive and packaging and logistics industries,” says LMI Technologies CEO, Mark Radford. “Liberty Robotics brings deep expertise in robot integration with large field-of-view snapshot scanning as well as powerful application-level software, including its industry-leading solutions for vision-based robotic guidance and mixed-case palletization that perfectly complement LMI’s advanced smart 3D sensor technology infrastructure and global market presence.”

    Liberty Robotics’ VFix and VGuide systems allow precise end-of-arm robotic guidance for automotive applications such as parts handling and applying coatings and sealers. Its customers include BMW, Tesla, VW, Honda, Toyota, Mercedes-Benz, Nissan, and Stellantis.

    Liberty has used its experience in the automotive industry to develop vision guidance systems for robotic applications in the materials-handling/packaging and logistics sectors. Its VPack and VPick systems support automated mono and mixed-case palletizing, depalletizing, decanting, and delayering for autonomous material handling in logistics centers.

    They can handle mixed pallets of boxes that vary in size, color, and pattern. This will help to drive LMI’s growth in materials-handling applications.

    Unlike contact-based measurements or 2D vision systems, Liberty’s non-contact technologies add 3D shape information for 100% quality control. It also offers AI-based systems that provide deep-learning-driven visual inspection for production processes.

    “We see tremendous synergies between LMI and Liberty Robotics,” says Radford. “Liberty Robotics’ proven technologies and talented team will greatly enhance our ability to deliver integrated, high-value solutions to our customers worldwide. We aim to set new benchmarks in factory automation efficiency and innovation.”

    Ref: Link

    7Aug, 2024
    ISRO offers free 5-day AI, ML course for students, certificate on completion

    ISRO offers free 5-day AI and ML courses for students and a certificate on completion

    The Indian Space Research Organisation (ISRO) is going to hold a free 5-day online course to equip students with essential skills in artificial intelligence (AI) and machine learning (ML) from August 19 to 23.

    This free 5-day course on AI is part of the IIRS outreach program, which aims to drive innovation within the space sector and beyond. There is no fee for attending this program.

    Launched in 2007, the Indian Institute of Remote Sensing (IIRS) outreach program has expanded to over 3,500 network institutes, benefiting universities, government departments, research institutes, and NGOs. It has been instrumental in promoting capacity building in geospatial technology and its applications.

    COURSE ELIGIBILITY

    The free ISRO course is designed for professionals, students, and researchers in civil engineering, computer science, and geoinformatics.

    Those interested in exploring AI, ML, and deep learning (DL) for geospatial applications are encouraged to apply.

    COURSE CONTENT

    The following broad topics will be covered in the course:

    • Introduction to AI/ML and DL
    • Methods in Machine Learning: Supervised, Unsupervised and Reinforcement
    • Deep Learning concepts through CNN, RNN, R-CNN, Faster RCNN, SSD, YOLO, etc., and their applications
    • Spaceborne Lidar Systems
    • Machine learning through the Google Earth engine
    • Python for Machine/Deep Learning Models

    The course, scheduled from August 19-23, 2024, will provide lecture slides, video-recorded lectures, open-source software, and demonstration handouts through the e-class platform.

    The course will be conducted online via the e-class platform of IIRS-ISRO, requiring only a good internet connection and basic computer hardware.

    COURSE SCHEDULE

    Online lectures will be held every day from 4 pm to 5:30 pm.

    • Aug 19: Introduction to AI/ML and DL – Dr. Poonam Seth Tiwari
    • Aug 20: Methods in Machine Learning: Supervised, Unsupervised, and Reinforcement – Dr. Hina Pande
    • Aug 21: Deep Learning Concepts: CNN, RNN, R-CNN, Faster RCNN, SSD, YOLO, etc., and Their Applications – Dr. Poonam Seth Tiwari
    • Aug 22: Machine Learning Through Google Earth Engine – Dr. Kamal Pandey
    • Aug 23: Python for Machine/Deep Learning Models – Ravi Bhandari

    Course updates and other details will be available on IIRS website.

    HOW TO APPLY

    Participants can register and check their application status through this link.

    Registration is on a first-come, first-served basis.

    For individual registrations, approval is automatic, and participants will receive login credentials for ISRO LMS.

    Participants can register through nodal centres as well, with approval from the coordinator of the nodal centre.If the application is pending approval, participants should contact their respective nodal centre coordinator.

    For institutional participation, organisations must identify a coordinator to register their institute as a nodal centre.

    CERTIFICATE AWARD

    Students will receive a ‘Course Participation Certificate’ upon completing the course with a minimum attendance of 70%.

    This certificate will be available for download on the ISRO Learning Management System (LMS).

    This initiative by ISRO offers an excellent opportunity for individuals to enhance their AI skills and contribute to India’s growing space sector. Don’t miss this chance to advance your knowledge and capabilities in artificial intelligence and machine learning.

    Watch Live TV in English

    Ref: link

    3Aug, 2024
    Google Adds Lens, and Other AI Tools to Chrome on Desktop

    Google Chrome users on Mac, PC, or Chromebook will soon see some new features designed to make searching the web more flexible. The new features are enabled by Google Gemini and other Google AI models.

    Google Chrome’s last major AI update was in May , when it announced Gemini functionality across Workspace and added AI-generated answers to some Search queries.

    What are Chrome’s new features?

    The three new features are:

    • Google Lens in Chrome on the desktop browser.
    • Tab compare, an automatically generated comparison tool for online shopping.
    • Natural language search in browser history.

    Google Lens allows users to select specific elements from a picture or web page. It’s best suited for shopping since it can tell you where to purchase an object in a photo. Google Lens answers general queries, too, such as searching the web for a certain type of plant or more information about an equation. Google Lens in Chrome will be accessible to click-and-drag from the address bar or in the right-click or meatball menu.

    Tab compare generates a chart listing the attributes of two or more products. Users can create a comparison table for products from different marketplaces and vendors, as long as they line those products up in tabs with each other.

    “Online comparison is something we hear users want help with,” wrote Parisa Tabriz, vice president of Chrome at Google, in a press release.

    Perhaps the most remarkable Chrome update from a security perspective is the ability to search your browsing history using natural language. Google suggests a consumer use for this too — the question “What was that ice cream shop I looked at last week?” — but it could have business applications too, such as searching across multiple meetings and communication platforms.

    Cautionary features in place around search history include:

    • Using the AI search feature is optional.
    • The AI search feature can be turned off in Chrome settings.
    • The AI search feature never includes browsing data from incognito mode.

    Tabriz said Google is leveraging AI to make it easier for users to “quickly get things done and find the information you want. Our goal is to keep making your browsing experience even more helpful, through the power of AI,” she explained.

    Ref: Link

    Akchara