Tag Archive for: Machine

[Webinar] Artificial Intelligence & Machine Learning in the Age of Ransomware & Data Breaches – October 25th, 1:00 pm – 2:00 pm EDT | Association of Certified E-Discovery Specialists (ACEDS)

/in


Brian Wilson

Brian Wilson
Data Breach Advisory Services Managing Director
BDO

Brian leads our Data Breach Advisory services which assists organizations across the data breach lifecycle. We work with organizations to mitigate the risk of data breaches and identify when they occur; contain data breaches and minimize the impact on organizations; to holistically remediate vulnerabilities, harden defenses, incorporate lessons learned; and comply with regulatory reporting requirements, consumer data breach notifications laws, and third-party contractual obligations.

BDO’s ecosystem of capabilities, technologies, and partnerships are built on an uncompromising foundation of security, scalability, and defensibility. Our methodologies, agile approach, and tailored workflows assist organizations no matter where they are in the data breach lifecycle. Our subject matter expertise spans across legal, privacy, risk, compliance, crisis management, information governance, and cybersecurity. We adhere to industry standards, generally accepted frameworks and integrate leading, purpose-built, and emerging technologies including cloud, machine learning, and artificial intelligence to process information at scale and reduce the time it takes to report credible, reliable, and repeatable results with unwavering quality, consistency, and transparency.

Read Brian’s Full Bio

Source…

Hackers Gain Control of Casino Card Shuffling Machine for Godlike Control Over Games

/in


“Basically, it allows us to do more or less whatever we want.”

Shifty Shufflers

The house doesn’t always win.

Researchers at the security firm IOActive say they’ve discovered that a card shuffling machine called the Deckmate, widely used by casinos and long thought to be impervious, is actually vulnerable to hacking, Wired reports — an exploit that could give a skilled cheater omniscient knowledge of every player’s cards.

The investigation was spurred by a gambling scandal last year, when during a game of poker, a newcomer holding a terrible hand called the bluff of a veteran player — a call so baffling that the commentator thought that the live graphics were displaying the cards incorrectly.

Accusations of cheating followed, along with an official investigation by Hustler Live Casino, the host of the scandalous game. The casino’s report concluded there was no evidence of foul play, and averred that the Deckmate used at the game was “secure and cannot be compromised.”

Under the Table

That’s where the IOActive researchers begged to differ.

“At that point, it’s a challenge,” Joseph Tartaro, a researcher at the security firm, told Wired.

Presenting at a Las Vegas security conference, Tartaro and his team found that the latest version of the card shuffler, the Deckmate 2, can be hacked through its exposed USB port.

They theorize that a conniving player could pretend to drop something, go under the table where the Deckmate lies, and plug a device into the USB port. And if physically plugging in a hacking device lacks subtlety, the researchers claim that it could also be hacked remotely through the Deckmate’s internal modem.

From there, cheaters could access the shuffler’s internal camera that watches the cards, and relay that data over Bluetooth to a phone held by a partner nearby who could communicate with a trick like hand signals.

As a test, IOactive researchers made a hacking device out of a Raspberry Pi, exploiting, among several vulnerabilities, faulty firmware that let them tamper with the Deckmate’s encrypted code without detection. They paired this with a Bluetooth app that displayed the hands of other players based on the data.

“Basically, it allows us to do more or less whatever we…

Source…

IEEE Computer Society Emerging Technology Fund Recipient Introduces Machine Learning Cybersecurity Benchmarks

/in


Presentation at The Eleventh International Conference on Learning Representations (ICLR) debuts new findings for end-to-end neural network Trojan removal techniques

LOS ALAMITOS, Calif., May 5, 2023 /PRNewswire/ — Today, at the virtual Backdoor Attacks and Defenses in Machine Learning (BANDS) workshop during The Eleventh International Conference on Learning Representations (ICLR), participants in the IEEE Trojan Removal Competition presented their findings and success rates at effectively and efficiently mitigating the effects of neural trojans while maintaining high performance. Evaluated on clean accuracy, poisoned accuracy, and attack success rate, the competition’s winning team from the Harbin Institute of Technology in Shenzhen, with set HZZQ Defense, formulated a highly effective solution, resulting in a 98.14% poisoned accuracy rate and only a 0.12% attack success rate. This group will be awarded the first-place prize of $5,000 USD.

IEEE Computer Society Emerging Technology Fund Recipient Introduces Machine Learning Cybersecurity Benchmarks

“The IEEE Trojan Removal Competition is a fundamental solution to improve the trustworthy implementation of neural networks from implanted backdoors,” said Prof. Meikang Qiu, chair of IEEE Smart Computing Special Technical Committee (SCSTC) and full professor of Beacom College of Computer and Cyber Science at Dakota State University, Madison, S.D., U.S.A. He also was named the distinguished contributor of IEEE Computer Society in 2021. “This competition’s emphasis on Trojan Removal is vital because it encourages research and development efforts toward enhancing an underexplored but paramount issue.”

In 2022, IEEE CS established its Emerging Technology Fund, and for the first time, awarded $25,000 USD to IEEE SCSTC for the “Annual Competition on Emerging Issues of Data Security and Privacy (EDISP),” which yielded the IEEE Trojan Removal Competition (TRC ’22). The proposal offered a novel take on a cyber topic, because unlike most existing competitions that only focus on backdoor model detection, this competition encouraged participants to explore solutions that can enhance the security of neural networks. By developing general, effective, and efficient white box trojan removal techniques, participants have contributed to building trust in…

Source…

How machine learning can help crack the IT security problem

/in


Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

Less than a decade ago, the prevailing wisdom was that every business should undergo digital transformations to boost internal operations and improve client relationships. Next, they were being told that cloud workloads are the future and that elastic computer solutions enabled them to operate in an agile and more cost-effective manner, scaling up and down as needed. 

While digital transformations and cloud migrations are undoubtedly smart decisions that all organizations should make (and those that haven’t yet, what are you doing!), security systems meant to protect such IT infrastructures haven’t been able to keep pace with threats capable of undermining them.  

As internal business operations become increasingly digitized, boatloads more data are being produced. With data piling up, IT and cloud security systems come under increased pressure because more data leads to greater threats of security breaches. 

In early 2022, a cyber extortion gang known as Lapsus$ went on a hacking spree, stealing source code and other valuable data from prominent companies, including Nvidia, Samsung, Microsoft and Ubisoft. The attackers had originally exploited the companies’ networks using phishing attacks, which led to a contractor being compromised, giving the hackers all the access the contractor had via Okta (an ID and authentication service). Source code and other files were then leaked online.

Event

Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

 


Register Now

This attack and numerous other data breaches target organizations of all types, ranging from large multinational corporations to small startups and growing firms. Unfortunately, in most organizations, there are simply too many data points for security engineers to…

Source…