Major Updates To NIST Cybersec Framework Are Inbound

Posted in Commentary with tags on February 25, 2023 by itnerd

The U.S. Dept. of Commerce National Institute of Standards and Technology (NIST) is proposing significant reforms to their Cybersecurity Framework (CSF) for the first time in five years, and the final week for stakeholder input begins Feb. 27, 2023. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The Framework is voluntary. First published in 2014 and revised in 2018, the CSF provides a set of guidelines and best practices for managing cybersecurity risks.

NIST held two additional stakeholder workshops this week just prior to the public comment period ending March 3rd

I have three views of this. Starting with Chloe Messdaghi, Managing Director of Impactive Partners:

   “It’s great to hear that there will be a significant reform to the framework. It is important to recognize that security team wellness determines how successful the use of the framework is. We cannot continue to ignore the human element part that cybersecurity plays when we are protecting from attacks. 

   “When a team has poor leadership and management, it places the greatest risks for creating a revolving door environment, mental health issues, lack of inclusion, and a continuing overstretched security team, which in return, leads to an increased cybersecurity risk for an organization.”

Next up is Bryson Bort, Founder and CEO of  SCYTHE

   “Small business and education have been out in the cold for years as cyber poor, but target rich. Ransomware has moved the threat from expert jargon to preying on your local community. We’re seeing the government work collaboratively beyond pushing paper (NIST CSF) to rolling up their sleeves to help them directly with CISA’s announcement on these same priorities last month.”

Finally I have Christopher Hallenbeck, CISO, Americas for Tanium:

   “Practical guidance has long been missing. NIST publications tend to be dense reads filled with jargon that make them less approachable to less resourced organizations. I’m glad to see an emphasis on addressing the underrepresented community of small businesses in this process.”

This reform by NIST is important as this will ensure that the threat landscape is reduced. Which in turn will make it harder for threat actors to do their dirty work.

Leave a comment »

Twitter Removes Captions From Twitter Spaces…. Dealing A Blow To Hearing Impaired Users

Posted in Commentary with tags on February 24, 2023 by itnerd

If you’re hearing impaired, and you’re a Twitter user, you’re not going to be using the Spaces feature on Twitter. According to The Verge, the caption feature that used to be part of Spaces is broken on multiple platforms:

Twitter Spaces, the company’s social audio rooms, no longer lets you use captions if you’re listening on iOS. Twitter still advertises that you can turn on captions through the three-dot menu in a Space, but on iOS, that option currently isn’t there.

On other platforms, it seems like captions should work but don’t. When listening to a Space on the web, captions don’t show, and while the “CC” closed captions button is present, clicking it on or off doesn’t change anything. On Android, the option to turn on captions is there, but it didn’t work for one Verge staffer.

While this could be a bug that could yet be fixed. Captions apparently haven’t worked for a while on Twitter Spaces. That implies that Elon Musk’s extreme cost cutting has resulted in the people behind this feature being downsized. Which means that there’s nobody left to fix whatever is wrong with this feature. There’s also the possibility that Elon and his incredibly short sighted mentality has simply yanked this feature. The thing is either is plausible. And either way, if you’re hearing impaired, it’s a big reason not to use Twitter as clearly that community doesn’t matter to Elon.

Leave a comment »

Dole Getting Pwned By Ransomware Is Just Bananas

Posted in Commentary with tags on February 24, 2023 by itnerd

Food giant Dole has disclosed that they have been hit by a ransomware attack. But only after the news hit the media. Let’s start with what Dole had to say

Dole plc announced today that the company recently experienced a cybersecurity incident that has been identified as ransomware.

Upon learning of this incident, Dole moved quickly to contain the threat and engaged leading third-party cybersecurity experts, who have been working in partnership with Dole’s internal teams to remediate the issue and secure systems. 

The company has notified law enforcement about the incident and are cooperating with their investigation.

While continuing to investigate the scope of the incident, the impact to Dole operations has been limited.

That’s your standard PR statement that basically says “nothing to see here, move along.” Except that CNN has a slightly different story:

A cyberattack earlier this month forced produce giant Dole to temporarily shut down production plants in North America and halt food shipments to grocery stores, according to a company memo about the incident obtained by CNN. 

The previously unreported hack — which a source familiar with the incident said was ransomware — led some grocery shoppers to complain on Facebook in recent days that store shelves were missing Dole-made salad kits. 

“Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America,” Emanuel Lazopoulos, senior vice president at Dole’s Fresh Vegetables division, said in a February 10 memo to retailers. 

Dole has four processing plants in the US and employs more than 3,000 people, according to a recent company press release.

After CNN published this story on Wednesday afternoon, Dole spokesperson William Goldfield sent CNN a statement confirming that ransomware was the cause of the incident.

“The company has notified law enforcement about the incident and are cooperating with their investigation,” Dole’s statement said in part. “While continuing to investigate the scope of the incident, the impact to Dole operations has been limited.”

However, two grocery stores in Texas and New Mexico contacted by CNN on Wednesday said they couldn’t stock Dole salad kits on their shelves for days.

So much for “the impact to Dole operations has been limited.” This is a classic case of a company trying to keep the fact that they got pwned quiet, and then scrambling to explain getting pwned after the news gets out.

Morten Gammelgaard, EMEA, co-founder of BullWall had this comment:

   “When ransomware attacks force giant food processing operators like Dole to shut down production, the effects can ripple through the entire economy. Threat actors have significantly accelerated their deployment of ransomware, from an average of 60 days per attack in 2019 to less than four days in 2021, according to a recent IBM report. Even for large multi-national companies such as Dole, staying on top of network vulnerabilities and updating prevention based security constantly is very difficult.  You will be breached and you’d best be prepared.”

   “The Dole ransom attack highlights how the just-in-time nature of food supply chains makes them particularly vulnerable to financially motivated cyberattacks, like ransomware. As production and distribution are tightly coordinated to minimize waste and cost, any disruption caused by a cyberattack can have a ripple effect throughout the supply chain, leading to shortages and inevitable price increases.”

   “Should Ransomware slip through any of the multitude of potential weaknesses in small and large environments it is very important to have Ransomware Containment in place (not the same as ransomware prevention). It acts as a Last Line of Defense against “active” attacks – i.e. when encryption starts to corrupt your data as a fully automated response. It has saved many well-prepared organizations millions of dollars.”

Finally Darren Williams, CEO and Founder of BlackFog said this:

“Similar to other devastating ransomware attacks we have seen recently these attacks are highly targeted, and existing technologies are insufficient to cope with these modern attack variants. The speed at which attackers can breach and leverage a network infrastructure is now unparalleled with the time to deployment down from 60 days to less than 4 days. Detecting and responding to these events manually is no longer feasible for an organization. Focus must be around prevention and stopping data exfiltration before any damage can be done. “

Because Dole isn’t a small food provider, I would hope that the relevant authorities are investigating this because with threat actors targeting operations like Dole, one of these attacks could result in things going very badly for millions of people.

Leave a comment »

Fisker Announces ChargePoint For North American Public Charging

Posted in Commentary with tags on February 24, 2023 by itnerd

Fisker Inc has named ChargePoint Holdings, Inc., a leading electric vehicle (EV) charging network, as Fisker’s North American partner for electric vehicle public charging solutions.

The Fisker and ChargePoint collaboration will provide Fisker EV owners with access to more than 210,000 active ports under management, with over 16,700 DC fast charge ports and over 400,000 roaming ports, making it easy to find reliable charging. The two companies intend to make it easy for drivers to access ChargePoint’s industry-leading network of Level 2 and DC fast chargers, and roaming partner stations; which together encompass more than 80% of public charging spots in North America.

The ChargePoint network will be available to Fisker Ocean owners starting with vehicle deliveries in the US and Canada.  Fisker Ocean drivers can locate ChargePoint and roaming partner charging stations within the Fisker Ocean’s navigation system and  through the ChargePoint mobile app.  At launch, drivers can use the App and the Fisker Ocean’s central touchscreen to search for and navigate to charging stations, filter search for DC fast charge locations, do basic EV route planning, and calculate arrival times at charging stops. 

The Fisker Ocean, Fisker’s ground-breaking all-electric SUV, is available in a sold-out limited edition Fisker Ocean One, and three additional trim levels: Extreme, Ultra, and Sport.  The top trim Fisker Ocean Extreme travels up to 350 miles on a single charge, with dual-motor, all-wheel-drive, three driving modes, Revolve 17.1″ rotating screen, SolarSky roof, California Mode, Smart Traction, and many first-to-market safety features, including the world’s first digital radar, all for $68,999 in the US.  

Leave a comment »

TikTok Faces An Investigation In Canada And Bans In The EU

Posted in Commentary with tags on February 24, 2023 by itnerd

TikTok faces a lot of headwinds in a lot places. And that list seems to be growing. Let’s start with Canada, where three provinces and Canada’s Privacy Commissioner are launching an investigation into TikTok:

The investigation was initiated in the wake of now settled, class action lawsuits in the United States and Canada, as well as numerous media reports related to TikTok’s collection, use and disclosure of personal information.

The four privacy regulators will examine whether the organization’s practices are in compliance with Canadian privacy legislation and in particular, whether valid and meaningful consent is being obtained for the collection, use and disclosure of personal information. The investigation will also determine if the company is meeting its transparency obligations, particularly when collecting personal information from its users.

An important proportion of TikTok users are younger users. Given the importance of protecting children’s privacy, the joint investigation will have a particular focus on TikTok’s privacy practices as they relate to younger users, including whether the company obtained valid and meaningful consent from these users for the collection, use and disclosure of their personal information.

That in itself is bad if you’re TikTok. But combine that with this news that TikTok has been banned from the devices of EU staff, it gets worse:

The European Union’s two biggest policy-making institutions have banned TikTok from staff phones for cybersecurity reasons, marking growing concerns about the Chinese short video-sharing app and its users’ data.

TikTok, which is owned by Chinese firm ByteDance, is under scrutiny from governments and regulators because of concerns that China’s government could use its app to harvest users’ data or advance its interests.

EU industry chief Thierry Breton, who announced a ban by the European Commission, declined to say whether the Commission had been subject to any incidents involving TikTok.

An official also said on Thursday that staff at the EU Council, which brings together representatives of the member states to set policy priorities, would also have to un-install TikTok from their personal phones with access to EU Council services.

This is following this action by the US government to punt TikTok from government devices. Not to mention pressure in the US to ban TikTok outright.

Chris Vaughan, AVP – Technical Account Management, EMEA, Tanium:

   “These national bans are part of a wider issue about how much Chinese influence is deemed acceptable when it comes to national infrastructure and everyday life. We have seen concerns increase in the West in recent months, with the use of Chinese surveillance technology being restricted and Chinese computer chips being rejected. There have been numerous reports of Chinese efforts to sway politicians by way of lobbying and donations, and the public via social media and the spread of disinformation.”
 
   “Historically, Russia has been the most prominent user of information operations as we saw from its activities related to the 2016 US election and the Brexit referendum. China has been more focused on stealing intellectual property which it can then use to its own advantage. However, there are indications that the CCP will start to focus more on information and influence operations to achieve its strategic goals. Any instances of this need to be met head on by western political leaders who should take a strong stance against it at the government level, rather than leaving the responsibility to individual institutions like colleges.”


Matt Marsden, VP, Technical Account Management, Tanium had this to add:

   “We’ve recently seen steps taken by the government in the US, at both the state and federal level, to ban TikTok from state-owned devices, so it’s no surprise to see the EU do so as well. This is a good start, but a more comprehensive approach needs to be taken to protect our citizens from social media campaigns designed to further foreign political objectives.

   “Chinese intelligence tactics are focused on longer-term objectives and are fueled by the sustained collection of data. The immense collection of user data, to now include commerce and purchasing information, combined with biometrics and activity tracking, feeds detailed intelligence to be used in operations. This data can be leveraged to deliver targeted, timely, and often personalized psychological operations against individuals or groups of citizens. This has been observed during election cycles and politically charged events in recent years. “

This isn’t a good look if you’re TikTok because nobody trusts ByteDance who owns TikTok. And nothing they do right now seems to be able to stop bans and investigations from happening. In my mind, it’s only a matter of time before someone lowers the boom on them, the US for example, and then other countries will follow suit. Which will likely spell the end of TikTok.

2 Comments »

Guest Post: AI in the Data Management & Security Lifecycle

Posted in Commentary with tags on February 24, 2023 by itnerd

By Noah Johnson, Co-Founder & CTO, Dasera

No longer just a buzzword, companies have begun leveraging artificial intelligence (AI) to manage their data management lifecycles. AI has been increasingly adopted by companies across industries to help manage their data, and its use is expected to continue to grow. In fact, according to a survey conducted by Gartner, 37% of organizations have implemented AI in some form, and another 33% plan to implement it in the next year.

This adoption is because AI has proven to be effective in automating routine tasks and providing insights into data that can be used to make better business decisions. By leveraging AI, companies can ensure that their data is accurate, integrated, and stored in the most cost-effective way possible. Additionally, AI can help to improve data security by detecting and preventing data breaches and other security threats.

AI is a valuable tool for managing data throughout its lifecycle, and its use is likely to continue to grow as more and more companies realize its benefits. Here are some insights on the role of AI in data management:

  • Data quality management: AI can automatically detect and correct errors and inconsistencies in data, ensuring that data is accurate and reliable, which is crucial for making sound business decisions.
  • Data integration: AI can automate the process of integrating data from different sources, reducing the risk of errors that can occur when data is integrated manually and saving time.
  • Data storage: AI can optimize data storage, ensuring that data is stored in the most cost-effective way possible, reducing storage costs, and improving overall data management efficiency.
  • Data analysis: AI can automate data analysis tasks such as identifying patterns and anomalies in data, providing businesses with valuable insights, and helping them make better decisions based on the data they have.
  • Data security: AI can detect and prevent data breaches and other security threats, for example, by monitoring network traffic and detecting suspicious activity that could indicate a cyber attack.

AI now plays a vital role in effectively managing data throughout its lifecycle, from data quality management to data security. Its ability to automate routine tasks and provide insights can help businesses improve their data management and stay competitive in a data-driven world.

Leave a comment »

Twitter Continues To Show Signs Of Failure

Posted in Commentary with tags on February 24, 2023 by itnerd

Once again, the folks at Platformer are doing amazing work to show how dysfunctional Elon Musk led Twitter is. In their latest report that dropped last night, the team at Platformer starts with this:

On Wednesday, Twitter employees had the tech equivalent of a snow day: the company’s Slack instance was down for “routine maintenance,” they were told, and the company was implementing a deployment freeze as a result. 

That same day, Jira – a tool Twitter uses to track everything from progress on feature updates to regulatory compliance – also stopped working. With no way to chat and no code to ship, most engineers took the day off. 

Jira access was restored on Thursday. But Platformer can now confirm that Slack wasn’t down for “routine maintenance.” “There is no such thing as routine maintenance. That’s bullshit,” a current Slack employee told us.

In this as in so many other things, Twitter hasn’t paid its Slack bill. But that’s not why Slack went down: someone at Twitter manually shut off access, we’re told. Platformer was not able to learn the reason prior to publication, though the move suggests Musk may have turned against the communication app — or at least wants to see if Twitter can run without Slack and the expenses associated with it. (Musk’s Tesla uses a Slack competitor called Mattermost for in-house collaboration, and Microsoft Outlook and Teams for email and meetings.)

On Blind, the anonymous workplace chat app, the disappearance of such critical tools was met with a mixture of disbelief, frustration, and (to a lesser extent) glee.

“We didn’t pay our Slack bill,” one employee wrote. “Now everyone is barely working. Penny wise, pound foolish.”

Another worker called the disappearance of Slack the “proverbial final straw.” 

“Oddly enough, it’s the Slack deactivation that has pushed me to finally start applying to get out,” they wrote.

This underlines that Elon really doesn’t understand Twitter, its culture, and the tools that it users. And that lack of understanding has consequences as outlined above with employee discontent. But that’s not his only issue. Elon wants to open source Twitter’s algorithm for reasons nobody understands. But:

It’s unclear whether Twitter will actually hit that deadline — Musk seems to announce a new thing coming “next week” all the time, and often those deadlines pass and whatever feature was allegedly coming is never heard of again.

This is a classic example of Elon being someone who can’t follow through on his promises because he either lacks the ability to do so, or he’s just writing cheques that his a** can’t cash.

Another of Musk’s ongoing projects is to improve Twitter’s performance. At the end of last year, he claimed progress. “Significant backend server architecture changes rolled out,” he tweeted on December 28. “Twitter should feel faster.” 

In fact, publicly available data indicates that Twitter has been slowly degrading since that month, when it shut down its Sacramento data center. The information comes from Singlepane, a startup whose tool measures latency issues using external signals; the company has been actively monitoring what it describes as a degradation in Twitter’s quality of service.

According to the company’s data, Twitter has seen increased latency — the time between taking an action like refreshing the timeline and seeing new tweets populate in your feed — during times when more people are using the service. Singlepane showed latency spikes during the halftime show of the Super Bowl, for example, and in the aftermath of the recent earthquake in Turkey. 

We ran the data by current Twitter engineers, who say it tracks with what they’re seeing internally. 

But it’s not only big external events that can cause the platform to become slower or less stable. When a user takes their account private, Twitter’s systems have to go through every single tweet in the account’s history and mark them as private, before making those tweets visible to the private account’s followers. 

That can be a data-intensive request for a large account a big lift – like, say, Elon Musk’s. Singlepane’s data show that Twitter experienced significant latency issues when Musk took his account private in early February, as part of his effort to understand why fewer people have been liking his tweets lately. (He figured out a separate fix for that problem just a few days later.)

On top of all the other news, parts of Asia experienced a roughly 20 minute Twitter outage today, we’re told. 

This illustrates that this recent outage, this recent outage, and this other recent outage aren’t isolated incidents. They’re becoming the norm. And more outages are coming. You can bank on that because Elon has proven that he’s not capable of running Twitter. Thus it’s only a matter of time before he runs Twitter into the ground.

1 Comment »

New Account Compromise attack Offers Fake Jobs to Students in Exchange for sensitive Information

Posted in Commentary with tags on February 23, 2023 by itnerd

Today, Armorblox released its latest blog of a recent account compromise attack that targeted a large university. 

These emails, targeting over 160,000 end users and a much larger number of organizations outside as well from this compromised account in a trusted university, bypassed native Microsoft 365 Email Security (receiving an SCL score of -1) to land in victims’ inboxes. 

How it worked: the attack involved the use of a compromised account to execute a malicious email attack to university students about a (fake) job that was open for applications. Clicking the Apply Here button directed victims to a google form that included a summary of the position and asked for sensitive information such as address, phone number, bank name, full name, age, etc.

The blog post can be found here.

Leave a comment »

ESET discovers WinorDLL64 backdoor, likely part of the Lazarus arsenal

Posted in Commentary with tags on February 23, 2023 by itnerd

ESET researchers have discovered the WinorDLL64 backdoor, one of the payloads of the Wslink downloader. The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group Lazarus. Wslink’s payload can exfiltrate, overwrite, and remove files, execute commands, and obtain extensive information about the underlying system.

WinorDLL64 contains overlaps in both behavior and code with several Lazarus samples, which indicates that it might be a tool from the vast arsenal of this North Korea-aligned APT group.

The initially unknown Wslink payload was uploaded to VirusTotal from South Korea shortly after the publication of an ESET Research blog post on the Wslink loader. ESET telemetry has seen only a few detections of the Wslink loader in Central Europe, US, Canada, and the Middle East. Researchers from AhnLab confirmed South Korean victims of Wslink in their telemetry, which is a relevant indicator, considering the traditional Lazarus targets and that ESET Research observed only a few detections.

Active since at least 2009, this infamous North Korea-aligned group is responsible for high-profile incidents such as the Sony Pictures Entertainment hack, the tens-of-millions-of-dollars cyberheists in 2016, the WannaCryptor (aka WannaCry) outbreak in 2017, and a long history of disruptive attacks against South Korean public and critical infrastructure since at least 2011. US-CERT and the FBI call this group HIDDEN COBRA.

You can read more here.

Leave a comment »

Guest Post: Types of Adversarial Attacks and How To Overcome Them

Posted in Commentary with tags on February 23, 2023 by itnerd

 By Brad Fisher, CEO Lumenova AI 

Machine Learning powered algorithms are susceptible to a variety of adversarial attacks that aim to degrade their performance. Here’s what you need to know.

From deep learning systems to traditional models, ML-powered algorithms are susceptible to a variety of adversarial attacks that aim to degrade their performance.

Poisoning attacks

Poisoning attacks are used to corrupt the data on which a model trains, by introducing maliciously designed samples in the training set. Hence, we may consider poisoning to be the adversarial contamination of data, used to reduce the performance of a model during deployment.

This type of contamination may also occur during re-training, as ML systems often rely on data collected while they’re in operation.

Poisoning attacks usually come in two nuances. Some target the model’s availability, while others its integrity.

Availability attacks

The concept behind availability attacks is pretty simple. The purpose is to feed so much bad data into a system that it loses most of its accuracy, thus becoming obsolete. While availability attacks might be unsophisticated, they are broadly used and, unfortunately, lead to disastrous outcomes.

Integrity attacks

Integrity poisoning, also known as a backdoor attack is much more sophisticated. The goal of these attacks is to cause the model to associate a specific ‘backdoor pattern’ with a ‘clean target label’. This way, whenever the attacker plans on inserting malware into a model, they just need to include the ‘backdoor pattern’ to get an easy pass.

For example, imagine a company asking a new employee to submit his photo ID. Their photo will be fed to a facial recognition control system for security purposes. However, if the employee provides a ‘poisoned’ photo, the system will associate the malicious pattern with a clear pass, thus creating a backdoor for future attacks.

While your classifier might still function the way it should, it will be completely exposed to further attacks. As long as the attacker inserts the ‘backdoor’ string into a file, they will be able to send it across without raising any suspicions. You can imagine how this might play out in the end.

Backdoor attacks are very difficult to detect since the model’s performance remains unchanged. As such, data poisoning can cause substantial damage with minimal effort.

Evasion attacks

An evasion attack happens when an adversarial example is carefully tailored to look genuine to a human, but completely different to a classifier.

These types of attacks are the most prevalent and, hence, the most researched ones. They are also the most practical types of attacks since they’re performed during the deployment phase, by manipulating data to deceive previously trained classifiers. As such, evasion doesn’t have any influence on the training data set. Instead, samples are modified to avoid detection altogether.

For example, in order to evade analysis by anti-spam models, attackers can embed the spam content within an attached image. The spam is thus obfuscated and classified as legitimate.

Model extraction

The third type of adversarial attack is model stealing or model extraction. In this particular case, the attacker will probe a black-box ML system with the goal of reconstructing the model or extracting the data it was trained on.

Model extraction can be used, for example, if the attacker wishes to steal a prediction model that can be used for their own benefit. Let’s say a stock market prediction model.

Extraction attacks are especially delicate considering the adjacent data theft involved. Not only do you lose exclusivity to your ML model, but given the sensitive and confidential nature of data, it might lead to additional hardships.

White-box and black-box attacks

On top of the classification above, adversarial attacks can be further subcategorized as being white-box or black-box.

During a white-box attack, the attacker has complete access to the target model, its architecture and the model parameters. In a black-box attack, he does not.

Making ML models more robust

While there are no techniques that guarantee 100% protection against adversarial attacks, some methods can provide a significant increase in defense.

Adversarial training

Adversarial training is a brute-force solution. Simply put, it involves generating a lot of adversarial examples and explicitly training the model not to be fooled by them.

However, there is only so much you can feed a model in a given time frame, and the list of adversarial attacks is, unfortunately, not an exhaustive one.

Defensive distillation

As opposed to adversarial training, defensive distillation adds some flexibility to the equation. Distillation training employs the use of two different models.

Model 1: The first model is trained with hard labels in order to achieve maximum accuracy. Let’s consider a biometric scan, for example. We train the first system, requiring a high probability threshold. Subsequently, we use it to create soft labels, defined by a 95% probability that a fingerprint will match the scan on record. These lower accuracy variations are then used to train the second model.

Model 2: Once trained, the second model will act as an additional filter. Even though the algorithm will not match every single pixel in a scan (that would take too much time), it will know which variations of an incomplete scan have a 95% probability of matching the fingerprint on record.

To sum up, defensive distillation provides protection by making it more difficult for the scammer to artificially create a perfect match for both systems. The algorithm becomes more robust and can easier spot spoofing attempts.

Final words

The constant effort which goes into AI research is ever-growing. Slowly, but steadily, Machine Learning is becoming a core element in the value proposition of organizations worldwide. At the same time, the need to protect these models is growing just as fast.

Meanwhile, governments around the globe have also started to implement security standards for ML-driven systems. In its effort to shape the digital future, the European Union has also released a complete checklist meant to assess the trustworthiness of AI algorithms: ALTAI.

Big industry names such as Google, Microsoft, and IBM have already started to invest both in developing ML models, but also in securing them against adversarial attacks.

Have you raised your defenses?

Leave a comment »

« Older Entries
Newer Entries »