Posts

AI security camera detects guns and identifies shooters

Image
Silicon Valley is hoping technology can provide some relief from gun violence. Athena Security, a San Francisco-based AI company that utilizes computer vision for security applications, has announced implementation of an AI camera system it says can identify guns in crowds. The system is one of a  growing number of technologies  aimed at preventing gun crime. In addition to detection, Athena's cameras can also alert police to the presence of an active shooter, potentially reducing response time, according to the company. Wood High School in Warminster, PA, will be an early testbed for the technology. Though mass shootings in schools have  declined  since the 1990s, the threat has never loomed larger in the minds of concerned parents. Information on mass shootings (defined as an event in which four or more people are shot, not including the gunman) is notoriously difficult to track, but the  Gun Violence Archive  places the overall number of mass...

Sapho aims to use machine learning to save employees more time navigating systems

Image
Sapho's Employee Experience Portal plans to use machine learning to monitor how an employee uses business applications and then dish out the most relevant information to them. Sapho is banking that machine learning will allow it to manage your personal enterprise applications so you don't have to. The company, which is focused on integrating enterprise applications into what it calls an Employee Experience Portal, plans to use machine learning to monitor how an employee uses business applications and then dish out the most relevant information to them. Time savings from Sapho's machine learning tools would come from less time searching, navigating various systems and completing work within legacy systems. Sapho estimates that employees spend one day a week searching enterprise systems for work information. Sapho's machine learning features are being rolled out with key features being in tech preview. Sapho's machine learning technology integrates with b...

FragmentSmack vulnerability also affects Windows, but Microsoft patched it!!!

Image
FragmentStack can drive CPU usage up through the roof, jamming servers bombarded with malformed IP packets. Just the ideal vulnerability for DDoS attacks on Windows servers. Microsoft has fixed this week a vulnerability that can cause Windows systems to become unresponsive with 100% CPU utilization when bombarded with malformed IPv4 or IPv6 packets.The vulnerability is already well known in the Linux community as FragmentSmack, part of a duo of DDoS-friendly vulnerabilities, together with SegmentSmack. Both vulnerabilities allow an attacker to bombard a server with malformed packets to trigger excessive resource usage.The SegmentSmack ( CVE-2018-5390 ) vulnerability uses malformed TCP packets, while the FragmentSmack ( CVE-2018-5391 ) vulnerability relies on IP packets. Because of their consequences, both bugs were deemed ideal to integrate into DDoS botnets, and as a result, many Linux distros hurried to patch their systems. The Linux Kernel team patched both issues in...

Microsoft: You complain Skype's too complicated, so we've redesigned it again

Image
Microsoft focuses on simplifying Skype after users find its calling and messaging 'overcomplicated'. Microsoft has redesigned Skype once again, after taking on customer complaints that the addition of features from Snapchat "overcomplicated" the app. As a result of user feedback, Microsoft has decided to kill off Highlights, a feature that let users post a collection of photos that friends could react to.Highlights was Skype's answer to Snapchat stories and came with its poorly received redesign a year ago aimed at making it more of a messaging app. Microsoft's experimentation with design changes "overcomplicated some of our core scenarios", including Skype's original purpose of making calls, according to Peter Skillman, director of design for Skype and Outlook. "Calling became harder to execute and Highlights didn't resonate with a majority of users. We needed to take a step back and simplify,"  he explained . Skype...

Most managers want IT operations managed by artificial intelligence

Image
AIOps -- or artificial intelligence for IT operations -- may help take the complications out of the Ops side of things. " AIOps " may be another new mashed-up term for the  xOps  lexicon, but it appears to have captured the attention of many an IT manager. A new survey finds a majority of IT managers, 68 percent, are working with or considering AIOps, or artificial intelligence for IT operations. So, where does AIOps fit into the scheme of things? In a recent Forbes  post , Janakiram MSV outlined the following potential use cases for AIOps.AIOps may help IT managers "differentiate between legitimate signals and inconsequential noise," according to the authors of a recent  survey  from OpsRamp.  The survey finds nearly three-quarters (73 percent) are taking advantage of AIOps capabilities to gain more meaningful insights related to system alerts. Capacity planning:  "As enterprise workloads start to migrate to the cloud, cloud providers will...

Philips reveals code execution vulnerabilities in cardiovascular devices

Image
Only a low level of skill is required to exploit the bugs. Vulnerabilities have been discovered in multiple versions of Philips cardiovascular imaging devices. According to a  security advisory  from the US Department of Homeland Security's ICS-CERT, the first vulnerability,  CVE-2018-14787 , is a high-severity flaw which affects the Philips IntelliSpace Cardiovascular and Xcelera IntelliSpace Cardiovascular (ISCV) products. The advisory says that the vulnerability takes only a "low-level skill" to exploit and is caused by improper privilege management. In ISCV software version 2.x or prior and Xcelera Version 4.1 or prior, attackers with escalated privileges are able to access folders potentially containing executables which give authenticated users write permissions. "Successful exploitation of these vulnerabilities could allow an attacker with local access and users privileges to the ISCV/Xcelera server to escalate privileges on the ISCV/Xcelera server...

New ransomware arrives with a hidden feature that hints at more sophisticated attacks to come

Image
New form of file-locking ransomware has a 'manual' option for more sophisticated attacks. A new form of ransomware is spreading to victims around the world and the way it's built suggests those behind it could use it to launch more sophisticated attacks in future. KeyPass ransomware first appeared on 8 August and so far has spread to hundreds of victims in more than 20 countries around the world via fake software installers which download the ransomware onto the victim's PC. Brazil and Vietnam account for the highest percentage of Keypass infections, but victims are reported across the world in regions including South America, Africa, Europe, the Middle East and Asia. Researchers at  Kaspersky Lab  have examined KeyPass and found that while it's relatively simple, it comes with the additional option for the attackers to take manual control of an infected system, potentially pointing towards the ability to launch more sophisticated attacks on infected netwo...

DeepLocker: When malware turns artificial intelligence into a weapon

Image
In the future, your face could become the trigger for the execution of malware. AI can be used to automatically detect and combat malware -- but this does not mean hackers can also use it to their advantage.  Cybersecurity, in a world full of networked systems, data collection, Internet of Things (IoT) devices and mobility, has become a race between white hats and threat actors. Traditional cybersecurity solutions, such as bolt-on antivirus software, are no longer enough. Cyberattackers are exploiting every possible avenue to steal data, infiltrate networks, disrupt critical systems, rinse bank accounts, and hold businesses to ransom. The rise of state-sponsored attacks does not help, either.Security researchers and response teams are often hard-pressed to keep up with constant attack attempts, as well as vulnerability and patch management in a time where computing is becoming ever-more sophisticated. Artificial intelligence (AI) has been touted...

GE Digital reportedly to unwind, but its marketing gave the industrial Internet a boost

Image
GE's grand plan to be a software giant appears to be over, but the company's marketing of IoT advanced the cause for a bevy of rivals such as C3 IoT. General Electric is reportedly looking to sell its Predix and software assets as it retreats from a grand plan to be a tech company and leader of the industrial Internet. According to The Wall Street Journal,  GE will auction off its technology assets, which include ServiceMax, Meridium as well as Predix. Former CEO Jeff Immelt pushed a strategy to make GE a top 10 software company by 2020. That plan is now dead. Although GE will keep some software assets for its power and aerospace businesses, the company will shelve plans to be a major software provider. When the history of the Internet of things is written, GE will be remembered not so much for Predix, but the marketing of its software. C3 IoT CEO Tom Siebel quipped to us in a previous interview that GE's marketing advanced his cause and the idea behind the industri...

Bluetooth security: Flaw could allow nearby attacker to grab your private data

Image
Patches are on the way for a Bluetooth bug that could affect Apple, Intel, Broadcom, and some Android devices. A cryptographic bug in many Bluetooth firmware and operating system drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices. The flaw was found by Lior Neumann and Eli Biham of the Israel Institute of Technology, and  flagged today  by Carnegie Mellon University CERT. The flaw, which is tracked as CVE-2018-5383, has been confirmed to affect Apple, Broadcom, Intel, and Qualcomm hardware, and some Android handsets. It affects Bluetooth's Secure Simple Pairing and Low Energy Secure Connections. Fortunately for macOS users, Apple released a  patch for the flaw in July. As the CERT notification explains, the vulnerability is caused by some vendors' Bluetooth implementations not properly validating the cryptographic key exchange when Bluetooth devices are pairing. The flaw slipped into the Blue...