Information Technology

Microsoft has released an open-source tool called Counterfit that helps developers test the security of artificial intelligence (AI) systems.Microsoft has published the Counterfit project on GitHub and points out that a previous study it conducted found most organizations lack the tools to address adversarial machine learning. 

Artificial Intelligence

“This tool was born out of our own need to assess Microsoft’s AI systems for vulnerabilities with the goal of proactively securing AI services, in accordance with Microsoft’s responsible AI principles and Responsible AI Strategy in Engineering (RAISE) initiative,” Microsoft says in a blogpost. SEE: Building the bionic brain (free PDF) (TechRepublic)Microsoft describes the command line tool as a “generic automation tool to attack multiple AI systems at scale” that Microsoft’s red team operations use to test its own AI models. Microsoft is also exploring using Counterfit in the AI development phase. The tool can be deployed via Azure Shell from a browser or installed locally in an Anaconda Python environment. Microsoft promises the command line tool can assess models hosted in any cloud environment, on-premises, or on edge networks. Counterfit is also model-agnostic and strives to be data-agnostic, applicable to models that use text, images, or generic input. 

“Our tool makes published attack algorithms accessible to the security community and helps to provide an extensible interface from which to build, manage, and launch attacks on AI models,” Microsoft notes. This tool in part could be used to prevent adversarial machine learning, where an attacker tricks a machine-learning model with manipulative data, such as McAfee’s hack on older Tesla’s with MobileEye cameras, which tricked them into misreading the speed limit by placing black tape on speed signs. Another example was Microsoft’s Tay chatbot disaster, which saw the bot tweeting racist comments.      Its workflow has also been designed in line with widely used cybersecurity frameworks, such as Metasploit or PowerShell Empire. “The tool comes preloaded with published attack algorithms that can be used to bootstrap red team operations to evade and steal AI models,” explains Microsoft. The tool can also help with vulnerability scanning AI systems and creating logs to record attacks against a target model. SEE: Facial recognition: Don’t use it to snoop on how staff are feeling, says watchdogMicrosoft tested Counterfit with several customers, including aerospace giant Airbus, a Microsoft customer developing an AI platform on Azure AI services.  “AI is increasingly used in industry; it is vital to look ahead to securing this technology particularly to understand where feature space attacks can be realized in the problem space,” said Matilda Rhode, a senior cybersecurity researcher at Airbus in a statement.  “The release of open-source tools from an organization such as Microsoft for security practitioners to evaluate the security of AI systems is both welcome and a clear indication that the industry is taking this problem seriously.” More

I’ve heard from several iPhone user having issues installing the latest iOS 14.5.1 update. Some users mentioned that the update was stuck on “Checking for update,” while others are experiencing crashes and lock ups.iOS 14.5.1 is an important update, fixing a bug in the App Tracking Transparency framework, as well as a security bug that, according to Apple, is being actively exploited.But what if you can’t install the update?Must read: iPhone users – Do this today!Here’s are my top tips for smooth installs.Make sure you have a minimum of 1GB free, with between 5 and 10GB being optimalReboot the iPhone before installingPut the iPhone on charge and ensure it is over 50 percent chargedMake sure you are not in Low Power ModeTurn off VPNMake sure you are connected to a strong and stable Wi-Fi connectionIf this fails, reboot the iPhone and try again. If it continues to fail, you might have better luck installing the update using a computer. More

The term “extended detection and response” or XDR was coined back in 2018, but definitions continue to vary significantly. There was no reliable, unbiased explanation for what XDR is and how it differs from a security analytics platform, which has led to confusion and disregard, dismissing it as nothing more than yet another cybersecurity marketing buzzword. To help clarify this, Forrester has released research on what XDR is, what XDR isn’t, and what clients need to look for when evaluating XDR solutions. This research is a rigorous breakdown of what to expect from XDR solutions based on interviews and survey results from XDR end users and over 40 security vendors. Below is an adaptation of a short excerpt of the report that defines XDR and explains its origins. The complete report goes into significantly more depth and includes helpful recommendations. 

What Is Extended Detection And Response (XDR)? XDR is emerging due to the value that endpoint detection and response (EDR) brings to incident response and the appetite to pair EDR data with additional telemetry that can’t be captured from endpoints alone. Forrester defines XDR as: The evolution of EDR, which optimizes threat detection, investigation, response, and hunting in real time. XDR unifies security-relevant endpoint detections with telemetry from security and business tools such as network analysis and visibility (NAV), email security, identity and access management, cloud security, and more. It is a cloud-native platform built on big data infrastructure to provide security teams with flexibility, scalability, and opportunities for automation. XDR’s value is driven by its security analytics capabilities, third-party integrations, and response actions. Why Does XDR Come From EDR? EDR was the proof of concept for XDR. EDR’s remarkable success served as validation that its detection and response capabilities allow security analysts to detect threats, perform investigations, and respond in real-time. While EDR provides effective endpoint detection and response, security teams require more telemetry than just the endpoint. Security teams have used security analytics platforms, security information and event management (SIEM) solutions, NAV, and homegrown data lakes to match endpoint telemetry with security data from other parts of the environment. These efforts had varying degrees of success but suffered from extreme resource consumption, a high rate of false positives, and sizable data volumes. How Is XDR Brought To Market? XDR is often categorized as open or closed, which is confusing, as open implies “open source,” which is very different than what is meant by “open XDR.” Thus, Forrester describes XDR as “native” or “hybrid.” 

Forrester defines hybrid XDR as: An XDR platform that relies on integrations with third parties for the collection of other forms of telemetry and execution of response actions related to that telemetry. Forrester defines native XDR as: An XDR suite that integrates with other security tools from their portfolio for the collection of other forms of telemetry and execution of response actions related to that telemetry. Is XDR The Same As SIEM? XDR is on a collision course with security analytics and security orchestration, automation, and response (SOAR). XDR and SIEM are not converging but colliding. XDR will compete head-to-head with security analytics platforms (and SIEMs) for threat detection, investigation, response, and hunting. Security analytics platforms have over a decade of experience in data aggregation they apply to these challenges but have yet to provide incident response capabilities that are sufficient at enterprise scale, forcing enterprises to prioritize alternate solutions. XDR is rising to fill that void through a distinctly different approach anchored in endpoint and optimization. The core difference between XDR and the SIEM is that XDR detections remain anchored in endpoint detections, as opposed to taking the nebulous approach of applying security analytics to a large set of data. As XDR evolves, expect the vendor definition of endpoint to evolve as well based on where the attacker target is, regardless of if it takes the form of a laptop, workstation, mobile device, or the cloud. This post was written by Analyst Allie Mellen, and it originally appeared here.  More

Screenshot by Jason Cipriani/ZDNet
Apple on Monday released iOS 14.5.1 and iPadOS 14.5.1 for its iPhone and iPad lineup. The update comes just a week after
iOS 14.5 and iPadOS 14.5

were officially released, but there’s a good reason for the back-to-back updates: It includes a fix for two security issues that, according to Apple, are actively being used. According to a security post about Monday’s update, there are two WebKit bugs that “Apple is aware of a report that this issue may have been actively exploited.”Also: Turn the Apple logo on the back of your iPhone into a buttonThe issue impacts the iPhone 6S or newer, all iPad Pro models, the iPad Air 2 or newer, the iPad 5th generation or newer, the iPad Mini 4 or later, and the latest iPod touch. To update your device, open Settings > General > Software Update and follow the prompts. As always, it’s a good idea to backup your device before installing the update.Apple also released a similar update for its Mac lineup with MacOS 11.3.1, WatchOS 7.4.1 for the Apple Watch, and iOS 12.5.3 for older iPhone and iPad models. 

Apple Event More

Image: Getty Images
Representatives from Google, Facebook, and Twitter on Friday appeared before an Australian security committee as a united front, spruiking the idea that they’re all working together to thwart nefarious activity, such as violent extremist material, from proliferating their respective platforms.The trio told the Parliamentary Joint Committee on Intelligence and Security as part of its inquiry into extremist movements and radicalism in Australia that the effort is a joint one and that the best way forward was to not actually legislate a ban of all mentions of content deemed inappropriate.”We all know combating terrorism and extremism is a continuous challenge. And unless we can completely eliminate hate and intolerance from society, there’s going to be hate and intolerance online,” Facebook Australia’s head of policy Josh Machin said. “It’s also a shared challenge between governments, industry experts, academia, civil society, and the media.”Asked about what the Australian government could do to help the platforms with such a mammoth task, Twitter’s senior director of public policy and philanthropy in the APAC region Kathleen Reen said it would be incredibly problematic to use a blunt force instrument like a ban.”One of the things that’s really important in order to really de-radicalise groups to ensure healthy, cohesive, inclusive, and diverse communities, is to make sure that there’s awareness, discussion, interrogation, and debate, and research about what the problems actually are,” she said. “If you ban all discussion at all about it … you may find yourself effectively chasing it off our platforms where the companies are working to address these issues, and pushing it out into other platforms.”Reen suggested, instead, for “deep work” with academic and civil society experts, as some examples, that considers how to create “cohesive communities when you’re also trying to stop those bad actors”.

“To be clear, stopping the conversation entirely won’t address the problem in our view. In fact, it’ll make it worse,” she said.Facebook, Twitter, Google-owned YouTube, as well as Microsoft in June 2017 stood up the Global Internet Forum to Counter Terrorism (GIFCT) as a collective effort to prevent the spread of terrorist and violent extremist content online. There are now 13 companies involved.The GIFCT shifted its focus in the wake of the Christchurch terrorist attack and the call to arms New Zealand Prime Minister Jacinda Arden made by way of the Christchurch Call. Reen said the Call was a “watershed moment”. “It was a moment for convening governments and industry and civil society together to unite behind our mutual commitment for a safe, secure, and open internet. There was also a moment to recognise that wherever evil manifests itself, it affects us all,” she said.Reen said the group is hoping to add more names to the GIFCT.”We’re looking forward to expanding these partnerships in future because terrorism can’t be solved by one or a small group of companies alone,” she said. Part of expanding the platforms involves working with smaller, less known platforms, with concerns an unintended consequence of eliminating hate from the more popular ones will result in echo chambers elsewhere.”We know that removing all discussion of particular viewpoints at times, no matter how uncomfortable they may seem, we’ll only chase extremist thinking to darker corners of the internet, to other platforms, and to other services, services that may be available in Australia,” Reen said. “Services that may or may not have been invited to participate in such conversations and critical debates about what to do next.”Google Australia’s head of government affairs and public policy Samantha Yorke believes there is clearly an opportunity for the big mainstream platforms to play a role.”The only ‘watch out’ for us all in the context of this particular conversation is just around privacy issues that would inevitably pop up around behavioural profiles and sharing information about specific identifiable users across different companies and platforms,” Yorke said. “There’s some obvious areas where there would be privacy implications there, but … it’s an area that I think is ripe for further exploration.”Twitter initiated a URL sharing project, which has since been inserted into the greater GIFCT work. She said since inception, about 22,000 shared URLs have been put into that database.”It speaks to the importance of experimentation,” she said. “And I think it also speaks to the importance of transparency around these processes.”Similarly, YouTube also has an “intel desk”, which Yorke said is essentially tasked with surveying what’s happening on the web more broadly, identifying emerging themes or patterns of behaviours that might be taking place off the YouTube platform, but which may manifest in some way onto YouTube. “It’s seeking to develop a little bit more of a holistic view of what’s going on out there,” she said.The trio agreed with Reen’s view that there is the opportunity for the Australian government to potentially dig deeper into these partnerships more.Appearing before the committee on Thursday, Australian eSafety Commissioner Julie Inman Grant was asked why a Google search for the Christchurch terrorist’s manifesto returns results. “We’re not going to the war with the internet,” she said.MORE FROM THE INQUIRYAustralia’s eSafety and the uphill battle of regulating the ever-changing online realmThe eSafety Commissioner has defended the Online Safety Act, saying it’s about protecting the vulnerable and holding the social media platforms accountable for offering a safe product, much the same way as car manufacturers and food producers are in the offline world.Home Affairs’ online team referred over 1,500 violent or extremist items for take-downThe department said the content it refers to social media platforms is beyond the actions the platforms themselves already take regarding the removal of items that incite hate or violence, or promotes terrorist ideals.Tech giants and cops at least agree thwarting terrorist or extremist activity is a joint effortSocial media platforms say they want to work with law enforcement and policymakers to stop their platforms from being used to promote extremist movements and radicalism in Australia. More

Around 345,000 files from the solicitor-general of the Philippines, including sensitive information for ongoing legal cases, have allegedly been breached and made publicly available, UK cybersecurity firm TurgenSec has reported.The files were publicly available since at least February, when TurgenSec said it first discovered the breach and emailed the solicitor-general and the Philippines government about the files. Both the solicitor-general and the Philippines government allegedly did not respond to the company’s emails about the breach, which were sent on March 1 and 28. The documents were eventually taken down on April 28, but the files have been accessed and downloaded by an unknown third party, Turgensec said. According to the cybersecurity firm, the breach contained hundreds of thousands of files ranging from documents generated in the day-to-day running of the solicitor-general’s office, to staff training documents, internal passwords and policies, staffing payment information, information on financial processes, and activities including audits, and several hundred files titled with keywords such as “private, confidential, witness, and password”.  The breached documents also contained over 750 instances of the word rape, as well as information on sensitive topics such as child trafficking, executions, the Philippines intelligence agency, Philippines Senator Francis Pangilinan, among other information. “This data breach is particularly alarming as it is clear that this data is of governmental sensitivity and could impact on-going prosecutions and national security,” Turgensec said.

In December last year, the solicitor-general’s website was reportedly breached by a hacker group that identified itself as “Phantom Troupe”. Four months prior to the website hack, the air-gapped networks of the Filipino government were targeted by hackers operating in the interests of the Chinese government. Related Coverage More

TikTok has appointed Singaporean Chew Shou Zi as its new CEO in a “strategic reorganisation” that sees its top executives based out of its various global offices, including Singapore and the US. The Chinese video platform also announces Vanessa Pappas as its new COO. Based out of Los Angeles, Pappas had served as the company’s interim head, said TikTok in a statement. The company’s former CEO Kevin Mayar left last August, just three months after taking up the position, citing a “sharply changed” political environment. TikTok that month had launched a lawsuit against the US government, then under the Trump administration, with regards to the video app’s ban. The appointments of Chew and Pappas were part of a strategic reorganisation to “optimise TikTok’s global teams” as well as support its growth, the company said. Its global offices also include Jakarta, Seoul, Tokyo, and London. 

Chew in March was appointed CFO of TikTok’s parent company ByteDance–a position which he will continue to hold from Singapore, where he currently is based. ByteDance’s founder and CEO Zhang Yiming said the two TikTok senior executives would set “the stage for sustained growth”, with Chew having led a team that was amongst its earliest investors and decade-long veteran in the technology industry. “He will add depth to the team, focusing on areas including corporate governance and long-term business initiatives,” Zhang said. Chew was most recently president of international at Chinese smartphone maker Xiaomi, where he also held the CFO position up until April 2020. Pappas, prior to joining ByteDance in November 2018, had spent more than seven years at YouTube where she was head of creative insights.TikTok’s US operations had been poised to be sold to Oracle and Walmart, but the sale was “shelved indefinitely” following a review by the Biden administration to assess security risks of foreign-owned apps and software. The sale had been prompted by former president Trump’s executive orders banning the downloads of Chinese-owned social media apps WeChat and TikTok, alleging they posed threats to his country’s national security, foreign policy, and economy due to the data they collected.RELATED COVERAGE More

iOS 14.5 is out. Likely to be the final big update to iOS until we get a sneak peek at iOS 15 at Apple’s developer keynote in June ahead of its release in the fall.That said, it’s unlikely to be the last iOS 14 update. An update of the size and scale of iOS 14.5 is likely to bring with it bugs that will take a few updates to crush. So, should you update, or wait for the inevitable iOS 14.5.1 to land in a few weeks?My advice: Update. Update now. Update right now.Must read: The new M1 iMac highlights everything that’s wrong with AppleI’m usually quite cautious when it comes to iOS updates. Well, not personally, but I am when it comes to others. But not where iOS 14.5 is concerned, because as well as bringing support for AirTags and the anti-tracking privacy features and new emojis, the update includes patches for 50 vulnerabilities.

Yes, you read that right, 50.To make matters worse, some of those bugs are remote code execution bugs, which mean that could run code on iPhones remotely. Other bugs allow attackers to read sensitive data remotely.One bug, labeled CVE-2021-30661, ‘may have been actively exploited’ by attackers, raising the stakes further.My advice on this one is to install it now. I’d normally recommend waiting for the update to land, but this is such a huge package of bug fixes that waiting doesn’t seem like a good idea.Head over to Settings > General > Software Update and run the update now (if you haven’t already). It’s quite a big package — over a gigabyte — so it might take some time, but given the severity of this bug, it’s time well spent. More