Su22 CYBR 332-51 Computer Security

https://www.csoonline.com/article/3664748/adversarial-machine-learning-explained-how-attackers-disrupt-ai-and-ml-systems.html In a previous post, I talked about AI as a defense and its potential. Yet, AI security is not perfect and there are many ways attackers can abuse AI and ML systems. Out of 7,500 global businesses, 35% are already using AI as a defense while 42% are experimenting with it. However, 20% say they have difficulties securing data with AI. This is not even to mention the difficulties companies will have integrating AI solutions into existing systems. Additionally, 90% of companies are not prepared for "adversarial machine learning" which are techniques used to attack machine learning systems. There are four types of adversarial machine learning attacks: - Poisoning: attacker manipulates training data. - Evasion: changing input in an already trained model. - Extraction: attacker obtains a copy of your AI system by seeing what the system outputs given inputs. -...

 https://thehackernews.com/2022/06/russian-hackers-exploiting-microsoft.html Russia and Ukraine are in the midst of a cyber war. Currently, Russia is taking advantage of a security flaw in Windows operating systems "Follina" which allows password-stealing software to be deployed on other computers. Follina is a security flaw that exists because it allows remote code execution for the Windows Support Diagnostic Tool. This malware has been used on Ukraine devices to gather data from users such as passwords and cookies.

https://www.csoonline.com/article/3663688/congressional-hearings-focus-on-ai-machine-learning-challenges-in-cybersecurity.html Using artificial intelligence as a defense in cybersecurity could potentially be much more effective than traditional security methods, but is it reliable? In its current state, AI is expensive to train, is easily interfered with during the training process, and the training data may or may not be trustworthy. With enough work, AI defense could become much better. Microsoft's chief science officer recommended doubling down on efforts toward AI defense, but the lack of cybersecurity personnel is a problem.

 https://www.csoonline.com/article/3238080/5-top-vulnerability-management-tools-and-how-they-help-prioritize-threats.html As we learn about using tools to help scan for security vulnerabilities, I thought it would be relevant to share some more tools that could be used to help with this. As I am new to cybersecurity, I am unsure of what the best way is to manage multiple security tools, but I imagine using a combination of them would lead to a more secure cyberspace. From reading this, I have learned that there is a huge variety of security software. Some take advantage of the cloud, some use artificial intelligence, and more.

https://thehackernews.com/2022/05/how-secrets-lurking-in-source-code-lead.html An increasing threat to cybersecurity is software secrets being leaked to places like GitHub. By secrets, I do not mean secrets in the traditional sense, although they are secret, in this case, a secret is a key for software engineering teams to use in order to access source code. Secrets are similar to passwords, however, they are meant to be shared among a team. Sharing passwords can be convenient for a team, but it opens up security risks for these secrets to be leaked and accessed by hackers.  In the process of software development, previous versions of the software are saved in case a new version introduces bugs. Sometimes previous versions are saved for years. Often what gets leaked is the keys to the older versions of the software which still resembles much of the current day software, leading to open access to the source code. Knowledge of the source code can give hackers what they need to access...