Tech,Space,Gaming, and Science Fiction News to wet your whistle
Four Technologies that will Increase Cybersecurity Risk in 2019
Attackers are not just getting smarter, they are also using the most advanced technologies available, the same ones being used by security professionals – namely, artificial intelligence (AI) and machine learning (ML).
Meanwhile, the widespread adoption of cloud, mobile and IoT technologies has created a sprawling IT attack surface that is getting harder to protect from cyber threats, since fixing every existing vulnerability in these infrastructures is unfeasible and impossible.
Here are four ways attackers will exploit technology in new and creative ways over the next 12 months.
AI Bias will Pose New Security Risks
The bias issue is in its infancy now, but will grow rapidly this year and beyond. We can expect attackers to exploit the vulnerabilities associated with it.
Since algorithms are being applied everywhere, bias will follow them. For example, for AI to function properly in cybersecurity, a continuous feed of quality data is required. Garbage in will produce garbage out, such as too many false positives and/or too many false negatives. Furthermore, AI gives probable, rather than definitive answers.
We expect AI bias to increase this year, since many users are not updating their base data and results are not being verified by security analysts. Under these circumstances, AI can have the reverse effect for cybersecurity. Instead of making organizations more secure, AI will generate unreliable insights, that if followed will increase, not decrease, risk.
Automation/Orchestration Tools will be Hijacked
Automation and orchestration tools allow developers and security professionals to achieve new levels of speed and efficiency using unattended processes performed in software. These frameworks, if compromised by attackers, can be co-opted for malicious purposes.
The bug, CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, allows specially crafted requests to establish a connection through the Kubernetes API server to backend systems, then send arbitrary requests over the same connection directly to these machines.
Exploiting just one Kubernetes vulnerability would enable an attacker to take down containers across the globe. While the Kubernetes bug has been fixed, the writing on the wall is clear: more automation and orchestration tools will be targeted in the next 12 months.
Robotic Process Automation Will be Targeted
Robotic process automation (RPA) is being used to control a wide range of operational technologies in manufacturing and many other critical infrastructure sectors.
From a security standpoint, RPA creates a dangerous new attack surface that has multiple layers, including a robust web layer, an API layer, a data exchange layer, and so on. Plus, RPA systems lack robust defence mechanisms.
While we did not seen many RPA vulnerabilities disclosed in 2018 – this is likely to change this year as RPA solutions go increasingly mainstream. If exploited, these vulnerabilities could compromise an entire industrial plant or even several facilities at once.
API Attacks Will Increase
Many companies fail to protect their APIs with the same level of security they devote to networks and business-critical applications. As a result, APIs have far reaching security implications for security teams. Case in point: Google, which announced it would be shutting down Google+ because of an API compromise.
The Google experience is just the tip of the iceberg, as companies rarely disclose API attacks. More high-profile API attacks are inevitable as they provide hackers with the keys to the kingdom, giving them numerous avenues for access into corporate data, processes, and operations.
Furthermore, APIs generally contain clear, well-documented details on the inner workings of applications – information that provides hackers with valuable clues on attack vectors they can exploit.
While advances in technology provide many benefits when it comes to digital transformation, they also open new threat vectors and the potential for attacks that can spread quickly over connected ecosystems. Maintaining visibility into traditional and emerging (Orchestration, RPA, API, etc.) IT infrastructures and vulnerabilities associated with them will play a central role in reducing security incidents this year. Identifying and fixing those that pose the highest risk will be even more important.
About the author: Dr. Srinivas Mukkamala, co-founder and CEO of RiskSense, is a recognized expert on artificial intelligence (AI) and neural networks. He holds a patent on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing.
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Lenovo is announcing a pair of new laptops today, the Yoga 730 and Flex 14, both of which are seeing a number of small design tweaks and receiving Intel’s 8th gen processors. While there aren’t any major changes this year, the 730 is getting one notable improvement to help it stand out: it has built-in far-field mics so that it can support Alexa. The Yoga 730 is really similar to last year’s Yoga 720 : like all Yoga laptops, it has a touchscreen and can flip around into tablet mode; it starts with a price around $900 but can go much higher if you spec it out; and while it’s a well-made laptop with an aluminum body, it isn’t quite as slim or light as what Lenovo offers in its Yoga 900 series laptops. This year, the 730 has received a few... Continue reading… via The Verge - Tech Posts "http://ift.tt/2BQTs1c"