Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Analytics. Show all posts
US Cybersecurity
Breach CISA critical infrastructure risk Cyber Security Data Analytics Information Security supply chain attacks US Cybersecurity

CISA Investigates Sisense Breach: Critical Infrastructure at Risk

 

In the fast-paced landscape of cybersecurity, recent events have once again brought to light the vulnerabilities that critical infrastructure organizations face. The breach of data analytics company Sisense, under investigation by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), serves as a stark reminder of the importance of robust security measures in protecting sensitive data and systems. 

Sisense, a prominent American business intelligence software company, found itself at the center of a security incident impacting not only its own operations but also critical infrastructure sector organizations across the United States. 

With offices in New York City, London, and Tel Aviv, and a clientele including major players like Nasdaq, ZoomInfo, Verizon, and Air Canada, the breach sent shockwaves through the cybersecurity community. CISA's involvement underscores the severity of the situation, with the agency actively collaborating with private industry partners to assess the extent of the breach and its implications for critical infrastructure. 

As investigations unfold, the focus is on understanding the nature of the compromise and mitigating potential risks to affected organizations. In response to the breach, CISA has issued recommendations for all Sisense customers to reset any credentials and secrets that may have been exposed or used to access the company's platform and services.

This proactive measure aims to prevent further unauthorized access and protect sensitive information from exploitation. Sisense's Chief Information Security Officer, Sangram Dash, echoed CISA's advice in a message to customers, emphasizing the importance of promptly rotating credentials used within the Sisense application. This precautionary step aligns with best practices in cybersecurity, where rapid response and mitigation are essential to minimizing the impact of security incidents. 

Additionally, customers are urged to report any suspicious activity related to potentially exposed credentials or unauthorized access to Sisense services to CISA. This collaborative approach between organizations and government agencies is crucial in addressing cybersecurity threats effectively and safeguarding critical infrastructure from harm. The incident involving Sisense is not an isolated event. 

Similar supply chain attacks have targeted critical infrastructure organizations in the past, highlighting the need for heightened vigilance and resilience in the face of evolving cyber threats. One such attack, involving the 3CX breach a year ago, had far-reaching consequences, impacting power suppliers responsible for generating and distributing energy across the grid in the United States and Europe. 

As organizations grapple with the aftermath of the Sisense breach, lessons learned from this incident can inform future cybersecurity strategies. Proactive measures such as continuous monitoring, regular security assessments, and robust incident response plans are essential for mitigating risks and protecting critical infrastructure assets. 

The Sisense breach serves as a wake-up call for the cybersecurity community, emphasizing the interconnected nature of cyber threats and the imperative of collaboration in defending against them. By working together and adopting a proactive stance, organizations can bolster their defenses and safeguard critical infrastructure from cyber adversaries.
Read more »
User Privacy
AI Chatbot Chat GPT Data Analytics Data collection Data Privacy OpenAI Privacy Unauthorized access User Privacy

ChatGPT Joins Data Clean Rooms for Enhanced Analysis

ChatGPT has now entered data clean rooms, marking a big step toward improved data analysis. It is expected to alter the way corporations handle sensitive data. This integration, which provides fresh perspectives while following strict privacy guidelines, is a turning point in the data analytics industry.

Data clean rooms have long been hailed as secure environments for collaborating with data without compromising privacy. The recent collaboration between ChatGPT and AppsFlyer's Dynamic Query Engine takes this concept to a whole new level. As reported by Adweek and Business Wire, this integration allows businesses to harness ChatGPT's powerful language processing capabilities within these controlled environments.

ChatGPT's addition to data clean rooms introduces a multitude of benefits. The technology's natural language processing prowess enables users to interact with data in a conversational manner, making the analysis more intuitive and accessible. This is a game-changer, particularly for individuals without specialized technical skills, as they can now derive insights without grappling with complex interfaces.

One of the most significant advantages of this integration is the acceleration of data-driven decision-making. ChatGPT can understand queries posed in everyday language, instantly translating them into structured queries for data retrieval. This not only saves time but also empowers teams to make swift, informed choices backed by data-driven insights.

Privacy remains a paramount concern in the realm of data analytics, and this integration takes robust measures to ensure it. By confining ChatGPT's operations within data-clean rooms, sensitive information is kept secure and isolated from external threats. This mitigates the risk of data breaches and unauthorized access, aligning with increasingly stringent data protection regulations.

AppsFlyer's commitment to incorporating ChatGPT into its Dynamic Query Engine showcases a forward-looking approach to data analysis. By enabling marketers and analysts to engage with data effortlessly, AppsFlyer addresses a crucial challenge in the industry bridging the gap between raw data and actionable insights.

ChatGPT is one of many new technologies that are breaking down barriers as the digital world changes. Its incorporation into data clean rooms is evidence of how adaptable and versatile it is, broadening its possibilities beyond conventional conversational AI.


Read more »
Third Party Apps
Cyber Security Data Analytics Encryption Microsoft Research Third Party Apps

Researchers Reveal New Side-Channel Attack on Homomorphic Encryption

 

A group of academics from North Carolina State University and Dokuz Eylul University have revealed the "first side-channel attack" on homomorphic encryption, which may be used to disclose data while the encryption process is in progress. 

Aydin Aysu, one of the authors of the study, stated, "Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted. This demonstrates that even next generation encryption technologies need protection against side-channel attacks." 

Homomorphic Encryption is a kind of encryption that enables specific sorts of computations to be done directly on encrypted data without the need to first decrypt it. It's also designed to protect privacy by permitting sensitive data to be shared with other third-party services, such as data analytics organisations, for additional processing while the base data remains encrypted and, as a result, unavailable to the service provider. 

To put it another way, the purpose of homomorphic encryption is to make it easier to establish end-to-end encrypted data storage and computation services that don't require the data owner to provide their secret keys with third-party services. The researchers proposed a data leakage attack based on a vulnerability found in Microsoft SEAL, the tech giant's open-source implementation of the technology, that could be abused in a way that enables the recovery of a piece of plaintext message that is homomorphically encrypted, successfully undoing the privacy safeguards.

The attack, dubbed RevEAL, takes advantage of a "power-based side-channel leakage of Microsoft SEAL prior to v3.6 that implements the Brakerski/Fan-Vercauteren (BFV) protocol" and "targets the Gaussian sampling in the SEAL's encryption phase and can extract the entire message with a single power measurement," as per the researchers. 

SEAL versions 3.6 and after, released on December 3, 2020, and beyond, employ a different sampling technique, according to the researchers, who also warn that future versions of the library may have a "different vulnerability." 

Kim Laine, Microsoft's principal research manager who heads the Cryptography and Privacy Research Group, stated in the release notes, "Encryption error is sampled from a Centered Binomial Distribution (CBD) by default unless 'SEAL_USE_GAUSSIAN_NOISE' is set to ON. Sampling from a CBD is constant-time and faster than sampling from a Gaussian distribution, which is why it is used by many of the NIST PQC finalists."
Read more »
Subscribe to: Posts (Atom)