Search This Blog

Showing posts with label Technology News. Show all posts

Google Acquires Alter, an AI Avatar Startup Two Months Ago

Tech giant Google has reportedly acquired Alter for around $100m in an effort to boost the content game. Alter is an artificial intelligence (AI) avatar startup that aids brands and creators in expressing their virtual identities. The acquisition also overlaps with Google’s plan of competing more aggressively with the short video platform, TikTok.  
Avatar, formerly known as ‘Facemoji’, essentially works with AI to create avatars for its social media users. The company started by assisting developers to create avatars for games and apps, later it rebranded as ‘Alter’ in 2020 and started helping businesses and creators generate avatars so as to build an online identity. Proficient in 3D avatar system designs, Alter empowers creators and businesses to create and monetize new experiences. 
The acquisition which was concluded approximately two months ago was made public only now as neither of the companies made an announcement until now. Notably, one of Google's spokespersons confirmed the accession but refused to provide details pertaining to the financial terms of the agreement.
With the acquisition, Google is aiming to integrate Alter’s tools to bolster its own arsenal of content, meanwhile providing Alter with new enhanced capabilities. Headquartered in the US and Czech, Alter is an open-source, cross-platform rendering engine that was jointly founded by Jon Slimak and Robin Raszka in 2017, who did not respond to a request for comment put forth by TechCrunch. 
The company’s advent marks a progression for web3 interoperability and the open metaverse as it adeptly works with code to modify and develop face recognition technology. 
According to the report, a part of Alter’s workforce has updated their new role, announcing that they have joined Google, however, an official public announcement is still pending. 
“Alter is an open source, cross-platform [software development kit (SDK)] consisting of a real-time 3D avatar system and motion capture built from scratch for web3 interoperability and the open metaverse. With Alter, developers can easily pipe avatars into their app, game or website,” as per the company’s LinkedIn page. 

Furthermore, in regard Google has also enhanced the emoji experience for its rather wide base of users, now offering personalised experience to them with the newly rolled out custom emojis for the web versions of Chat.

GitLab: Security and Governance Solutions Enhanced to Secure Software Supply Chain


GitLab has confirmed new security and compliance features and a number of enhancements in its platform to aid organizations to secure their software supply chain. 

A Global DevSecOps Survey by GitLab in 2022 found that security was amongst the highest priority investment areas for an organization, with 57% of security experts’ surveys indicating that their organizations have already shifted security left or plan to this year. 

GitLab has increased its focus on governance to help teams identify risks by offering visibility into their projects' dependencies, security findings, and user activities with increasing regulatory and compliance needs for the organization. 

The new enhancements on the other hand provide developers with tools that could scan any vulnerability and deploy controls in order to secure applications. Additionally, the developers have access to secure coding guidance involved in the GitLab platform. 

The new capabilities include security policy management, compliance management, events auditing, and vulnerability management. A dependency management capability to help developers track vulnerabilities in dependencies they are using will be available at a later date. Organizations will be able to automatically scan for vulnerabilities in source code, containers, dependencies, and applications in production, says Gitlab. 

These capabilities, along with a broad range of security testing capabilities such as static application security testing (SAST), secret detection, dynamic application security testing (DAST), API security, fuzz testing, dependency scanning, license compliance, and container scanning, aids the organization to acquire security and compliance of their software supply chain constantly, without giving in on speed and agility. 

In regards to the recent enhancement in the security and compliance features, VP of Product at GitLab David DeSanto says, “To stay competitive and propel digital transformation, organizations need to be great at developing, operating, and securing software. Security needs to be embedded in all stages of the software development lifecycle, not treated as an afterthought.” 

“Our enhanced security and governance capabilities make GitLab a comprehensive DevSecOps solution to help secure an organization’s software supply chain”, he continued.

OpenAI : Students are Using AI Tools to Write Paper for Them


University students are acing in their examinations through the dedicated hours given to their advanced language generators and AI language tool such as OpenAI playground. 
According to Motherboard, these tools help students write their papers effortlessly, as, in these AI-produced responses, it is hard to detect if it is ‘not’ written by the student himself. Since these responses cannot even be detected by plagiarism software, schools and universities may find it challenging to counteract this next-generation subversion. 
In an interview with Motherboard, a student who goes by the Reddit username innovative_rye says "It would be simple assignments that included extended responses." 
"For biology, we would learn about biotech and write five good and bad things about biotech. I would send a prompt to the AI like, 'what are five good and bad things about biotech?' and it would generate an answer that would get me an A," he added. 
In addition to this, innovative_rye also describes how using AI tools helps him in focusing on what he thinks is important. "I still do my homework on things I need to learn to pass, I just use AI to handle the things I don't want to do or find meaningless," While it is still a debated topic whether AI-generated writing should ever be considered an original work or not, since it is undetected in plagiarism software, they see these AI-made prompts as original works.  
If only the plagiarism software were capable of generating these AI-generated writings, it would not have been a problem. However, it is still a question of if and when software will be able to catch up with AI.  
"[The text] is not copied from somewhere else, it's produced by a machine, so plagiarism checking software is not going to be able to detect it and it's not able to pick it up because the text wasn't copied from anywhere else," says George Veletsianos, Canada Research Chair in Innovative Learning & Technology and associate professor at Royal Roads University. 
"Without knowing how all these other plagiarism checking tools quite work and how they might be developed in the future,[...] I don't think that AI text can be detectable in that way." He continued. 
While it is truly an issue of concern for the teachers as these students are definitely cheating in their papers, the AI tools also raise questions of whether the learning is moving forward for the generation.

19-Year-Old Claims to Have Hacked Into More Than 25 Teslas


A 19-year-old hacker claims to have remotely opened the doors and windows of over 25 Tesla vehicles in 13 countries, as well as turned= on their radios, flash their headlights, and even start their engines and begin "keyless driving." David Colombo, who claims to be an IT specialist based in Germany, also claims to have been able to disable the vehicles' anti-theft systems and determine whether or not a driver is present. 

In a Monday tweet, Colombo claimed to have "complete remote control" of the Teslas, but later explained that he was never able to take over automobiles to "remotely manage steering or acceleration and braking." 

"Yes, I potentially could unlock the doors and start driving the affected Tesla’s," he tweeted. "No I cannot intervene with someone driving (other than starting music at max volume or flashing lights) and I also cannot drive these Tesla’s remotely." Colombo tweeted on Tuesday that his breach was "not a vulnerability in Tesla's system," but rather "it’s the owners faults."

Colombo stated on Twitter that he was able to disable Sentry Mode, an anti-theft feature in which a built-in camera functions as a de facto alarm system. When an alert is triggered, cameras begin filming in the area around the vehicle. The video is then streamed to the vehicle's owner via a mobile app. 

This is not the first time that a Tesla vehicle has been hacked. The Tesla Model X's Autopilot was hacked many times in 2020. In one case, Israeli researchers from Ben Gurion University deceived the car by flashing "phantom" images on a road, wall, or sign, leading it to brake suddenly or steer in the wrong way. A few months later, Wired reported that Lennert Wouters, a researcher at KU Leuven, "stole" a Tesla Model X in 90 seconds. 

Tesla CEO Elon Musk said last fall that he will cooperate with regulators to ensure that electric car drivers' personal data is safe from hackers. With the rapid rise of autonomous driving technology, data security in automobiles is causing more public worry than ever before, he said through remote hook-up at an electric vehicle conference in China. 

By 2025, an estimated 470 million automobiles will be linked to a computerized database, making them prime targets for cybercriminals. According to Tech Monitor, the automobile cybersecurity industry is predicted to be worth $4 billion by that same year.

The Russian billionaire urged the Central Bank to develop cryptocurrencies in Russia

Russian billionaire Oleg Deripaska (Forbes estimates his fortune at $5.1 billion since 2018 Deripaska has been under US sanctions) criticized the Central Bank for allegedly “infantilely closing his eyes to the growing cryptocurrency market.” As an argument, the billionaire cited the actions of the US Treasury, which, according to him, invests in the crypto industry.

“The United States has long understood that uncontrolled digital payments can not only negate the effectiveness of the entire mechanism of economic sanctions but also bring down the dollar,” Deripaska said.

The billionaire referred to the sanctions review issued by the US Treasury. In the document, the regulator claims that the growing possibilities of financial technologies, including those based on cryptocurrency and alternative payment systems, pose a serious threat to the dollar.

According to Deripaska, this means that the development of the cryptocurrency market, uncontrolled by the state, can put the US Treasury in front of the prospect of default on a debt of $30 trillion, which will require $700 billion to service.

“I wonder if anyone has read this document at the Bank of Russia? Or do they work on the principle of “what we don't see doesn't exist?” he says ironically.

Earlier, Deripaska repeatedly criticized the Bank of Russia's policy on digital assets. For example, the billionaire claimed that the regulator should have issued a digital ruble two years ago because it is “more important than Gagarin's flight into space in 61st.”

It is worth noting that the value of bitcoin has updated the historical maximum, reaching $67 thousand. Experts expect cryptocurrency growth to continue.

Russian oil companies offer to use their fields for mining cryptocurrencies

Russian oil companies have offered to use Russian equipment at their fields for mining cryptocurrencies. They proposed using associated petroleum gas (APG) for these purposes, with the help of which electricity will be generated to supply data centers needed for mining. The project has been sent for consideration to the Ministry of Industry and Trade, the Ministry of Digital Development, Communications and Mass Media and the Central Bank of the Russian Federation.

It is reported that one of the major Russian oil companies would like to scale its cryptocurrency mining project, but this segment is in a legally gray zone, and the company is afraid of a negative reaction from the Central Bank, so it turned to the Ministry of Industry and Trade, which can discuss the risks with the regulator.

The Ministry of Industry and Trade reported that the project is being discussed with regulators. In accordance with the law “On Digital Financial Assets”, the procedure for the circulation of digital currency should be regulated by separate laws. According to the Central Bank, approaches to regulation are currently being discussed.

Experts consider the proposal controversial. On the one hand, there is the gas that is unprofitable for transportation, from which electricity can be obtained. On the other hand, this business is non-core and costly for oil companies, since they will have to pay for the maintenance of data centers.

Although there is no legal ban on mining in Russia, cryptocurrency cannot be exchanged or used as a means of payment. Therefore, according to experts, it is possible that oil companies will provide excess capacity for investors from China, where mining is prohibited.

It is worth noting that officially only Gazprom Neft has a mining project: in 2020, the company launched it at its field in Khanty-Mansiysk JSC. For a month, the company's partners managed to get 1.8 BTC. Gazprom Neft declined to comment.

Customers of Russian banks will be recognized by the veins with the help of a new technology

Russian banks are going to introduce customer identification by the pattern of veins on their hands. It is assumed that this method of authentication will help to prevent unauthorized access to the savings of citizens. Meanwhile, experts were skeptical about the initiative. In their opinion, the system has significant disadvantages which can be used by criminals.

It is worth noting that Russian banks already have biometrics that allow them to identify customers by voice and face. "The palm vein pattern will remove barriers to biometric identification for people with hearing and speech problems due to various reasons," the Central Bank explained.

Nikita Durov, Technical director of Check Point Software Technologies in Russia and the CIS, said that with the introduction of the new identification system there are new risks of data substitution by intruders.

"Recently, we have witnessed how attackers used neural networks to replace people's faces in photos and videos. The same thing can happen with the substitution of the vein pattern," added he.

According to Durov, banks should be prepared for potential attacks.

"Scans should be done with the latest modern scanners to avoid mistakes and distortions," Durov added. He stressed that sometimes companies save money and buy cheaper storage and data protection systems that are not able to provide the necessary level of security.

Martin Hron, a leading cyber threat researcher at Avast, said that hackers always try to be one step ahead and look for ways to bypass even the strongest security systems, including biometrics.

The expert clarified that the creation of a fictitious pattern of veins is a matter of time.

Alexey Kuzmin, an expert of the Jet Infosystems company, agreed with the opinion that it is possible to deceive the identification system by scanning blood vessels, but it is much more difficult than systems with voice, face or finger detection.

Russia has developed a virtual reality helmet for recruitment

Researchers from Samara State University have developed a technology to assess the psychological qualities of a job seeker using a virtual reality helmet. Such an idea will help employers assess the personality of the person when recruiting staff.

It is noted that the tested person gets into a specially created virtual environment, which he perceives as real. At this time, the computer evaluates his physical and emotional state without human assistance.

The cost of such a system, which includes a computer and a VR helmet, will be about 120 thousand rubles ($1,600). The program "Psychodiagnostics in VR" and joysticks that read the micro-movements of fingers are also included. The level of anxiety, the reaction to stress, emotional excitability, as well as the cognitive activity of a person are assessed.

Experts reacted to the initiative ambiguously. Sports psychologist Olga Tiunova noted that for many years there have been attempts to create a psychological portrait of an ideal champion, but so far they have not been crowned with success. Special forces instructor Alexander Lastovina added that "Psychodiagnostics in VR" can be used to test soldiers, but the technology should be verified for effectiveness.

Also, specialists noted that a person is something more than a set of psychological characteristics.

It is interesting to note that earlier Irish scientists recognized that computer games are useful in the fight against a number of mental illnesses: they have a beneficial effect on people with anxiety disorders and depression and may even be more useful than traditional methods of treatment. The researchers concluded that games can be used as an alternative to medical care.

Security Expert explained the threat of blocking Samsung Pay in Russia

The work in Russia of the payment system Samsung Pay, which has a market share of 17%, may be banned because of the patent dispute. The court supported the claims of the copyright holder of a patent for an electronic payment system, who accuses the Korean concern of illegal use of technology. The court decided that Samsung Pay really uses the Squin SA technology.

Thus, the court in fact prohibited the use of the service in Russia. In addition, the importation of devices that support Samsung Pay falls under the ban.

"While the patent is valid, Apple Pay and Google Pay services are also under threat of being banned in the event of a legal dispute," adds Alexandra Kurdyumova, senior partner at law firm

The South Korean company and its representative office in Russia may appeal the court's decision within a month. Maxim Labzin, senior partner of the law firm Intellect, noted that the company has three ways out of this situation: to challenge the court's verdict in a higher instance, to prove that the patent was not new, and to negotiate with the plaintiff.

If they fail to appeal, the company itself will have to block its payment system on the territory of Russia. Or Roskomnadzor will do it.

Sergey Vakulin, a hacker and expert on information and computer security, noted that if Roskomnadzor starts blocking, then all Samsung resources will be banned because the blocking is carried out by DPI and IP addresses blocking.

Experts are sure that contactless payments are popular among Russians, so the restriction is unlikely to be long-term. Most likely, a compromise will be found, in which Samsung users will be able to use contactless payment with a smartphone.

The work of the Runet was tested in the exercise of disconnection from the global network

 In June—July, regular exercises on the stability of the Runet were held. This time the possibility of working in conditions of physical disconnection of the Russian internet from the global network was tested

Seven main operators of Russia took part in the exercises. The purpose of the exercises was to determine the possibility of the Runet working in the event of external distortions, blockages and other threats. According to preliminary data, the exercises were a success.

Roskomnadzor noted that in accordance with the legislation, such exercises, which are aimed at improving the integrity, stability and security of the Russian Internet infrastructure, are held annually.

In February, the head of the information and analytical agency TelecomDaily, Denis Kuskov, suggested that if Russia is disconnected from the global network, it will be possible to use Runet and domestic resources. At the same time, in the context of sanctions pressure on Russia, disconnection from the global network can be perceived as additional restrictions.

In turn, the deputy head of the Russian Security Council, Dmitry Medvedev, said that disconnecting Russia from the global network is possible, but the authorities have a plan of action for this case. He added that everything is ready for the autonomous operation of the Runet both technologically and at the legislative level.

Recall, on May 1, 2019, Putin signed a law on the isolation of the Runet. The new law determines that Roskomnadzor assumes all the authority for managing networks in case of threats to the Russian Internet. In addition, Roskomnadzor has the right to directly block websites with prohibited information.

The Runet isolation will affect all Russian business, but only Telecom operators must install special equipment to monitor cyber threats at the state’s expense. The State financed about 30 billion rubles ($ 460 000 000) for its execution.

Moreover, representatives of big business warned that banning modern website encryption protocols in Russia is tantamount to disconnecting the country from the global Internet. The adoption of the bill in the proposed form, in their opinion, will formally make it illegal to use smartphones and computers and will entail "catastrophic consequences".

Industrial Switches Given by the Vendors Affected by a Same Vulnerability

Industrial switches that were given by the vendors have been affected by a same vulnerability, the reason being they all have the same firmware from Korenix Technology, an industrial networking solutions provider based in Taiwan. SEC Consult, an Austrian-based cyber security company revealed the vulnerability. The company (which is owned by Atos) was trying to get the security holes patched since last year, but it took more than an year for Korenix to release security fixes. 

Security Week reports "Properl+Fuchs did release some patches and workarounds last year after being notified about the vulnerabilities, but the company’s response was limited due to the fact that the flaws existed in the Korenix firmware. SEC Consult’s initial attempts to get Korenix to patch the vulnerabilities failed, until late November 2020, when the company had been preparing to make its findings public." Westermo for PMI-110-F2G and Pepperl+Fuchs for Comtrol RocketLinx industrial switches also use the same firmware made for Jetnet Industrial switches by Korenix. Beijer Electronics Group owns both Westermo and Pepperl+Fuchs. 

As per SEC consult, the companies which made these devices have the same firmware base, hence, a single vulnerability affects all of them. SEC Consult found 5 kinds of vulnerabilities, assigned high severity, and critical ratings. It includes unauthorised device administration, cross-site request forgery, authentication command injection, TFTP file/read/write issues, and backdoor accounts. If a hacker has network access, he can attack a device and make unauthorised changes in configuration, steal sensitive data, or make it enter into a DoS state. The affected devices are used in automation, transportation, heavy industry, surveillance, power and energy, and other sectors. 

These switches, according to experts, hold a crucial position in a network and attacker can exploit these vulnerabilities and disruption the connection to the attached network systems.  Apart from releasing firmware updates for the security fixes, Korenix has also suggested some measures to prevent from potential threats. "This vulnerability can also be exploited via Cross-Site Request Forgery attacks as there is no protection for that kind of attack. The NMS (Network Management System) of Korenix, also known as JetView or Korenix NMS, communicates via UDP and triggered all actions without prior authentication," reports Security Week.

The Ministry of Internal Affairs of Russia will launch a program for recognizing deepfakes in the fall of 2022

The scientific and industrial company "High Technologies and Strategic Systems" (HT and SS SIJSC) will develop a computer program for the Ministry of Internal Affairs that recognizes face substitution in videos, the so-called deepfake videos.

It is not the first time that the company has worked with Russian law enforcement agencies. According to the company's website, their specialists participated in the development of products for the Ministry of Emergency Situations and the Ministry of Defense of the Russian Federation.

The amount that the company will receive is set at 3 million 550 thousand rubles ($48,000). The deadline for the completion of research work is scheduled for November 30, 2022. The program for recognizing deepfakes was named "Mirror".

The Ministry of Internal Affairs explained that with the help of deepfakes, scammers can easily substitute any person by inserting his image on a video in which an immoral act or crime is committed. In addition, experts believe that this technology can be very easily used by phone scammers, so it is important to learn how to quickly and effectively detect such fakes as soon as possible.

According to Yuri Zhdanov, Lieutenant General of the Ministry of Internal Affairs, this technology poses a huge threat, and it is extremely difficult to fight it. It is becoming more and more difficult to figure out where the truth is and where the fake is, so powerful systems for protecting a person from deepfakes should come to help here.

Moreover, the technology is widely used to create realistic pornographic videos featuring celebrities in which they have never been filmed, or fake speeches of major political figures.

One of the most popular deepfakes on the Internet was a video with the founder of SpaceX, Elon Musk, in which he allegedly sings the song "Grass at Home", which is actually performed by the group “Zemlyane”  ("Earthlings").

By the way, the use of DeepFake technology is now prohibited by the largest sites, including Reddit and Twitter.

The sharp drop of the cryptocurrency provokes cyber fraudsters

According to cybersecurity experts, the fall in the cryptocurrency exchange rates may cause another increase in DDoS attacks. The fact is that the same tools are used for conducting attacks as for mining. It becomes more profitable for the owners of the tool to conduct DDoS attacks.

Cybersecurity experts said that the fall of bitcoin from the April historical high of $64.9 thousand to $31.4 thousand, which occurred recently, along with the collapse of other cryptocurrencies, can cause an increase in DDoS attacks.

The fact is that botnets, which are also used for mining cryptocurrency, are used to carry out DDoS attacks, explains Alexander Gutnikov, an analyst at Kaspersky DDoS Prevention. "Attackers usually redirect power to mining when cryptocurrency prices are high, as it is more profitable to use bot farms for this than for DDoS attacks," he said.

Accordingly, the power is reoriented to custom attacks when cryptocurrency prices are low.

According to the report of Kaspersky Lab on attacks for the first quarter of 2021, the exchange rate of cryptocurrencies, in particular bitcoin, declined, for example, in January, and at the same time, there was a surge in DDoS activity. In early March, there was another peak of DDoS attacks, before which there was again a decline in the bitcoin exchange rate.

"DDoS attacks are always activated, when the cryptocurrency exchange rate changes", confirms Alexander Lyamin, CEO of Qrator Labs. According to him, the reason is also that attackers can earn money on the difference in exchange rates, for example, to slow down operations by staging an attack. "Although payments for DDoS attacks are often made in cryptocurrency, their cost is usually set in dollars", says Ramil Khantimirov, CEO and co-founder of StormWall.

"DDoS attacks can be carried out on a specific blockchain to create problems in it and lower the value of coins", adds the technical director of the cryptocurrency exchange CEX.IO Dmitry Volkov. He said that in theory unscrupulous competitors can do this, but in practice such attacks are rare.

Russian researchers developed methodology to predict cyber risks

 Scientists from St. Petersburg Polytechnic University have developed a methodology for assessing cyber risks in smart city systems. The developed methodology has been tested on the "smart intersection" test bed (a component of smart transport system of smart city).

It should be reminded that St.Petersburg participates in the formation of Smart City program, which will provide new services for the residents of megacities, increasing the safety of citizens. Digital services are an integral part of such system.

Experts explained that cybercriminals have new goals: to disrupt the functioning of large enterprises and urban infrastructure, as well as to intercept control over them. Attackers using wireless channels can remotely penetrate a target subnet or device, intercept traffic, launch DoS attacks and take control of IoT devices to create botnets.

"At present, traditional cyber risk analysis strategies cannot be directly applied to the construction and assessment of smart city digital infrastructures, as the new network infrastructure is heterogeneous and dynamic," said Vasily Krundyshev, a researcher at the Institute of Cybersecurity and Information Protection.

At the same time, he stressed that the purpose of this project is to provide the level of protection of information assets of the smart city taking into account specific features of modern cyber threats.

The methodology of cybersecurity risk analysis of the smart city includes the stages of assets type identification, threat identification, risk calculation and analysis of obtained values. The proposed methodology is based on a quantitative approach. At the same time, according to scientists, it is easily and quickly calculable, which is especially important in conditions of modern dynamic infrastructures.

Experimental studies using a set of developed simulation models of typical digital infrastructures of a smart city (Internet of Things, smart building, smart intersection) have demonstrated superiority over existing Russian and foreign counterparts.

It is interesting to note that earlier St. Petersburg scientists created an innovative installation for cleaning water reservoirs.

A Russian specialist warned of the deadly dangers of the smartphone

 Smartphones of the company Samsung are frequently exploding. There are also known cases when Apple products exploded in the hands of users

The leading analyst of Mobile Research Group Eldar Murtazin warned about the lethal danger that can occur when buying non-original chargers and other accessories for smartphones.

According to him, non-original chargers can ignite during use. So, a charger bought from an unfamiliar seller could turn out to be fake, which could lead not just to battery failure and wear, but also to the device igniting and breaking down.

"These are not empty words, it happens every year, and in Russia, several people die from it every year," warned the specialist.

In addition, the use of a smartphone in a bath, when it is on recharge, poses a danger, the analyst emphasized.

Also, the danger can threaten if the user decides to disassemble his smartphone.

"If you do disassemble the device, never touch the battery, because if you break its shell, it can ignite," said Murtazin.

Cheap smartphone accessories, such as headphones or cases, can also be dangerous to health, as they can cause allergic reactions or skin burns.

At the same time, Mark Sherman, managing partner of the B&C Agency communications agency, stressed that the smartphone itself can not be dangerous, but if it happens, it may be the fault of the user.

"If the smartphone breaks, you need to take it to specialists, rather than trying to fix the device yourself", added Mr. Sherman.

Earlier, Pavel Myasoedov, partner and director of Intellectual Reserve, said that contact with water, a blow or prolonged charging can lead to an explosion. According to him, most often explode smartphones of Samsung, which even had to recall all phones Galaxy Note 7 from sale on a wave of panic. There are also known cases when Apple products exploded in the hands of users.

Hackers Exploit Windows BITS Feature To Launch Malware Attack

Microsoft released the BITS (Background Intelligent Transfer Service) in Windows XP to coordinate and ease uploading and downloading files with large size. Systems and applications component, specifically update in Windows, use this BITS feature to provide application updates and OS so that they can work in minimal user disruption. BITS interact with applications to make jobs with one or more application to download or upload. The BITS feature operates in service and it can make transfers happen at any time. A local database stores file, state and job info.  

How the hackers exploit BITS?

The BITS, like every other technology, is used by applications and exploited by hackers. When harmful apps make BITS jobs, the files are uploaded and downloaded in the service host process context. This helps hackers to avoid firewall detection that may stop suspicious or unusual activities, allowing the attacker to hide the application that requests the transfer. Besides this, the transfers in BITS can be scheduled for later, which allows them to happen at given times, saving the hacker from depending on task-scheduler or long-running processes. 

Transfers in BITS are asynchronous, resulting in a situation where the apps that made jobs may not be working after the transfers that are requested are complete. Addressing this situation, these jobs in BITS can be made through a notification command that is user-specific. The command can be used in case of errors or after a job is complete. The BITS jobs linked with this notification command may authorize any command or executable to run. The hackers have exploited this feature and used it as a technique for continuously launching harmful applications.  

For BITS jobs, the command data is stored in a database rather than the traditional directory register, this helps hackers as the tools that are used to identify persistent executables or commands by unknown actors may overlook it. The jobs in BITS can be made using the BITS-admin command lines tool or via API functions.  Cybersecurity firm FireEye reports, "the Background Intelligent Transfer Service continues to provide utility to applications and attackers alike. The BITS QMGR database can present a useful source of data in an investigation or hunting operation. BitsParser may be utilized with other forensic tools to develop a detailed view of attacker activity." 

Creator of McAfee Antivirus Software Charged For Conspiracy?


Creator of McAfee antivirus software, Businessman John McAfee is charged under a conspiracy to commit fraud and money laundering in the U.S. McAfee and his bodyguard Jimmy Gale Watson Jr are found guilty of advertising cryptocurrencies on Mr. McAfee's huge Twitter follower base to inflate prices. As per prosecutors, these currencies were then sold, earning a total of $2m (€1.45 M). The accused have not issued any response to the charges made.  Currently, McAfee (age 75) is under detention in Spain due to separate charges relating to tax fraud, that he is denying. 

The fresh charges were filed in the Manhattan Federal Court, New York. He is facing potential extradition to the U.S, whereas Watson was captured earlier this week. According to BBC, "in 2012, he made headlines after police in the Central American country of Belize investigated the death of one Mr. McAfee's neighbors and named him as a 'person of interest'. Mr. McAfee left the country saying he feared for his own safety. Officials ultimately said he was not a suspect." McAfee and his bodyguard are accused of buying promoting the cryptocurrency assets on Twitter, where Mr. McAfee has millions of followers. 

As per the US justice department and the Commodity Futures Trading Commission, the plan was to sell these assets the moment the asset's price rose. The pair is said to make $11M (€8m) from the cryptocurrency startup payments via promoting the assets on Twitter, while the investors who bought them were unaware of the payments. As per the federal prosecutor, this equals exploiting a widely used social media platform (in this case Twitter) and the enthusiasm of investors in the growing cryptocurrency sector to profit millions via deceit and lies. In the former case which was disclosed the previous year. 

Mr. McAfee was charged for not filing tax returns from 2014-2018. He is also accused of using different people's names to hide his assets which include a yacht and property. "The entrepreneur, who was born in the UK, also launched unsuccessful bids to become the Libertarian Party's candidate for the US presidential elections in 2016 and 2020. Mr. McAfee has previously expressed his disdain for taxes, tweeting in 2019 that he had not filed tax returns for years because "taxation is illegal", reports BBC.  

FacePay fare payment system to launch in Moscow metro by the end of the year

"In the Moscow metro, by the end of 2021, we plan to launch contactless fare payment for travel through a face recognition system", said deputy head of the metro Andrey Kichigin. This payment method will be available at the turnstiles and at the ticket offices. This feature is currently being tested.

According to him, to pay for the fare, you only need to go to the camera, and it counts the face of the passenger, even in a mask. Similar systems have proven themselves in London, Singapore and Dubai.

"First of all, the facial recognition system ensures the safety of trips. We all want to live and move around in a safe city and provide our passengers with the highest level of security," added Kichigin.

According to the deputy head of the metro, the facial recognition system does not know any surnames, names, or other personal data.

The information is stored in a data center that only law enforcement agencies have access to. The protection is reliable, the system can not be connected from the outside, unauthorized access is impossible. The system records each operation, which allows you to understand who, when and what data was requested.

Information security expert Sergei Vakulin criticized the FacePay fare payment system.

"No system is secure. There is a possibility that the data will leak somewhere, and it may be discovered years later. As for security in general, facial recognition, biometric data, then the situation is 50-50. The fact is that the system will not be fully debugged with our technologies, because the person is changing. Clearly, there will be some mistakes, maybe he will grow a beard, and how will he be recognized?" noted the expert.

AI makes fewer mistakes than experienced radiologists and takes into account ethnic differences

CureMetrix: AI provides an equalization of care across countries. A well-trained algorithm that has been trained on a variety of dense breasts, across different ethnicities, provides a significant advantage to a general radiologist

Breast cancer remains an acute and most urgent problem. In the United States, the number of diagnosed breast cancer cases increased by 28.7% in 2020. The World Health Organization (WHO) has officially recognized breast cancer as the most common type of cancer in the world.

Kevin Harris, president of CureMetrix, Inc., said in an interview that there are some racial and ethnic groups that are statistically more likely to develop breast cancer. In addition, some physiological differences in these groups make it difficult to diagnose breast cancer.

Therefore, CureMetrix developed cmTriage™, the first FDA-cleared mammography triage AI program, and diagnostic software cmAssist™ by training their algorithms on mammogram images from women worldwide in order to provide that service to radiologists.

Kevin Harris believes that AI can help solve the problem of inequality in access to health care in the United States and around the world.

For example, there may be cultural or religious issues that prevent women from undergoing routine mammograms. In these situations, it is possible to create mammography clinics that can be fully staffed by female radiology technicians who will use AI-based CAD to identify suspicious cases.

Moreover, the initial screening using the CAD algorithm will save women money.

According to the American Cancer Society, mammography is imperfect and does not allow radiologists to detect about 20% of cases of the disease. At the same time, more than half of the women who were examined over the past 10 years received a false-positive result. It leads to unnecessary treatment, which Health Affairs estimated at $4 billion a year in 2015.

Research shows that doctors are all prone to bias in the field of medicine, and this bias may well show up in their diagnosis.

Therefore, Kevin Harris believes that AI-based radiology tools are useful for a wider range of patients, as the AI-based CAD Algorithm never sees the patient and knows nothing about this woman.

It has already been proven that the use of AI can improve the accuracy of diagnosis: for example, according to numerous studies, "use of cmTriage™ and cmAssist® can lead to a 27% increase in early cancer detection, without an increase in false-positive recalls, and a 69% reduction in false positives".

Putin announced a digital transformation in Russia

 In the next decade, Russia will face digital transformation and the widespread introduction of artificial intelligence and big data analysis, said President Vladimir Putin during the Artificial Intelligence Journey conference.

"In the implementation of our plans, we must use the developments of domestic innovative companies and startups, our mathematical schools,” noted the Russian leader.

He pointed out that billions of rubles will be spent only on the digital transformation of public administration and the transfer of all public services to an electronic format.

In addition, it is planned that next year a tenth of Russian medical institutions will be able to use AI technologies in their work.

According to the President, breakthrough technologies should improve the well-being and quality of life of Russians.

"We must build relations with artificial intelligence in such a way that breakthrough technologies will help us achieve our national goals, if we talk about our country, transform Russia, strengthen its position in the world,” stressed Putin.

At the same time, according to the head of state, artificial intelligence will never replace a person. In his opinion, it is important for humanity to learn how to manage artificial intelligence, and for this, it is necessary to "be skilled and competent". The state, society, business and every person need to meet the impressive dynamics of change and master new knowledge and technologies.

"When I say that people will control machines, that's what I mean. It is necessary to subdue one of the greatest technologies that humanity has ever created,” said Putin.

At the same time, he called for reducing the risks of using the Internet in advance, including eliminating the possibility of leakage of personal data of Russians and "ensuring unconditional respect for the rights of citizens."

The President noted that it depends on a person how carefully he will manage the opportunities provided by artificial intelligence.