New DeepMind AI capabilities - Google Gemini prof Dec 2023

By NJP

It has been only  a year since the Open AI was presented to the public, and the world of AI continues to develop, pay attention to the video that highlights the level of intelligence of the AI that Google Inc. presents the DeepMind Gemini

  Watch by clicking

A few words about the latest Google Gemini video, which many bloggers say was full of exaggerations and inaccurate. Since it is not currently possible to be exposed to all the capabilities of the GEMINI, it is difficult at this stage to check and determine precisely. I leave it here, for your judgment.

The Artificial Intelligence Act (AI Act) of the European Union 2023

On November 26, 2023, the European Parliament and the European Council reached an agreement on the AI Act. Emphasizing law and not regulation!

The law, which was finally approved on December 20, 2023, and will enter into force on January 1, 2025, requires all developers and users of artificial intelligence in Europe to meet strict safety and human rights requirements.

The law establishes three types of artificial intelligence systems:

1. AI systems with high risk - the ability to cause significant harm to humans, such as autonomous military or civilian systems for making decisions on humans. These will be approved by a regulatory authority before they are released to the market
2. AI systems with medium risk - systems that can cause significant harm, but are not necessarily limited to humans. These will be required to meet strict safety requirements, such as reporting possible defects, protecting privacy and information security, and ensuring equal opportunities.
3. Low-risk AI systems - systems that have no substantial risk of causing harm. These will be required to meet basic safety levels, such as privacy protection and information security.

 There are additional categories of intelligence systems that the law refers to, such as:

• Education - systems used to assess students or make decisions about admission to school or university.
• Employment - systems used to make decisions about hiring, promoting or firing employees.
• Law enforcement - systems used to identify suspects or to make decisions about arrest or filing charges (buds already exist today in Alpha versions).

This is groundbreaking legislation in the field of artificial intelligence regulation. It is expected to affect Europe from the beginning of the year, Israel has determined that it will wait to see what other countries will do on the subject of regulation before it establishes its own regulation, but has begun by establishing a regulatory authority for AI, and has also issued a document of intent between the Ministry of Economy and the Ministry of Justice.

The law enacted by the European Parliament and the European Council obliges all EU countries, as well as EU member states and institutions, to comply with its requirements.

Other countries in the world may adopt similar regulations, based on the EU's AI law. For example, the United States, China, Japan, and, in my view, in the coming months or in the coming year also in Israel. What are the countries that have begun to develop their regulations in the field of AI.

Based on similar cases in the past, such as the Privacy Act, it is likely that many countries around the world will adopt regulations similar to the EU AI Act. These regulations may promote the safe and appropriate use of artificial intelligence.

The State of Israel has not yet officially announced whether it intends to adopt the European Union's artificial intelligence law for legislation within the country. However, Israel will likely adopt similar regulations, based on the progress of AI technology in the world.

Several factors may influence Israel's decision on this issue. One factor is Israel's desire to maintain international standards in the field of artificial intelligence. Another factor is Israel's desire to protect the human rights and privacy of its citizens.

In the end, the decision whether to adopt the EU's artificial intelligence law will be a political decision of the Israeli government.

The PDF document of the EU AI Act can be found on the European Commission website. The PDF contains the full text of the law, including all definitions, requirements, and exceptions. 

Preventing a malicious code from running in your networks

Best practice rules about how to prevent unauthorized malicious code from running in your networks

By NJP

 This post discusses the importance of using secure code-signing certificates. Use of self-replicated security architectures. become accountable for the safe code deployment in your network. Finally, we recommend that organizations should also have visibility into their networks (see extension at the end). 

Here are 4 (four) solutions suggested in the article to prevent unauthorized code from running in your network:

Use secure code-signing certificates - Code-signing certificates are used to verify the identity of the publisher of a piece of code. This helps to ensure that the code is from a trusted source and has not been tampered with.

Use a self-replicate security architecture - Self-replicating security architectures are designed to detect and prevent unauthorized code from running even if the network is compromised. This is done by replicating security controls across the network so that there is always a backup in place if one part of the network is compromised.

Nominate a risk owner of safe code deployment -  It is important to have a clear understanding of who is responsible for deploying code to production. This helps to ensure coding inspection measures will hold in your organization, that only authorized code is deployed, and that there is a process in place for reviewing and approving code changes.

Network visibility (Monitoring and control) allows organizations to have a better awareness of the behavior of traffic on their networks and can use it to improve the efficiency, security, and performance of those networks, to prevent unauthorized code from running in their networks. These include:

• Using IDM network access control list (ACL) to control who can access the network. An ACL is a list of rules that specify which users and devices are allowed to access certain resources on the network.
• Using a Firewall/WAF to block unauthorized traffic. A firewall is a network security device that monitors and controls incoming and outgoing network traffic.
• Using intrusion detection and prevention systems (IDS/IPS). An IDS/IPS is a network security device that monitors network traffic for suspicious activity.

And, 'last, but not least' Educating employees about the risks of unauthorized code. Employees should be aware of the risks of running unauthorized code and should be trained to identify and report suspicious activity.

Open-source intelligence course (OSINT) on social networks

SECPROF OSINT COURSE

For the Social Media Intelligence Gathering course, we've built a collection of the most useful social media OSINT tools. Come develop your personal capabilities and potential in building open source intelligence gathering (OSINT) capabilities with this course. Come and learn which tools will help you acquire knowledge and allow you to dive into a powerful world designed to collect valuable information from social media platforms such as Facebook, Instagram, Telegram, LinkedIn, Twitter, and more.

Come find out how you can intensify your effort to acquire and accelerate your knowledge in the field of cyber, and offensive information protection.

OSINT is your course to learn and improve the digital intelligence gathering capabilities of the current or next organization where you will start working and earn better.

Will publish soon...

Kevin Mitnick a Legendary hacker Pioneer - The Evolution of a black night of the Hacking order

 Kevin Mitnick, from hacking pioneering, through, the most famous hacker in the world, to the age of AI hacking power, and how everything connects all together.

I'm writing this post in the name of a person-first, passionate, and extraordinary figure named "Kevin Mitnick", a truly novel hero, one of his kind.

Kevin, a Jewish American, was a brilliant hacker, a gifted writer, and a passionate advocate for security awareness, he became a gifted consultant for Fortune 500 companies and governments across the word. His death is a major loss to the cybersecurity community, but his legacy will live on with us.

Kevin Mitnick's famous business card

From Hacking Pioneering to AI Hacking - The Evolution of a Legendary Hacker

In the ever-evolving landscape of cybersecurity, few names resonate as strongly as Kevin Mitnick's. From his early days as a hacking pioneer to his status as one of the world's most notorious hackers, Mitnick's journey has been nothing short of extraordinary. As technology advances, so does the art of hacking, and Mitnick's story serves as a fascinating bridge between the past and the age of AI hacking. In this post, we explore the life and exploits of Kevin Mitnick and delve into how his legacy has shaped the world of cybersecurity as we know it today.

Part 1: The Early Days of Hacking Pioneering

Kevin Mitnick's fascination with computers began at a young age, sparking an insatiable curiosity about the inner workings of these machines. In the 1980s and '90s, as the internet was still in its infancy, Mitnick emerged as a prodigious hacker, earning a reputation for his mastery of social engineering techniques. He navigated the digital realm with unparalleled skill, infiltrating networks and systems, all while evading law enforcement's grasp. His cunning and audacious exploits earned him the nickname "The Condor."

Part 2: The Rise to Infamy - Becoming the Most Famous Hacker in the World

With each successful hack, Mitnick's notoriety grew. His targets ranged from corporate giants to government agencies, making headlines worldwide. His ability to breach supposedly impenetrable systems exposed the vulnerabilities of early digital infrastructure, sending shockwaves through the tech industry. Mitnick's exploits came to a head when he was captured and eventually sentenced to prison, sparking a global debate on the ethics of hacking and the importance of robust cybersecurity.

Part 3: The Age of AI Hacking - Connecting the Dots

As technology continued to advance, the world of hacking evolved with it. The age of artificial intelligence brought new challenges and opportunities for hackers, and Mitnick recognized the potential of AI as both a tool for cyber defense and a weapon for malicious actors. After serving his sentence, Mitnick shifted his focus from the dark side of hacking to becoming a cybersecurity consultant, utilizing his knowledge and experience to help organizations protect themselves from cyber threats.

Part 4: The Legacy of Kevin Mitnick in the Age of AI Hacking

Kevin Mitnick's legacy lives on as a cautionary tale and an inspiration for the cybersecurity community. His exploits showcased the importance of constant vigilance in the face of ever-evolving hacking techniques. As AI-powered tools become more sophisticated, the need for robust cybersecurity measures has never been greater. Mitnick's transformation from a notorious hacker to a cybersecurity expert demonstrates that even those once on the wrong side of the law can use their skills for the greater good.

Last

Kevin Mitnick's journey from hacking pioneering to becoming one of the most famous hackers in the world is a compelling story of redemption, innovation, and adaptation. His life's arc reflects the evolving landscape of cybersecurity, with AI hacking emerging as the latest frontier. As we move forward, the lessons from Mitnick's exploits and his transition to cybersecurity consulting can guide us in staying one step ahead of malicious actors in this ever-changing digital world. With a combination of knowledge, ethics, and innovation, we can build a safer digital ecosystem for the future.

Ransomware attacks on Azure Storage: How to protect your data

Ransomware attacks on Azure Storage are a growing phenomenon. These attacks can cause significant losses of data and time and can lead to activity interruptions, loss of reputation, and damage to customer trust.

Ransomware attacks on Azure Storage typically work by hackers breaking into a user's systems and encrypting their data. Hackers then require the user to pay a ransom to get the encryption key and recover the data.

There are several ways that ransomware attacks can occur on Azure Storage, including:

• Phishing attacks Hackers send fake emails or emails that contain malicious links or files. When a user opens the malicious links or files, they may be infected with malware.
• Brute-force attacks Hackers try to guess users' login passwords to Azure Storage.
• Identity management attacks Hackers exploit weaknesses in the Azure identity management system to gain access to users' Azure Storage systems.

By taking several steps, users can protect their Azure Storage from ransomware attacks:

• Use Azure Security Center Azure Security Center provides advanced security functions that help detect and block ransomware attacks.
• Use Azure Backup Azure Backup allows users to create periodic backups of their data. DR, BCP.
• Use Azure Active Directory Identity Protection Azure Active Directory Identity Protection provides protection against unauthorized login attempts.
• Use Azure Key Vault Azure Key Vault allows users to securely store and manage encryption keys.

In summary

Ransomware attacks on Azure Storage are a real threat. By taking the steps listed above, users can protect their data and keep it safe.

Below are case studies for ransomware attacks on Azure Storage for further learning:

1. In 2022, a group of hackers called Conti attacked the American energy company Colonial Pipeline. Hackers penetrated the company's storage systems and demanded a ransom of 5 million dollars in exchange for the recovery of the data. The company paid the ransom, and the data was released.
2. In 2021, a hacker group called REvil attacked the American insurance company CNA Financial. Hackers penetrated the company's storage systems and demanded a ransom of 45 million dollars in exchange for the recovery of the data. The company did not pay the ransom, and the data was not released.
3. In 2020, a group of hackers called Ryuk attacked the American health company Universal Health Services. Hackers penetrated the company's storage systems and demanded a ransom of 67 million dollars in exchange for the recovery of the data. The company paid the ransom, and the data was released.

These examples demonstrate the significant damage that ransomware attacks on Azure Storage can cause. They can lead to activity interruptions, loss of reputation, and damage to customer trust.

Here are some links to more information about ransomware attacks on Azure Storage:

• Microsoft: Azure Security Center: https://docs.microsoft.com/en-us/azure/security-center/
• Microsoft: Azure Backup: https://docs.microsoft.com/en-us/azure/backup/
• Microsoft: Azure Active Directory Identity Protection: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/
• Microsoft: Azure Key Vault: https://docs.microsoft.com/en-us/azure/key-vault/

Latest updates on Google's AI BARD 2023.Sep.19

Bard can now access useful information from Google apps, in Gmail, Docs, and Drive

Bard can now retrieve and help work in real-time from maps, YouTube, hotels, and flights. Can be disabled at any time.

Google search, [G] button can help check bard, can click to learn more.

When someone shares a Bard conversation with you through Bard's sharing feature, you can now continue the conversation in your account and build on what they started.

You can upload photos with Google Lens, get Google Search images, and change Bard's comments to be simpler, longer, shorter, more professional, or more casual in all supported languages.

Bard is available in new locations and languages, now in over 40 new languages including Arabic, Chinese (Simplified/Traditional), German, Hindi, Spanish and more.

Images can be uploaded alongside text in conversations with Bard, which makes it possible to increase imagination and creativity in new ways. Bard has added the capability of Google Lens at this stage in English.

Added text-to-speech capabilities to Bard in over 40 languages, including Hindi, Spanish, and American English.

Pinned and recent threads, you can now pick up where you left off with your past bard conversations and organize them according to your needs.

Exporting Python code to Replit The ability to export Bard to code has been expanded. Python code for Replit, plus Google Co lab.

Bard has been updated to recognize computational instructions and run code in the background, making Bard better at math tasks, coding questions, and string manipulation, plus exporting Bard-generated tables to Google Sheets

More relevant responses with location details - Accurate location helps Bard deliver more relevant responses in your area.

The revolution of AI pushes the technology ahead

It is hard to believe that only ten months have passed since the AI ​​revolution began.  The release of a free public version of ChatGPT in November of last year prompted Google and other competitors to accelerate their development efforts, releasing beta versions in an attempt to push the boundaries of AI technology while ensuring their products meet industry standards.

  Google released an early version called Bard, which is a prototype of its flagship product, Gemini AI.  The article I linked to mentions that Gemini is expected to be released in three months, but does not provide details on its features.  As someone who has been following this product for the past two years, I can say that Google has not yet announced a specific release date as the company has discovered more capabilities in the areas of machine learning, artificial intelligence and deep learning (AI, ML, DL).

 However, it is important to note that the release date may be delayed.  There are those who claim that high capabilities have been discovered in DL, Google wants to test those capabilities before release.  In addition, some argue that the Gemini AI will not be as powerful as some people hope.  Only time will tell what the true capabilities of this product are.

  All in all, regarding the potential of artificial intelligence, there is much more to look forward to.  There are many challenges that need to be addressed before AI systems can reach their full potential as imagined.

  In short, the race is on, and the AI ​​revolution is already underway.

 Don't expect too much from this letter... but this is too important a topic to ignore.

To an article about google Gemini AI

A post about the rapid evolution of AI systems, when there is still no regulation

 📌 I recommend you take seven minutes of your life to read and listen to this.

 First of all, I will say that the evolutionary development we are experiencing in the last year of AI solutions, are only the tip of the iceberg in the sense of how many changes are going to be made in our world without us knowing or noticing them until it is impossible to correct errors on the way or the apocalypse predicted by human groups as recently appeared on the internet, and on the deep web will prove that the writing was on the wall.  

I myself am not at all paranoid and I make good use of the AI, and it's hard for me to define it as a bad thing.  

In the link you will find an opinion of one who opposes the changes that are taking place, worth reading, as well as a recording of a potential car buyer with Tesla's AI system for the specific case.  

So it is recommended that you spend the next few minutes to absorb the things and think.  Here's a short quote from the post 

"My point is: it's great to automate low-value, routine queries to allow human customer service agents to focus on complex, high-value interactions. But human empathy can't be replaced. 

It's what (thankfully) sets us apart. A robot can't replicate experiences and emotions: human empathy is core and so essential in (human) customer interactions."

And when you finish... THINK 💬🤔

 Below is the link, at the bottom of the post is the recording.

 https://www.linkedin.com/posts/ramona-janson_artificialintelliegence-machinelearnig-ugcPost-7086626735047286784-w1YH

Build trust with partners, customers and industry quick and easy with PCI-DSS compliance

PCI-DSS compliance is on of the best way's to show your cyber-resilience is trusty. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to protect cardholder data. It is widely recognized as a best practice for organizations that store, process, or transmit credit card data, and showing your organisation resilience to privacy (PII).

PCI DSS compliance is not the least demanding of all regulations, but it is certainly one of the most comprehensive. The standard covers a wide range of security controls, from physical security to network security to application security. This makes it a good starting point for organizations that are looking to improve their overall cyber security posture.

Of course, PCI DSS compliance is not a silver bullet. It is important to remember that no single regulation can guarantee that an organization will be immune to cyber attacks. However, PCI DSS compliance can help to reduce the risk of a data breach and can help organizations to demonstrate their commitment to security.

Here are the organisation benefits achieved by PCI DSS compliance:

• Reduced risk of data breaches
• Increased customer trust
• Compliance with other regulations
• Improved operational efficiency
• Reduced liability

If you are considering achieving PCI DSS compliance, there are a few things you should keep in mind:

The standard is a middle level complexity and can be challenging to implement.

There are different levels of compliance, depending on the volume of cardholder data that you process.

You will need to be audited by a qualified third party to verify your compliance.

However, the benefits of achieving PCI DSS compliance can outweigh the challenges. If you are serious leveraging your Commitment to information security and privacy protection, you can put the PCI DSS compliance in you priority to become compliant officialy. It's a good place to start.