Kategorie

Managed Detection and Response in 2023 (PDF)

Alongside other security solutions, we provide Kaspersky Managed Detection and Response (MDR) to organizations worldwide, delivering expert monitoring and incident response 24/7. The task involves collecting telemetry for analysis by both machine-learning (ML) technologies and our dedicated Security Operations Center (SOC). On detection of a security incident, SOC puts forward a response plan, which, if approved by the customer, is actioned at the endpoint protection level. In addition, our experts give recommendations on organizing incident investigation and response.

In the annual MDR report, we present the results of analysis of SOC-detected incidents, supplying answers to the following questions:

• Who are your potential attackers?
• How do they currently operate?
• How to detect their actions?

The report covers the tactics, techniques and tools most commonly used by threat actors, the nature of high-severity incidents and their distribution among MDR customers by geography and industry.

Security incident statistics for 2023 Security events

In 2023, Kaspersky Managed Detection and Response handled more than 431,000 alerts about possible suspicious activity. Of these, more than 117,000 were analyzed by ML technologies, and over 314,000 by SOC analysts. Of the manually processed security events, slightly under 90% turned out to be false positives. What is more, around 32,000 security alerts were linked to approximately 14,000 incidents reported to MDR customers.

Geographic distribution of users

In 2023, the largest concentration of Kaspersky MDR customers was in the European region (38%). In second place came Russia and the CIS (28%), in third the Asia-Pacific region (16%).

Distribution of Kaspersky MDR customers by region, 2023

Distribution of incidents by industry

Since the number of incidents largely depends on the scale of monitoring, the most objective picture is given by the distribution of the ratio of the number of incidents to the number of monitored endpoints. The diagram below shows the expected number of incidents of a given criticality per 10,000 endpoints, broken down by industry.

Expected number of incidents of varying degrees of criticality per 10,000 endpoints in different industries, 2023

In 2023, the most incidents per 10,000 devices were detected in mass media organizations, development companies and government agencies.

In terms of absolute number of incidents detected, the largest number of incidents worldwide in 2023 were recorded in the financial sector (18.3%), industrial enterprises (16.9%) and government agencies (12.5%).

Distribution of the number of Kaspersky MDR customers, all identified incidents and critical incidents by industry, 2023

General observations and recommendations

Based on the analysis of incidents detected in 2023, and on our many years of experience, we can identify the following trends in security incidents and protection measures:

• Every year we identify targeted attacks carried out with direct human involvement. To effectively detect such attacks, besides conventional security monitoring, threat hunting is required.
• The effectiveness of the defense mechanisms deployed by enterprises is best measured by a range of offensive exercises. Year after year, we see rising interest in projects of this kind.
• In 2023, we identified fewer high-severity malware incidents than in previous years, but the number of incidents of medium and low criticality increased. The most effective approach to guarding against such incidents is through multi-layered protection.
• Leveraging the MITRE ATT&CK® knowledge base supplies additional contextual information for attack detection and investigation teams. Even the most sophisticated attacks consist of simple steps and techniques, with detection of just a single step often uncovering the entire attack.

Detailed information about attacker tactics, techniques and tools, incident detection and response statistics, and defense recommendations can be found in the full report (PDF).

The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024. "The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will help consumers to choose smart devices that have been designed to Newsroomhttp://www.blogger.com/profile/[email protected]

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations. "In 2023,

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations. "In 2023,Newsroomhttp://www.blogger.com/profile/[email protected]

The EU has given Apple just six months to open up iPads in the same way it’s been forced to open up iPhones in Europe. The decision follows an EU determination that the iPad — which leads but does not dominate the tablet market — should be seen as a “gatekeeper.”

Apple will not have much time to comply.

What’s really interesting, as noted by AppleInsider, is the extent to which the decision to force Apple to open up iPadOS seems to have been made even though the EU’s lead anti-competition regulator, Margrethe Vestiger, says the company doesn’t actually meet the criteria for enforcement. 

It doesn’t meet the threshold, so we’ll do it anyway

“Today, we have brought Apple’s iPadOS within the scope of the DMA obligations,” said Vestager.  “Our market investigation showed that despite not meeting the thresholds, iPadOS constitutes an important gateway on which many companies rely to reach their customers.”

This triumph of ideology is just the latest poor decision from the trading bloc and comes as Apple gets ready to introduce new software, features, and artificial intelligence to its devices at its Worldwide Developer’s Conference in June. 

With that in mind, I expect Apple’s software development teams need Europe’s latest decision about as much as the rest of us need an unexpected utility bill. That said, I imagine the challenge has not been entirely unexpected.

Sour grapes?

To some extent you have to see that Europe is playing defense.

Not only has it lost all advantages in space research to Big Tech firms such as Space X, but the continent has arguably failed to spawn a significant homegrown Big Tech competitor. This leaves Europe reliant on US technology firms, so it’s clear the EU is attempting to loosen the hold US firms have on digital business in Europe by using the Digital Markets Act is being applied.

The EU isn’t alone; US regulators are equally determined to dent the power Apple and other major tech firms hold. Fundamental to many of the arguments made is the claim that consumers will see lower prices as a result of more open competition, but I’m highly doubtful that will happen.

So, what happens next?

Apple will likely attempt to resist the EU call to open up the iPad, but will eventually be forced to comply. Meanwhile, as sideloading intensifies on iPhones, we will see whether user privacy and safety do indeed turn out to be compatible with sideloading.

In an ideal world, the EU would hold off on any action involving iPads pending the results of that experiment. It makes sense for regulators and Apple to work constructively together to protect against any unexpected consequences as a result of the DMA before widening the threat surface. 

Perhaps user security isn’t something regulators take seriously, even though government agencies across the EU and elsewhere are extremely concerned at potential risks. Even in the US, regulators seem to want us to believe Apple’s “cloak” of privacy and security is actually being used to justify anti-competitive behavior. 

Do the benefits exceed the risks?

Experientially, at least, there’s little doubt that platforms (including the Mac) that support sideloading face more malicious activity than those that don’t. Ask any security expert and they will tell you that in today’s threat environment, it’s only a matter of time until even the most secure systems are overwhelmed. So it is inevitable some hacker somewhere will find a way to successfully exploit Apple’s newly opened platforms.

It stands to reason that ransomware, adware, and fraud attempts will increase and it is doubtful the EU will shoulder its share of the burden to protect people against any such threats that emerge as a result of its legislation.

For most consumers, the biggest benefit will be the eventual need to purchase software from across multiple store fronts, and to leave valuable personal and financial details with a wider range of payment processing firms.

The joy I personally feel at these “improvements” is far from tangible.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, Apple App Store, iPad, Mobile

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with the

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with the Newsroomhttp://www.blogger.com/profile/[email protected]

The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements include unprivileged user namespace restrictions, binary hardening, AppArmor 4 , disabling old TLS versions, and upstream kernel security features.

The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary code. Over the next few days or weeks, the Google Stable channel will be updated to 124.0.6367.78 for Linux. As security practitioners, Linux admins, infosec professionals, and sysadmins must be aware of the implications of such vulnerabilities and take appropriate action.

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many The Hacker Newshttp://www.blogger.com/profile/[email protected]

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322 (CVSS score: 8.8), "involves the use of promise objects and lazy evaluation in R," AI application

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322 (CVSS score: 8.8), "involves the use of promise objects and lazy evaluation in R," AI applicationNewsroomhttp://www.blogger.com/profile/[email protected]

A lot has changed regarding built-in backup and recovery tools in Windows 11. Enough so, in fact, that it’s not an exaggeration to talk about a new approach to handling system backup and restore, as well as system repair and recovery.

That’s why the title for this article uses the “P-word” (paradigm). This a term much-beloved in the USA in the 1970s and ’80s, plucked from Thomas Kuhn’s The Structure of Scientific Revolutions (1972) to explain how and why radical changes happen in science.

Indeed, a list of what’s new in Windows 11 by way of backup and recovery helps set the stage for considering a veritable paradigm shift inside this latest desktop OS version:

• The Windows Backup app, which replaces the obsolete “Backup and Restore (Windows 7) utility,” still present in Windows 10 but absent in Windows 11
• A revamped approach inside Settings > System > Recovery, which now includes both “Fix problems using Windows Update” and “Reset this PC” options to attempt repairs to an existing OS or reinstall Windows 11 from scratch, respectively

If these elements are combined with proper use of OneDrive, they can cover the gamut of Windows backup, restore, repair, and recovery tasks. Remarkable!

Defining key R-words: Repair, Restore, Recovery, and Reset

Before we dig into the details, it’s important to define these “R-words” so that what Microsoft is doing with Windows 11 backup and recovery options makes sense.

• Repair: Various methods for fixing Windows problems or issues that arise from a working but misbehaving OS or PC. For what it’s worth, this term encompasses the “Fix problems without resetting your PC” button in Settings > System > Recovery shown in Figure 1; it calls the native, built-in Windows 11 Get Help facility.

Figure 1: Although it’s labeled Recovery, this Windows 11 Settings pane shows Reset explicitly and Repair implicitly.

Ed Tittel / IDG

• Restore: This is usually defined as putting things back the way they were when a particular backup was made. It is NOT shown in Figure 1, though you can get to a set of Windows Backup data that provides restore information through Advanced startup and through other means.
• Recovery: Though it has a general meaning, Microsoft tends to view Recovery as a set of operations that enables access to a non-booting Windows PC, either to replace its boot/system image (“Reset this PC” in Figure 1 — see next item) or to boot to alternate media or the Windows Recovery environment, a.k.a. WinRE (“Advanced startup” in Figure 1) to attempt less drastic repairs: reboot from external media, attempt boot or partition repairs, replace corrupted system files, and a great deal more.
• Reset: Remove the current disk structure on the system/boot drive with a new structure and a fresh, new Windows 11 install, keeping or discarding personal files (but not applications) as you choose.

All of the preceding R-words are intertwined. And Restore is closely related to Backup — that is, one must first perform a backup so that one has something to restore later on.

Introducing Windows Backup

If you type “Windows Backup” into the Windows 11 Start menu’s search box for versions 23H2 or later (publicly released October 31, 2023), you should see something like Figure 2 pop up:

Figure 2: Introducing Windows Backup in Windows 11 23H2.

Ed Tittel / IDG

This simply shows the Start menu entry for the Windows Backup app, which I’ll abbreviate as WB (with apologies to Warner Brothers). Interestingly enough, WB is not packaged as an app with an MSIX file, nor is it available through the Windows Store. Its setup options when launched tell you most of what you need to know, shown in Figure 3. The rest becomes clear as you drill down into its various subheadings, as I’ll explain soon.

Figure 3: The various Windows Backup options/selections let you protect/copy folders, apps, settings, and credentials. That’s about everything!

Ed Tittel / IDG

By default, here’s how things shake out in WB:

• Folders covers the Desktop, Documents, Pictures, Videos, and Music items (a.k.a. “Library folders”) from the logged-in user’s file hierarchy. On first run, you may use a toggle to turn backup on or off. (Note: a valid Microsoft Account, or MSA, with sufficient available OneDrive storage is required to make use of WB.)
• Apps covers both old-style .exe apps and newer MSIX apps (like those from the Microsoft Store). It will also capture and record app preferences, settings, and set-up information. This is extremely important, because it provides a way to get back apps and applications, and related configuration data, if you perform a “Reset this PC” operation on the Recovery pane shown in Figure 1 above.
• Settings covers a bunch of stuff. That’s no surprise, given the depth and breadth of what falls under Settings’ purview in Windows, including: accessibility, personalization, language preferences and dictionary, and other Windows settings.
• Credentials covers user account info, Wi-Fi info (SSIDs, passwords, etc.), and passwords. This handles all the keys needed to get into apps, services, websites, and so forth should you ever perform a restore operation.

Once you’ve made your folder selections and turned everything on, Windows Backup is ready to go. All you need to do is hit the Back up button at the bottom right in Figure 3, and your first backup will be underway. The first backup may take some time to complete, but when it’s finished you’ll see status info at the top of the Windows Backup info in Settings > Accounts > Windows backup, as shown in Figure 4.

Figure 4: Status information for WB appears under Settings > Accounts > Windows backup (credentials do get backed up but are not called out).

Ed Tittel / IDG

Please note again that all backed up files and information go to OneDrive. Thus, internet and OneDrive access are absolutely necessary for Windows Backup to make backup snapshots and for you to be able to access them for a restore (or new install) when they’re needed. This has some interesting wrinkles, as I’ll explain next.

The Microsoft support page “Getting the most out of your PC backup” explains Windows Backup as follows:

Your Microsoft account ties everything together, no matter where you are or what PC you’re using. This means your personalized settings will be remembered with your account, and your files are accessible from any device. You can unlock premium features like more cloud storage, ongoing technical support, and more, by purchasing a Microsoft 365 subscription for your account.

That same document also cites numerous benefits, including:

• easy, secure access to files and data anywhere via OneDrive
• simple transfer to a new PC as and when desired
• protection “if anything happens to your PC” without losing precious files

This is why Windows Backup and the other tools offer a new backup paradigm in Windows 11. Used together through a specific MSA, you can move to a new PC when you want to, or get your old one back when you need to.

The restore process, WB-style

Microsoft has a support note that explains and describes WB, including initial setup, regular use, and how to restore. This last topic, entitled “How do I restore the backup?” is not just the raison d’être for backup, it’s also well worth reading closely (perhaps more than once).

Let me paraphrase and comment on that document’s contents. Backup makes itself available whenever you work on a new PC, or when you need to reinstall Windows, as you are setting it up. Once you log in with the same MSA to which the backup belongs, it will recognize that backups for the account are available to you, and the tool will interject itself into the install process to ask if there’s a backup you would like to restore. This dialog is depicted in Figure 5.

Figure 5: Once logged into an MSA, the Windows installer will offer to restore backup it keeps for that account to the current target PC.

Ed Tittel / IDG

For users with multiple PCs (and backups) the More options link at center bottom takes you to a list of options, from which you can choose the one you want. Once you’ve selected a backup, the Windows installer works with WB to copy its contents into the install presently underway. As Microsoft puts it, “When you get to your desktop everything will be right there waiting for you.”

I chose a modestly complex backup from which to restore my test virtual machine; it took less than 2 minutes to complete. That’s actually faster than my go-to third-party backup software, Macrium Reflect — but it occurs in the context of overall Windows 11 installation, so the overall time period required is on par (around 7 minutes, or 9 minutes including initial post login setup).

WB comes with a catch, however…

You’d think that capturing all the app info would mean that apps and applications would show up after a restore, ready to run. Not so. Look at Figure 6, which shows the Start menu entries for CrystalDiskInfo (a utility I install as a matter of course on my test and production PCs to measure local disk performance).

Figure 6: Instead of a pointer to the actual CrystalDiskInfo apps (32- & 64-bits), there’s an “Install” pointer!

Ed Tittel / IDG

Notice the Install link underneath the 32- and 64-bit versions. And indeed, I checked all added apps and applications I had installed on the backup source inside the restored version and found the same thing.

Here’s the thing: Windows Backup makes it easy to bring apps and applications back, but it does take some time and effort. You must work through the Start menu, downloading and installing each app, to return them to working order. That’s not exactly what I think a restore operation should be. IMO, a true restore brings everything back the way it was, ready to run and use as it was when the backup was made.

WB and the OneDrive limitation

There’s another potential catch when using WB for backup and restore. It won’t affect most users. But those who, like me, use a single MSA on multiple test and production machines must consider what adding WB into the mix means.

OneDrive shares MSA-related files across multiple PCs by design and default. WB saves backups on a per-PC basis. Thus, you must think and use the More options link in Figure 5 when performing a WB restore to select the latest snapshot from a specific Windows PC. If you’re restoring the same PC to itself, so to speak, click Restore from this PC (Figure 5, lower right) instead.

Overall, Windows Backup is a great concept and does make it easy to maintain system snapshots. The restore operation is incomplete, however, as I just explained. Now, let’s move onto Windows Repair, via the “Reinstall now” option shown in Figure 1 (repeated below in Figure 7).

More about “Reset this PC” and Windows repair

Looking back at Figure 1 (or below to Figure 7) you can see that “Reset this PC” is labeled as a Recovery option, along with other recovery options called “Fix problems…” above. The idea is that Reset this PC is an option of last resort, because it wipes out the existing disk image and replace it with a fresh, clean, new one. WB then permits admins or power users to draw from a WB backup for a specific PC in the cloud to restore some existing Windows setup — or not, perhaps to clean up the PC for handoff to another user or when preparing it for surplus sell-off or donation.

Figure 7: Recovery options include two “Fix problems…” options and “Reset PC.”

Ed Tittel / IDG

As described earlier in this article, “Fix problems without resetting your PC” provides access to Windows 11’s built-in “Get Help” troubleshooters, while the “Reinstall now” option provides the focus for the next section. All this said, “Reset this PC” provides a fallback option when the current Windows install is not amenable to those other repair techniques.

Using Windows Update to perform a repair install

Earlier this year, Microsoft introduced a new button into its Settings > System > Recovery environment in Windows 11 23H2. As shown in Figure 7 above, that button is labeled “Reinstall now” and accompanies a header that reads “Fix problems using Windows Update.” It, too, comes with interesting implications. Indeed, it’s a giant step forward for Windows repair and recovery.

What makes the “Reinstall now” button so interesting is that is shows Microsoft building into Windows itself a standard OS repair technique that’s been practiced since Windows 10 came along in late July 2015: a “repair install” or “in-place upgrade install,” which overwrites the OS files while leaving user files, apps, and many settings and preferences in place.  (See my 2018 article “How to fix Windows 10 with an in-place upgrade install” for details on how the process works and the steps involved to run such an operation manually.)

But there’s more: Windows 11’s “Reinstall now” button matches the reinstall image to whatever Windows edition, version and build it finds running on the target PC when invoked. That means behind the scenes, Microsoft is doing the same work UUP dump does to create Windows ISOs for specific Windows builds. This is quite convenient, because Windows Recovery identifies what build to reinstall, and then creates and installs a matching Windows image.

Indeed, this process takes time, because it starts with the current base for some Windows feature release (e.g., 22H2 or 23H2), then performs all necessary image manipulations to fold in subsequent updates, patches, fixes and so on. For that reason, it can take up to an hour for such a reinstall to complete on a Windows 11 PC, whereas running “setup.exe” from a mounted ISO from the Download Windows 11 page often completes in 15 minutes or less. But then, of course, you’d have to run all outstanding updates to catch Windows up to where you want it to be. That’s why there’s a time differential.

Bottom line: the new “Reinstall now” button in Windows 23H2 makes performing an in-place upgrade repair install dead simple, saving users lots of foreknowledge, thought, and effort.

If everything works, the new paradigm is golden

WB used in conjunction with MSA and OneDrive is about as simple and potentially foolproof as backup and restore get.

Do I think this new paradigm of using WB along with OneDrive, installer changes, and so forth works to back up and restore Windows 11? Yes, I do — and probably most of the time. Am I ready to forgo other forms of backup and restore to rely on WB and its supporting cast alone? By no means! I find that third-party image backup software is accurate, reliable, and speedy when it comes to backing up and restoring Windows PCs, including running versions of all apps and applications.

In a recent test of the “Reinstall now” button from Settings > Recovery in Windows 11, it took 55 minutes for that process to complete for the then-current windows image. I also used WB to restore folders, apps, settings, and credentials. That took at least another 2-3 minutes, but left pointers to app and application installers, with additional effort needed to download and reinstall those items. (This takes about 1 hour for my usual grab-bag of software programs.)

Using my favorite image backup and recovery tool, Macrium Reflect, and booting from its Rescue Media boot USB flash drive, I found and restored the entire C: drive on a test PC in under 7 minutes. This let me pick a backup from any drive on the target PC (or my network), replaced all partitions on the system/boot disk (e.g., EFI, MSR, C:\Windows, and WinRE), and left me with a complete working set of applications. I didn’t need internet access, an MSA, or OneDrive storage to run that restore, either.

Worth having, but not exclusively

Microsoft has made big and positive changes to its approach to backup and recovery. Likewise for repair, with the introduction of the “Reinstall now” button that gets all files from Windows Update. These capabilities are very much worth having, and worth using.

But these facilities rely on the Microsoft Windows installer to handle PC access and repair. They also proceed from an optimistic assumption that admins or power users can get machines working so that a successful MSA login drives the restore process from OneDrive in the cloud to proceed. When it works, that’s great.

But, given the very real possibility that access issues, networking problems, or other circumstances outside the installer’s control might present, I believe other backup and restore options remain necessary. As the saying goes, “You can never have too many backups.”

Thus, I’m happily using WB and ready to restore as the need presents. But I’m not abandoning Macrium Reflect with its bootable repair disk, backup file finder, boot repair capabilities, and so forth. That’s because I don’t see the WB approach as complete or always available.

You are free, of course, to decide otherwise (but I’d recommend against that). And most definitely the new WB approach, the new in-place repair facility, and “reset this PC” all have a place in the recovery and repair toolbox. Put them to work for you!

Backup and Recovery, Windows, Windows 11

Like many universities, Georgia Tech has been grappling with how to offer students the training they need to prepare them for a recent sea change in IT job markets — the arrival of generative AI (genAI).

Through a partnership with chipmaker Nvidia, Georgia Tech’s College of Engineering built a supercomputer dubbed AI Makerspace; it uses 20 Nvidia HGX H100 servers powered by 160 Nvidia H100 Tensor Core GPUs (graphics processing units).

Those GPUs are powerful — a single Nvidia H100 GPU would need just one second to handle a multiplication operation that would take the school’s 50,000 students 22 years to achieve. So, 160 of those GPUs give students and professors access to advanced genAI, AI and machine learning creation and training. (The move also spurred Georgia Tech to offer new AI-focused courses and minors.

Announced two weeks ago, the AI Makerspace supercomputer will initially be used by Georgia Tech’s engineering undergraduates. But it’s expected to eventually democratize access to computing resources typically prioritized for research across all colleges.

Computerworld spoke with Matthieu Bloch, the associate dean for academics at Georgia Tech’s College of Engineering, about how the new AI supercomputer will be used to train a new generation of AI experts.

The following are excerpts from that interview:

Tell me about the Makerspace project and how it came to be? “The Makerspace is really the vision of our dean, Raheem Beyah, and the school chair of Electrical and Computer Engineering (ECE), Arijit Raychowdhury, who really wanted to put AI in the hands of our students.

“In 2024 — in the post ChatGPT world — things are very different from the pre-ChatGPT world. We need a lot of computing power to do anything that’s meaningful and relevant to industry. And in a way, the devil is out of the box. People see what AI can do. But I think to get to that level of training, you need infrastructure.

Makerspace’s Nvidia H100 Tensor Core GPUs

Georgia Tech College of Engineering

“The name Makerspace also comes from this culture we have at Georgia Tech of these maker spaces, which are places where our students get to tinker, both within the classroom and outside the classroom. The Makerspace was the idea to bring the tools that you need to do AI in a way that’s relevant to do meaningful things today. So, right now, where we’re at is we’ve partnered Nvidia to essentially offer to students a supercomputer. I mean, that’s what it is.

“What makes it unique is that it’s meant for supporting students. And right now it’s in the classroom. We’re still rolling it out. We’re in phase one. So, the idea is that the students in the classroom can work on AI projects that are meaningful to industry — problems that are interesting, you know, from a pedagogical perspective, but they don’t mean a whole lot in an industry setting.”

Tell me a bit about the projects they’ve been working on with this. “I can give you a very concrete example. ChatGPT is a very typical, a very specific form of AI called generative AI. You know, it’s able to generate. In the case of ChatGPT, [that means] text in response to prompts. You might have seen a generative model that generates pictures. I think these were very popular and whatnot. And so these are the kind of things our students can do right now, …generate anything that would be, say, photo realistic.

“You need a pretty hefty computing power to train your model and then test that it’s working properly. And so that’s what our students can do. Just to give you an idea of how far we’ve come along, before we had the AI Makerspace, our students were relying largely on something called Google CoLab. CoLab is Google making some compute resources freely accessible for use. They’re really giving to us the resources they don’t use or don’t sell to their be clients. So it’s like the crumbs that remain.

“It’s very nice of them [Google] to do that, but you could only work with very [limited resources], say for training on something like 12,000 images. Now you can, for instance, train a generative model on a data set with like one million images. So you can really scale up by orders of magnitude. And then you can start generating these photo-realistic pictures that you could not generate before. That’s the most visual example I can give you.”

Can you tell me a little bit about the genAI projects the students are working on? How good is the technology at producing the results they want? “It’s a complicated question to answer. I mean, it has many layers. We’ve just launched it, like literally, the AI Makerspace was open officially two weeks ago. So right now it’s really used at scale in the classroom. The students in that class are learning how to do machine learning. [The students] have to get the data. [They] have to learn how to train a model. The students have homework projects, which consists of this fairly sophisticated model that they have to train, and that they have to test.

“Now we have a vision beyond that, what we call phase two of the Makerspace. We’re doubling the compute capacity. The idea now is that we’re going to open that to senior design projects. We’re gonna open that to something we call vertically integrated projects, in which are students essentially doing long-term research with faculty advisors over multiple years. Our students are going to do many things — certainly all of [the] engineering [school].

“We’ve given incentives to a lot of faculty to create a lot of new courses throughout the College of Engineering for AI and ML for what matters to their field. For instance, if you’re an electrical engineer, there’s a lot of hardware to it, you know you have a model for that. How do you make the model smaller so that you can put it in hardware? That’s one very tangible question that the students would ask. But if they’re, say, mechanical engineers, they might use it differently.  Maybe for them what generative AI could do is help them generate 3D models, think about structures that they would not think about naturally. And you can decline that model. The Makerspace is a massive tool. But how the tool is used is really a function of the specific domain. The goal, of course, is for Makerspace to be available beyond engineering.

“It’s already being used by our College of Computing, and we’re hoping that our co colleagues in, say, the College of Business will see the value, because they haven’t used AI yet — perhaps for financial models, predicting whether to sell or buy a stock. I think the sky is a limit. There’s no one use of AI through Makerspace. It’s an infrastructure that provides the tools. And then these tools find declinations in all different areas of expertise.”

Why is it important to have this technology at the school for students to learn about AI? “The way we’ve come to articulate this is as follows: We’re not deliverers in doomsday scenarios, where AI is going to generate terminators that are going to eradicate humanity. Okay, that’s not how we’re thinking about it.

“AI is definitely going to change things. And we think that AI is certainly going to displace a few people. I think the humans enhanced by AI will start displacing humans who don’t use AI.

“I think the way a lot of the discussion has been shaped since ChatGPT was released to the world, in universities there’s sometimes a lot of fear. Are students cheating on their essays? Are students cheating on this cheating on that? I had these discussions with my colleagues in computing. We have an intro to computing class, where they’re cheating to write their code, which I think is not the right approach to it. But, the devil is out of the box. It’s a tool that’s here, and we have to learn how to use it.

“If I can give you my best analogy: I drive my car. I don’t know how my car really works. I mean, I was never a mechanical or electrical engineer. I sort of know what it takes [for a car to run], but I’m unable to fix it. But that doesn’t mean I can’t drive it. And I think we’re at that stage with AI tools, where one needs to know how to use them because you don’t want to be the person riding a bicycle when everybody else has a car.

“Not everyone needs to be a mechanic, but everyone needs a car. And so I think we want every student at Georgia Tech to know how to use AI, and what that means for them would be different depending on their specialty, their major. But these are tools, and you need to have played with them to really start mastering them.”

In what way has AI expanded Georgia Tech’s curriculum? “We were lucky in the sense that [we’re] building that infrastructure from new. But thinking about AI, Georgia Tech has been doing it for decades. Our faculty is very research focused. They do state-of-the-art research and AI…was always there in the background — the roots of AI. We had a lot of colleagues who actually were doing machine learning without saying it in these terms.

“Then when deep learning started appearing, people were ready to grasp that. So, we were already thinking about doing it in the labs, and the integration in the curriculum was already slowly happening. And so what we decided to do was to accelerate that so the Makerspace…accelerates the other mechanisms we’ve had to give incentives to faculty, to rethink the curriculum with AI and Ml in mind.”

So what AI courses have you launched? “I can give you two examples that we’ve launched, which are, you know, very new. But I I think I’ve been quite successful already. One is we’ve officially launched an AI minor.

“The great thing about this AI minor [is that it] is a way for students to take a series of courses with a coherent and unified team, and they get credit for that on their diploma and their transcript. This minor was designed as a collaboration right now between the College of Engineering and the College of Liberal Arts.

“Then we have the ethics and policy piece. Students need to take a specially designed course on AI Ethics and AI policy. We’re thinking very holistically. AI is a technology play, but if you just train engineers to do the technology piece alone, maybe then the doomsday-Terminator scenario is a likely outcome.

“We want our students to think about the use of AI because it’s technology that can have many uses [and problems associated with it]. We talk about deep fakes. We’re worried about it for all sorts of political reasons.

“The other thing we’ve done in the College of Engineering is essentially incentivized faculty to create new undergraduate courses related to AI and ML but relevant to their own disciplines. I literally [just made the announcement] and the has college approved 10 new courses or significantly revamped courses. So, what that means is that we have courses on machine learning for smart cities, civil environmental engineering, and a course in chemical processes in chemical and bioengineering, where they’re using AI and ML for completely different things. That’s how we’re thinking of AI. It’s a tool. So the courses need to embrace that tool.”

Are students already using genAI to assist in creating applications — so software engineering and development? “Officially or unofficially? I don’t have a good answer, because the truth is, I don’t know. But what I know is that our students are using it with or without us. You know they are using generative AI because I’m willing to bet they all have a subscription to ChatGPT.

“Now in the context of the Makerspace, this is a resource you can start doing all sorts of things. Our students are using it to write lines of code absolutely.”

So what would you say is the most popular use right now of the AI Makerspace? “We haven’t officially launched it at scale for very long, so I can’t attest to that. It’s been used largely in the classroom setting for the kind of homework students could not even dream of doing before.

“We’re going to launch it and use it over the summer for an entrepreneurship program called Create X, that students can use to take ideas and go through prototype and potentially think about building startups out of these. So that’s going to be primary use over the summer, and we’re testing it over these few weeks in the context of a hackathon in partnership with Nvidia, where teams come with big problems that they want to solve. And we want to accelerate their science, to use Nvidia’s words, to by teaching them how to use that Makerspace.”

CPUs and Processors, Education Industry, Generative AI, Natural Language Processing

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian Newsroomhttp://www.blogger.com/profile/[email protected]

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the Newsroomhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with