Kategorie

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322 (CVSS score: 8.8), "involves the use of promise objects and lazy evaluation in R," AI applicationNewsroomhttp://www.blogger.com/profile/[email protected]

A lot has changed regarding built-in backup and recovery tools in Windows 11. Enough so, in fact, that it’s not an exaggeration to talk about a new approach to handling system backup and restore, as well as system repair and recovery.

That’s why the title for this article uses the “P-word” (paradigm). This a term much-beloved in the USA in the 1970s and ’80s, plucked from Thomas Kuhn’s The Structure of Scientific Revolutions (1972) to explain how and why radical changes happen in science.

Indeed, a list of what’s new in Windows 11 by way of backup and recovery helps set the stage for considering a veritable paradigm shift inside this latest desktop OS version:

• The Windows Backup app, which replaces the obsolete “Backup and Restore (Windows 7) utility,” still present in Windows 10 but absent in Windows 11
• A revamped approach inside Settings > System > Recovery, which now includes both “Fix problems using Windows Update” and “Reset this PC” options to attempt repairs to an existing OS or reinstall Windows 11 from scratch, respectively

If these elements are combined with proper use of OneDrive, they can cover the gamut of Windows backup, restore, repair, and recovery tasks. Remarkable!

Defining key R-words: Repair, Restore, Recovery, and Reset

Before we dig into the details, it’s important to define these “R-words” so that what Microsoft is doing with Windows 11 backup and recovery options makes sense.

• Repair: Various methods for fixing Windows problems or issues that arise from a working but misbehaving OS or PC. For what it’s worth, this term encompasses the “Fix problems without resetting your PC” button in Settings > System > Recovery shown in Figure 1; it calls the native, built-in Windows 11 Get Help facility.

Figure 1: Although it’s labeled Recovery, this Windows 11 Settings pane shows Reset explicitly and Repair implicitly.

Ed Tittel / IDG

• Restore: This is usually defined as putting things back the way they were when a particular backup was made. It is NOT shown in Figure 1, though you can get to a set of Windows Backup data that provides restore information through Advanced startup and through other means.
• Recovery: Though it has a general meaning, Microsoft tends to view Recovery as a set of operations that enables access to a non-booting Windows PC, either to replace its boot/system image (“Reset this PC” in Figure 1 — see next item) or to boot to alternate media or the Windows Recovery environment, a.k.a. WinRE (“Advanced startup” in Figure 1) to attempt less drastic repairs: reboot from external media, attempt boot or partition repairs, replace corrupted system files, and a great deal more.
• Reset: Remove the current disk structure on the system/boot drive with a new structure and a fresh, new Windows 11 install, keeping or discarding personal files (but not applications) as you choose.

All of the preceding R-words are intertwined. And Restore is closely related to Backup — that is, one must first perform a backup so that one has something to restore later on.

Introducing Windows Backup

If you type “Windows Backup” into the Windows 11 Start menu’s search box for versions 23H2 or later (publicly released October 31, 2023), you should see something like Figure 2 pop up:

Figure 2: Introducing Windows Backup in Windows 11 23H2.

Ed Tittel / IDG

This simply shows the Start menu entry for the Windows Backup app, which I’ll abbreviate as WB (with apologies to Warner Brothers). Interestingly enough, WB is not packaged as an app with an MSIX file, nor is it available through the Windows Store. Its setup options when launched tell you most of what you need to know, shown in Figure 3. The rest becomes clear as you drill down into its various subheadings, as I’ll explain soon.

Figure 3: The various Windows Backup options/selections let you protect/copy folders, apps, settings, and credentials. That’s about everything!

Ed Tittel / IDG

By default, here’s how things shake out in WB:

• Folders covers the Desktop, Documents, Pictures, Videos, and Music items (a.k.a. “Library folders”) from the logged-in user’s file hierarchy. On first run, you may use a toggle to turn backup on or off. (Note: a valid Microsoft Account, or MSA, with sufficient available OneDrive storage is required to make use of WB.)
• Apps covers both old-style .exe apps and newer MSIX apps (like those from the Microsoft Store). It will also capture and record app preferences, settings, and set-up information. This is extremely important, because it provides a way to get back apps and applications, and related configuration data, if you perform a “Reset this PC” operation on the Recovery pane shown in Figure 1 above.
• Settings covers a bunch of stuff. That’s no surprise, given the depth and breadth of what falls under Settings’ purview in Windows, including: accessibility, personalization, language preferences and dictionary, and other Windows settings.
• Credentials covers user account info, Wi-Fi info (SSIDs, passwords, etc.), and passwords. This handles all the keys needed to get into apps, services, websites, and so forth should you ever perform a restore operation.

Once you’ve made your folder selections and turned everything on, Windows Backup is ready to go. All you need to do is hit the Back up button at the bottom right in Figure 3, and your first backup will be underway. The first backup may take some time to complete, but when it’s finished you’ll see status info at the top of the Windows Backup info in Settings > Accounts > Windows backup, as shown in Figure 4.

Figure 4: Status information for WB appears under Settings > Accounts > Windows backup (credentials do get backed up but are not called out).

Ed Tittel / IDG

Please note again that all backed up files and information go to OneDrive. Thus, internet and OneDrive access are absolutely necessary for Windows Backup to make backup snapshots and for you to be able to access them for a restore (or new install) when they’re needed. This has some interesting wrinkles, as I’ll explain next.

The Microsoft support page “Getting the most out of your PC backup” explains Windows Backup as follows:

Your Microsoft account ties everything together, no matter where you are or what PC you’re using. This means your personalized settings will be remembered with your account, and your files are accessible from any device. You can unlock premium features like more cloud storage, ongoing technical support, and more, by purchasing a Microsoft 365 subscription for your account.

That same document also cites numerous benefits, including:

• easy, secure access to files and data anywhere via OneDrive
• simple transfer to a new PC as and when desired
• protection “if anything happens to your PC” without losing precious files

This is why Windows Backup and the other tools offer a new backup paradigm in Windows 11. Used together through a specific MSA, you can move to a new PC when you want to, or get your old one back when you need to.

The restore process, WB-style

Microsoft has a support note that explains and describes WB, including initial setup, regular use, and how to restore. This last topic, entitled “How do I restore the backup?” is not just the raison d’être for backup, it’s also well worth reading closely (perhaps more than once).

Let me paraphrase and comment on that document’s contents. Backup makes itself available whenever you work on a new PC, or when you need to reinstall Windows, as you are setting it up. Once you log in with the same MSA to which the backup belongs, it will recognize that backups for the account are available to you, and the tool will interject itself into the install process to ask if there’s a backup you would like to restore. This dialog is depicted in Figure 5.

Figure 5: Once logged into an MSA, the Windows installer will offer to restore backup it keeps for that account to the current target PC.

Ed Tittel / IDG

For users with multiple PCs (and backups) the More options link at center bottom takes you to a list of options, from which you can choose the one you want. Once you’ve selected a backup, the Windows installer works with WB to copy its contents into the install presently underway. As Microsoft puts it, “When you get to your desktop everything will be right there waiting for you.”

I chose a modestly complex backup from which to restore my test virtual machine; it took less than 2 minutes to complete. That’s actually faster than my go-to third-party backup software, Macrium Reflect — but it occurs in the context of overall Windows 11 installation, so the overall time period required is on par (around 7 minutes, or 9 minutes including initial post login setup).

WB comes with a catch, however…

You’d think that capturing all the app info would mean that apps and applications would show up after a restore, ready to run. Not so. Look at Figure 6, which shows the Start menu entries for CrystalDiskInfo (a utility I install as a matter of course on my test and production PCs to measure local disk performance).

Figure 6: Instead of a pointer to the actual CrystalDiskInfo apps (32- & 64-bits), there’s an “Install” pointer!

Ed Tittel / IDG

Notice the Install link underneath the 32- and 64-bit versions. And indeed, I checked all added apps and applications I had installed on the backup source inside the restored version and found the same thing.

Here’s the thing: Windows Backup makes it easy to bring apps and applications back, but it does take some time and effort. You must work through the Start menu, downloading and installing each app, to return them to working order. That’s not exactly what I think a restore operation should be. IMO, a true restore brings everything back the way it was, ready to run and use as it was when the backup was made.

WB and the OneDrive limitation

There’s another potential catch when using WB for backup and restore. It won’t affect most users. But those who, like me, use a single MSA on multiple test and production machines must consider what adding WB into the mix means.

OneDrive shares MSA-related files across multiple PCs by design and default. WB saves backups on a per-PC basis. Thus, you must think and use the More options link in Figure 5 when performing a WB restore to select the latest snapshot from a specific Windows PC. If you’re restoring the same PC to itself, so to speak, click Restore from this PC (Figure 5, lower right) instead.

Overall, Windows Backup is a great concept and does make it easy to maintain system snapshots. The restore operation is incomplete, however, as I just explained. Now, let’s move onto Windows Repair, via the “Reinstall now” option shown in Figure 1 (repeated below in Figure 7).

More about “Reset this PC” and Windows repair

Looking back at Figure 1 (or below to Figure 7) you can see that “Reset this PC” is labeled as a Recovery option, along with other recovery options called “Fix problems…” above. The idea is that Reset this PC is an option of last resort, because it wipes out the existing disk image and replace it with a fresh, clean, new one. WB then permits admins or power users to draw from a WB backup for a specific PC in the cloud to restore some existing Windows setup — or not, perhaps to clean up the PC for handoff to another user or when preparing it for surplus sell-off or donation.

Figure 7: Recovery options include two “Fix problems…” options and “Reset PC.”

Ed Tittel / IDG

As described earlier in this article, “Fix problems without resetting your PC” provides access to Windows 11’s built-in “Get Help” troubleshooters, while the “Reinstall now” option provides the focus for the next section. All this said, “Reset this PC” provides a fallback option when the current Windows install is not amenable to those other repair techniques.

Using Windows Update to perform a repair install

Earlier this year, Microsoft introduced a new button into its Settings > System > Recovery environment in Windows 11 23H2. As shown in Figure 7 above, that button is labeled “Reinstall now” and accompanies a header that reads “Fix problems using Windows Update.” It, too, comes with interesting implications. Indeed, it’s a giant step forward for Windows repair and recovery.

What makes the “Reinstall now” button so interesting is that is shows Microsoft building into Windows itself a standard OS repair technique that’s been practiced since Windows 10 came along in late July 2015: a “repair install” or “in-place upgrade install,” which overwrites the OS files while leaving user files, apps, and many settings and preferences in place.  (See my 2018 article “How to fix Windows 10 with an in-place upgrade install” for details on how the process works and the steps involved to run such an operation manually.)

But there’s more: Windows 11’s “Reinstall now” button matches the reinstall image to whatever Windows edition, version and build it finds running on the target PC when invoked. That means behind the scenes, Microsoft is doing the same work UUP dump does to create Windows ISOs for specific Windows builds. This is quite convenient, because Windows Recovery identifies what build to reinstall, and then creates and installs a matching Windows image.

Indeed, this process takes time, because it starts with the current base for some Windows feature release (e.g., 22H2 or 23H2), then performs all necessary image manipulations to fold in subsequent updates, patches, fixes and so on. For that reason, it can take up to an hour for such a reinstall to complete on a Windows 11 PC, whereas running “setup.exe” from a mounted ISO from the Download Windows 11 page often completes in 15 minutes or less. But then, of course, you’d have to run all outstanding updates to catch Windows up to where you want it to be. That’s why there’s a time differential.

Bottom line: the new “Reinstall now” button in Windows 23H2 makes performing an in-place upgrade repair install dead simple, saving users lots of foreknowledge, thought, and effort.

If everything works, the new paradigm is golden

WB used in conjunction with MSA and OneDrive is about as simple and potentially foolproof as backup and restore get.

Do I think this new paradigm of using WB along with OneDrive, installer changes, and so forth works to back up and restore Windows 11? Yes, I do — and probably most of the time. Am I ready to forgo other forms of backup and restore to rely on WB and its supporting cast alone? By no means! I find that third-party image backup software is accurate, reliable, and speedy when it comes to backing up and restoring Windows PCs, including running versions of all apps and applications.

In a recent test of the “Reinstall now” button from Settings > Recovery in Windows 11, it took 55 minutes for that process to complete for the then-current windows image. I also used WB to restore folders, apps, settings, and credentials. That took at least another 2-3 minutes, but left pointers to app and application installers, with additional effort needed to download and reinstall those items. (This takes about 1 hour for my usual grab-bag of software programs.)

Using my favorite image backup and recovery tool, Macrium Reflect, and booting from its Rescue Media boot USB flash drive, I found and restored the entire C: drive on a test PC in under 7 minutes. This let me pick a backup from any drive on the target PC (or my network), replaced all partitions on the system/boot disk (e.g., EFI, MSR, C:\Windows, and WinRE), and left me with a complete working set of applications. I didn’t need internet access, an MSA, or OneDrive storage to run that restore, either.

Worth having, but not exclusively

Microsoft has made big and positive changes to its approach to backup and recovery. Likewise for repair, with the introduction of the “Reinstall now” button that gets all files from Windows Update. These capabilities are very much worth having, and worth using.

But these facilities rely on the Microsoft Windows installer to handle PC access and repair. They also proceed from an optimistic assumption that admins or power users can get machines working so that a successful MSA login drives the restore process from OneDrive in the cloud to proceed. When it works, that’s great.

But, given the very real possibility that access issues, networking problems, or other circumstances outside the installer’s control might present, I believe other backup and restore options remain necessary. As the saying goes, “You can never have too many backups.”

Thus, I’m happily using WB and ready to restore as the need presents. But I’m not abandoning Macrium Reflect with its bootable repair disk, backup file finder, boot repair capabilities, and so forth. That’s because I don’t see the WB approach as complete or always available.

You are free, of course, to decide otherwise (but I’d recommend against that). And most definitely the new WB approach, the new in-place repair facility, and “reset this PC” all have a place in the recovery and repair toolbox. Put them to work for you!

Backup and Recovery, Windows, Windows 11

Like many universities, Georgia Tech has been grappling with how to offer students the training they need to prepare them for a recent sea change in IT job markets — the arrival of generative AI (genAI).

Through a partnership with chipmaker Nvidia, Georgia Tech’s College of Engineering built a supercomputer dubbed AI Makerspace; it uses 20 Nvidia HGX H100 servers powered by 160 Nvidia H100 Tensor Core GPUs (graphics processing units).

Those GPUs are powerful — a single Nvidia H100 GPU would need just one second to handle a multiplication operation that would take the school’s 50,000 students 22 years to achieve. So, 160 of those GPUs give students and professors access to advanced genAI, AI and machine learning creation and training. (The move also spurred Georgia Tech to offer new AI-focused courses and minors.

Announced two weeks ago, the AI Makerspace supercomputer will initially be used by Georgia Tech’s engineering undergraduates. But it’s expected to eventually democratize access to computing resources typically prioritized for research across all colleges.

Computerworld spoke with Matthieu Bloch, the associate dean for academics at Georgia Tech’s College of Engineering, about how the new AI supercomputer will be used to train a new generation of AI experts.

The following are excerpts from that interview:

Tell me about the Makerspace project and how it came to be? “The Makerspace is really the vision of our dean, Raheem Beyah, and the school chair of Electrical and Computer Engineering (ECE), Arijit Raychowdhury, who really wanted to put AI in the hands of our students.

“In 2024 — in the post ChatGPT world — things are very different from the pre-ChatGPT world. We need a lot of computing power to do anything that’s meaningful and relevant to industry. And in a way, the devil is out of the box. People see what AI can do. But I think to get to that level of training, you need infrastructure.

Makerspace’s Nvidia H100 Tensor Core GPUs

Georgia Tech College of Engineering

“The name Makerspace also comes from this culture we have at Georgia Tech of these maker spaces, which are places where our students get to tinker, both within the classroom and outside the classroom. The Makerspace was the idea to bring the tools that you need to do AI in a way that’s relevant to do meaningful things today. So, right now, where we’re at is we’ve partnered Nvidia to essentially offer to students a supercomputer. I mean, that’s what it is.

“What makes it unique is that it’s meant for supporting students. And right now it’s in the classroom. We’re still rolling it out. We’re in phase one. So, the idea is that the students in the classroom can work on AI projects that are meaningful to industry — problems that are interesting, you know, from a pedagogical perspective, but they don’t mean a whole lot in an industry setting.”

Tell me a bit about the projects they’ve been working on with this. “I can give you a very concrete example. ChatGPT is a very typical, a very specific form of AI called generative AI. You know, it’s able to generate. In the case of ChatGPT, [that means] text in response to prompts. You might have seen a generative model that generates pictures. I think these were very popular and whatnot. And so these are the kind of things our students can do right now, …generate anything that would be, say, photo realistic.

“You need a pretty hefty computing power to train your model and then test that it’s working properly. And so that’s what our students can do. Just to give you an idea of how far we’ve come along, before we had the AI Makerspace, our students were relying largely on something called Google CoLab. CoLab is Google making some compute resources freely accessible for use. They’re really giving to us the resources they don’t use or don’t sell to their be clients. So it’s like the crumbs that remain.

“It’s very nice of them [Google] to do that, but you could only work with very [limited resources], say for training on something like 12,000 images. Now you can, for instance, train a generative model on a data set with like one million images. So you can really scale up by orders of magnitude. And then you can start generating these photo-realistic pictures that you could not generate before. That’s the most visual example I can give you.”

Can you tell me a little bit about the genAI projects the students are working on? How good is the technology at producing the results they want? “It’s a complicated question to answer. I mean, it has many layers. We’ve just launched it, like literally, the AI Makerspace was open officially two weeks ago. So right now it’s really used at scale in the classroom. The students in that class are learning how to do machine learning. [The students] have to get the data. [They] have to learn how to train a model. The students have homework projects, which consists of this fairly sophisticated model that they have to train, and that they have to test.

“Now we have a vision beyond that, what we call phase two of the Makerspace. We’re doubling the compute capacity. The idea now is that we’re going to open that to senior design projects. We’re gonna open that to something we call vertically integrated projects, in which are students essentially doing long-term research with faculty advisors over multiple years. Our students are going to do many things — certainly all of [the] engineering [school].

“We’ve given incentives to a lot of faculty to create a lot of new courses throughout the College of Engineering for AI and ML for what matters to their field. For instance, if you’re an electrical engineer, there’s a lot of hardware to it, you know you have a model for that. How do you make the model smaller so that you can put it in hardware? That’s one very tangible question that the students would ask. But if they’re, say, mechanical engineers, they might use it differently.  Maybe for them what generative AI could do is help them generate 3D models, think about structures that they would not think about naturally. And you can decline that model. The Makerspace is a massive tool. But how the tool is used is really a function of the specific domain. The goal, of course, is for Makerspace to be available beyond engineering.

“It’s already being used by our College of Computing, and we’re hoping that our co colleagues in, say, the College of Business will see the value, because they haven’t used AI yet — perhaps for financial models, predicting whether to sell or buy a stock. I think the sky is a limit. There’s no one use of AI through Makerspace. It’s an infrastructure that provides the tools. And then these tools find declinations in all different areas of expertise.”

Why is it important to have this technology at the school for students to learn about AI? “The way we’ve come to articulate this is as follows: We’re not deliverers in doomsday scenarios, where AI is going to generate terminators that are going to eradicate humanity. Okay, that’s not how we’re thinking about it.

“AI is definitely going to change things. And we think that AI is certainly going to displace a few people. I think the humans enhanced by AI will start displacing humans who don’t use AI.

“I think the way a lot of the discussion has been shaped since ChatGPT was released to the world, in universities there’s sometimes a lot of fear. Are students cheating on their essays? Are students cheating on this cheating on that? I had these discussions with my colleagues in computing. We have an intro to computing class, where they’re cheating to write their code, which I think is not the right approach to it. But, the devil is out of the box. It’s a tool that’s here, and we have to learn how to use it.

“If I can give you my best analogy: I drive my car. I don’t know how my car really works. I mean, I was never a mechanical or electrical engineer. I sort of know what it takes [for a car to run], but I’m unable to fix it. But that doesn’t mean I can’t drive it. And I think we’re at that stage with AI tools, where one needs to know how to use them because you don’t want to be the person riding a bicycle when everybody else has a car.

“Not everyone needs to be a mechanic, but everyone needs a car. And so I think we want every student at Georgia Tech to know how to use AI, and what that means for them would be different depending on their specialty, their major. But these are tools, and you need to have played with them to really start mastering them.”

In what way has AI expanded Georgia Tech’s curriculum? “We were lucky in the sense that [we’re] building that infrastructure from new. But thinking about AI, Georgia Tech has been doing it for decades. Our faculty is very research focused. They do state-of-the-art research and AI…was always there in the background — the roots of AI. We had a lot of colleagues who actually were doing machine learning without saying it in these terms.

“Then when deep learning started appearing, people were ready to grasp that. So, we were already thinking about doing it in the labs, and the integration in the curriculum was already slowly happening. And so what we decided to do was to accelerate that so the Makerspace…accelerates the other mechanisms we’ve had to give incentives to faculty, to rethink the curriculum with AI and Ml in mind.”

So what AI courses have you launched? “I can give you two examples that we’ve launched, which are, you know, very new. But I I think I’ve been quite successful already. One is we’ve officially launched an AI minor.

“The great thing about this AI minor [is that it] is a way for students to take a series of courses with a coherent and unified team, and they get credit for that on their diploma and their transcript. This minor was designed as a collaboration right now between the College of Engineering and the College of Liberal Arts.

“Then we have the ethics and policy piece. Students need to take a specially designed course on AI Ethics and AI policy. We’re thinking very holistically. AI is a technology play, but if you just train engineers to do the technology piece alone, maybe then the doomsday-Terminator scenario is a likely outcome.

“We want our students to think about the use of AI because it’s technology that can have many uses [and problems associated with it]. We talk about deep fakes. We’re worried about it for all sorts of political reasons.

“The other thing we’ve done in the College of Engineering is essentially incentivized faculty to create new undergraduate courses related to AI and ML but relevant to their own disciplines. I literally [just made the announcement] and the has college approved 10 new courses or significantly revamped courses. So, what that means is that we have courses on machine learning for smart cities, civil environmental engineering, and a course in chemical processes in chemical and bioengineering, where they’re using AI and ML for completely different things. That’s how we’re thinking of AI. It’s a tool. So the courses need to embrace that tool.”

Are students already using genAI to assist in creating applications — so software engineering and development? “Officially or unofficially? I don’t have a good answer, because the truth is, I don’t know. But what I know is that our students are using it with or without us. You know they are using generative AI because I’m willing to bet they all have a subscription to ChatGPT.

“Now in the context of the Makerspace, this is a resource you can start doing all sorts of things. Our students are using it to write lines of code absolutely.”

So what would you say is the most popular use right now of the AI Makerspace? “We haven’t officially launched it at scale for very long, so I can’t attest to that. It’s been used largely in the classroom setting for the kind of homework students could not even dream of doing before.

“We’re going to launch it and use it over the summer for an entrepreneurship program called Create X, that students can use to take ideas and go through prototype and potentially think about building startups out of these. So that’s going to be primary use over the summer, and we’re testing it over these few weeks in the context of a hackathon in partnership with Nvidia, where teams come with big problems that they want to solve. And we want to accelerate their science, to use Nvidia’s words, to by teaching them how to use that Makerspace.”

CPUs and Processors, Education Industry, Generative AI, Natural Language Processing

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian Newsroomhttp://www.blogger.com/profile/[email protected]

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the Newsroomhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with Newsroomhttp://www.blogger.com/profile/[email protected]

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked Newsroomhttp://www.blogger.com/profile/[email protected]

Lambert Rosique and Jan Keller, Security Workflow Automation, and Diana Kramer, Alexandra Bowen and Andrew Cho, Privacy and Security Incident Response
Introduction

As security professionals, we're constantly looking for ways to reduce risk and improve our workflow's efficiency. We've made great strides in using AI to identify malicious content, block threats, and discover and fix vulnerabilities. We also published the Secure AI Framework (SAIF), a conceptual framework for secure AI systems to ensure we are deploying AI in a responsible manner. 

Today we are highlighting another way we use generative AI to help the defenders gain the advantage: Leveraging LLMs (Large Language Model) to speed-up our security and privacy incidents workflows.

Incident management is a team sport. We have to summarize security and privacy incidents for different audiences including executives, leads, and partner teams. This can be a tedious and time-consuming process that heavily depends on the target group and the complexity of the incident. We estimate that writing a thorough summary can take nearly an hour and more complex communications can take multiple hours. But we hypothesized that we could use generative AI to digest information much faster, freeing up our incident responders to focus on other more critical tasks - and it proved true. Using generative AI we could write summaries 51% faster while also improving the quality of them. 

Our incident response approach

When suspecting a potential data incident, for example,we follow a rigorous process to manage it. From the identification of the problem, the coordination of experts and tools, to its resolution and then closure. At Google, when an incident is reported, our Detection & Response teams work to restore normal service as quickly as possible, while meeting both regulatory and contractual compliance requirements. They do this by following the five main steps in the Google incident response program:

1. Identification: Monitoring security events to detect and report on potential data incidents using advanced detection tools, signals, and alert mechanisms to provide early indication of potential incidents.

2. Coordination: Triaging the reports by gathering facts and assessing the severity of the incident based on factors such as potential harm to customers, nature of the incident, type of data that might be affected, and the impact of the incident on customers. A communication plan with appropriate leads is then determined.

3. Resolution: Gathering key facts about the incident such as root cause and impact, and integrating additional resources as needed to implement necessary fixes as part of remediation.

4. Closure: After the remediation efforts conclude, and after a data incident is resolved, reviewing the incident and response to identify key areas for improvement.

5. Continuous improvement: Is crucial for the development and maintenance of incident response programs. Teams work to improve the program based on lessons learned, ensuring that necessary teams, training, processes, resources, and tools are maintained.

Google’s Incident Response Process diagram flow

Leveraging generative AI 

Our detection and response processes are critical in protecting our billions of global users from the growing threat landscape, which is why we’re continuously looking for ways to improve them with the latest technologies and techniques. The growth of generative AI has brought with it incredible potential in this area, and we were eager to explore how it could help us improve parts of the incident response process. We started by leveraging LLMs to not only pioneer modern approaches to incident response, but also to ensure that our processes are efficient and effective at scale. 

Managing incidents can be a complex process and an additional factor is effective internal communication to leads, executives and stakeholders on the threats and status of incidents. Effective communication is critical as it properly informs executives so that they can take any necessary actions, as well as to meet regulatory requirements. Leveraging LLMs for this type of communication can save significant time for the incident commanders while improving quality at the same time.

Humans vs. LLMs

Given that LLMs have summarization capabilities, we wanted to explore if they are able to generate summaries on par, or as well as humans can. We ran an experiment that took 50 human-written summaries from native and non-native English speakers, and 50 LLM-written ones with our finest (and final) prompt, and presented them to security teams without revealing the author.

We learned that the LLM-written summaries covered all of the key points, they were rated 10% higher than their human-written equivalents, and cut the time necessary to draft a summary in half. 

Comparison of human vs LLM content completeness

Comparison of human vs LLM writing styles

Managing risks and protecting privacy

Leveraging generative AI is not without risks. In order to mitigate the risks around potential hallucinations and errors, any LLM generated draft must be reviewed by a human. But not all risks are from the LLM -  human misinterpretation of a fact or statement generated by the LLM can also happen. That is why it’s important to ensure there is human accountability, as well as to monitor quality and feedback over time. 

Given that our incidents can contain a mixture of confidential, sensitive, and privileged data, we had to ensure we built an infrastructure that does not store any data. Every component of this pipeline - from the user interface to the LLM to output processing - has logging turned off. And, the LLM itself does not use any input or output for re-training. Instead, we use metrics and indicators to ensure it is working properly. 

Input processing

The type of data we process during incidents can be messy and often unstructured: Free-form text, logs, images, links, impact stats, timelines, and code snippets. We needed to structure all of that data so the LLM “knew” which part of the information serves what purpose. For that, we first replaced long and noisy sections of codes/logs by self-closing tags (<Code Section/> and <Logs/>) both to keep the structure while saving tokens for more important facts and to reduce risk of hallucinations.

During prompt engineering, we refined this approach and added additional tags such as <Title>, <Actions Taken>, <Impact>, <Mitigation History>, <Comment> so the input’s structure becomes closely mirrored to our incident communication templates. The use of self-explanatory tags allowed us to convey implicit information to the model and provide us with aliases in the prompt for the guidelines or tasks, for example by stating “Summarize the <Security Incident>”.

Sample {incident} input

Prompt engineering

Once we added structure to the input, it was time to engineer the prompt. We started simple by exploring how LLMs can view and summarize all of the current incident facts with a short task:

Caption: First prompt version

Limits of this prompt:

• The summary was too long, especially for executives trying to understand the risk and impact of the incident

• Some important facts were not covered, such as the incident’s impact and its mitigation

• The writing was inconsistent and not following our best practices such as “passive voice”, “tense”, “terminology” or “format”

• Some irrelevant incident data was being integrated into the summary from email threads

• The model struggled to understand what the most relevant and up-to-date information was

For version 2, we tried a more elaborate prompt that would address the problems above: We told the model to be concise and we explained what a well-written summary should be: About the main incident response steps (coordination and resolution).

Second prompt version

Limits of this prompt:

• The summaries still did not always succinctly and accurately address the incident in the format we were expecting

• At times, the model lost sight of the task or did not take all the guidelines into account

• The model still struggled to stick to the latest updates

• We noticed a tendency to draw conclusions on hypotheses with some minor hallucinations

For the final prompt, we inserted 2 human-crafted summary examples and introduced a <Good Summary> tag to highlight high quality summaries but also to tell the model to immediately start with the summary without first repeating the task at hand (as LLMs usually do).

Final prompt

This produced outstanding summaries, in the structure we wanted, with all key points covered, and almost without any hallucinations.

Workflow integration

In integrating the prompt into our workflow, we wanted to ensure it was complementing the work of our teams, vs. solely writing communications. We designed the tooling in a way that the UI had a ‘Generate Summary’ button, which would pre-populate a text field with the summary that the LLM proposed. A human user can then either accept the summary and have it added to the incident, do manual changes to the summary and accept it, or discard the draft and start again. 

UI showing the ‘generate draft’ button and LLM proposed summary around a fake incident 

Quantitative wins

Our newly-built tool produced well-written and accurate summaries, resulting in 51% time saved, per incident summary drafted by an LLM, versus a human.

Time savings using LLM-generated summaries (sample size: 300)

The only edge cases we have seen were around hallucinations when the input size was small in relation to the prompt size. In these cases, the LLM made up most of the summary and key points were incorrect. We fixed this programmatically: If the input size is smaller than 200 tokens, we won’t call the LLM for a summary and let the humans write it. 

Evolving to more complex use cases: Executive updates

Given these results, we explored other ways to apply and build upon the summarization success and apply it to more complex communications. We improved upon the initial summary prompt and ran an experiment to draft executive communications on behalf of the Incident Commander (IC). The goal of this experiment was to ensure executives and stakeholders quickly understand the incident facts, as well as allow ICs to relay important information around incidents. These communications are complex because they go beyond just a summary - they include different sections (such as summary, root cause, impact, and mitigation), follow a specific structure and format, as well as adhere to writing best practices (such as neutral tone, active voice instead of passive voice, minimize acronyms).

This experiment showed that generative AI can evolve beyond high level summarization and help draft complex communications. Moreover, LLM-generated drafts, reduced time ICs spent writing executive summaries by 53% of time, while delivering at least on-par content quality in terms of factual accuracy and adherence to writing best practices. 

What’s nextWe're constantly exploring new ways to use generative AI to protect our users more efficiently and look forward to tapping into its potential as cyber defenders. For example, we are exploring using generative AI as an enabler of ambitious memory safety projects like teaching an LLM to rewrite C++ code to memory-safe Rust, as well as more incremental improvements to everyday security workflows, such as getting generative AI to read design documents and issue security recommendations based on their content.

V pondělí 26. dubna 1999 svět poprvé ucítil sílu destruktivního viru označeného jako CIH. Veřejnost jej však rychle překřtila na Černobyl, protože útočil v den výročí havárie stejnojmenné jaderné elektrárny. CIH dodnes patří mezi nejznámější ničivé viry. Díky chytlavé přezdívce, rozsahu útoku i ...

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,Newsroomhttp://www.blogger.com/profile/[email protected]

Dropbox now offers end-to-end encryption and key management for customers on certain paid plans, part of a range of updates to the file sharing application announced this week. 

Customers files are already encrypted “at rest” using 256-bit Advanced Encryption Standards, said Dropbox, but the end-to-end encryption integrated into team folders offers an added layer of security. 

The change means that only the sender and recipient can access content, with “not even Dropbox” able to view customers files, the company said in a blog post Wednesday. 

Dropbox said it will also provide customers with access to encryption keys, managed by FIPS 140-2 Level 3 key management services.

Information on how to activate and manage team folder encryption is available on the Dropbox website. The company warned that end-to-end encryption restricts certain features in the app, such as the ability to share files with users outside of a team, and might not be suitable for all files stored in a Dropbox account.

Other security features include the ability to manage team membership and invites from the Dropbox admin dashboard, and an updated Trust Center that contains security and compliance information related to Dropbox products. 

The security features are now available to customers on Dropbox Advanced, Business Plus, and Enterprise plans.

Dropbox announced several other new features as part of the latest release.

It will be easier to collaborate with colleagues on certain Microsoft files from within the Dropbox application, with a co-authoring feature that lets multiple users edit Word, Excel, and PowerPoint documents at the same time. Users can also see who’s working on a document and any edits made in real-time. (That feature is currently in beta.)

There’s also an integration between Dropbox Replay and Microsoft OneDrive, which lets users pull files from Microsoft’s file storage platform into the video and audio collaboration tool more easily for reviews and approvals. 

Dropbox Replay will also get new features, including the ability to review and approve additional file types such as PDF and PSD files, integration with music production application Avid Pro Tools, and dynamic watermarking to help protect proprietary content.

Other updates include changes to the Dropbox’s website UI, following a revamp last October. The new capabilities let users preview files more easily, pin favorite files to the navigation bar, and access suggest quick actions for files.

Cloud Storage, Collaboration Software, Productivity Software, Vendors and Providers

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT The Hacker Newshttp://www.blogger.com/profile/[email protected]

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development,

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development, Newsroomhttp://www.blogger.com/profile/[email protected]