The super computer gets a panoptic view of the city using data from cameras and sensor networks. The information obtained is used to manage the city’s infrastructure and technology as well as to maintain a database of personal information about citizens and their activities. In this article, we take a look at some of the real dangers facing today’s cities from malicious hackers.
Speakers:
Daniel Crowley , Research Baron at IBM X-Force Red
Jennifer Savage , Security Researcher at Threatcare
Mauro Paredes , Managing Consultant at IBM X-Force Red
Robert Humphrey, Chief Marketing Officer at ForgeRock, described the importance of identity management for organizations and its impact on IT security during his presentation at the 2015 Chief Information Officer Leadership Forum in Los Angeles on Feb. 10. In his presentation, Humphrey noted that “identity is at the center of everything” an organization does.
Stephen Aponte Jr.'s presentation from CEWIT2013 is now present online through slideshare! Learn more about voice driven user interface design by reading his slides or you can contact Intelligent Product Solutions at www.intelligentproductsolutions.com for any questions you may have.
You Can't Spell Enterprise Security without MFA Ping Identity
Sure, you can spell enterprise security without the letters M-F-A, but the modern digital enterprise isn't as secure without a strong multi-factor authentication (MFA) strategy. Enterprises are under attack, and credentials are a primary target. Many leading enterprises are enhancing their security and control with MFA, allowing them to move away from a high-risk, password-based security approach and to give their employees, partners, and customers a better user experience. View this slide deck for best practices for a MFA strategy.
Robert Humphrey, Chief Marketing Officer at ForgeRock, described the importance of identity management for organizations and its impact on IT security during his presentation at the 2015 Chief Information Officer Leadership Forum in Los Angeles on Feb. 10. In his presentation, Humphrey noted that “identity is at the center of everything” an organization does.
Stephen Aponte Jr.'s presentation from CEWIT2013 is now present online through slideshare! Learn more about voice driven user interface design by reading his slides or you can contact Intelligent Product Solutions at www.intelligentproductsolutions.com for any questions you may have.
You Can't Spell Enterprise Security without MFA Ping Identity
Sure, you can spell enterprise security without the letters M-F-A, but the modern digital enterprise isn't as secure without a strong multi-factor authentication (MFA) strategy. Enterprises are under attack, and credentials are a primary target. Many leading enterprises are enhancing their security and control with MFA, allowing them to move away from a high-risk, password-based security approach and to give their employees, partners, and customers a better user experience. View this slide deck for best practices for a MFA strategy.
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
Hitchhikers know everything exciting happens outside the lines, like cloud, mobile, social, big data and the internet of things. The challenge of navigating today’s universe is lack of portable, automated, discoverable and scalable identity management. DON’T PANIC. This presentation from Ping Identity CTO Patrick Harding explains how a next-generation identity and access management layer encompassing the identity of people and things, passive analytics, active feedback and automated connections to partners, customers, and apps is the modern Hitchhiker’s Guide to the Identiverse. Presented at Gartner Catalyst 2013.
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
In the past year, we’ve seen a significant shift in how we are asked to authenticate to web applications. The trend is moving from relying on simple username & passwords to wider scale use of two-factor, risk-based & multi-factor authentication (MFA), such as software tokens, one-time password (OTP), and various forms of device identification. What does it all mean & is it something your organization needs?
The simple answer is…multi-factor authentication needs to be on the radar of every organization, as passwords are no longer enough to protect users. Passwords are too easy to crack or steal & hackers are indiscriminant. From an operational perspective, organizations are losing money through high volumes of help desk tickets related to logins & password resets. Strong passwords are still just too weak of a defense in today’s business world.
Join us at 11amET on Tuesday, April 1st for an interactive webcast with our team of subject matter experts to learn more about how to turn this new requirement into a seamless feature of your current environment.
GDPR & Customer IAM: The Real Winners Won’t Stop At CompliancePing Identity
Listen to the on-demand recorded webinar here: http://bit.ly/2synQpD.
In the recording you will learn how customer identity and access management (Customer IAM) solutions can help you meet GDPR requirements out of the box, while also providing a single, unified customer profile, and enabling secure, seamless and personalized customer experiences across all channels and applications.
Note, this is a recorded webinar which took place on 27 June, 2017. For more information on GDPR and how Ping's leading Customer IAM solution can turn a compliance challenge into an opportunity for your organization, visit www.pingidentity.com/GDPR.
In developing for IoT, security is not often the highest priority: APIs exposed without care and devices deployed with default passwords become gateways to your network and your data. Many best practices can be used to thwart attacks on your devices, but they have to be thought through from the first architectural design. This session covers many recent IoT attacks, their consequences, and how they could have been prevented. It also explores the many security levels one device can have, from totally exposed to completely secured against physical tampering and identity theft.
Biometric Identification Evolves to Provide Unprecedented Security & ReliabilitySamsung SDS America
Since it was first introduced in 1858, biometric technology has come a long way. Today, highly advanced, highly accurate biometric technologies can authenticate identity using a person’s fingerprint, iris/eye, facial features, and voice, to name a few. With the rise in identity and data theft, the global financial services industry is ramping up its use of biometrics to provide convenient, reliable, and highly secure protection.
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesPing Identity
Customer identity and access management (CIAM) is a high-priority imperative in the age of the customer. If your customers can’t register or log in for service, and can’t conduct transactions in an easily usable manner, it really doesn’t much matter how your website, mobile app, or phone channel is architected; they may move on to your competition.Learn how customer experience influences IAM and security and what actions you can take to meet both sets of goals.
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
Rajiv Dholakia, Nok Nok Labs
Basics of how FIDO protocols work, how they fit into the broader identity ecosystem, the benefits of the design and the state of implementation/deployment in the market; appropriate for both technical and non-technical individuals, giving orientation before diving into the details of the specific FIDO protocols.
Smarter Commerce Summit - IBM MobileFirst ServicesChris Pepin
IBM's industry-leading business and technology services for strategy/design and development/deployment of mobile applications, devices, communication and IT networks are an integral component of the IBM MobileFirst portfolio. Learn how we can help you begin, accelerate and manage your journey to becoming a mobile-first enterprise.
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
Hitchhikers know everything exciting happens outside the lines, like cloud, mobile, social, big data and the internet of things. The challenge of navigating today’s universe is lack of portable, automated, discoverable and scalable identity management. DON’T PANIC. This presentation from Ping Identity CTO Patrick Harding explains how a next-generation identity and access management layer encompassing the identity of people and things, passive analytics, active feedback and automated connections to partners, customers, and apps is the modern Hitchhiker’s Guide to the Identiverse. Presented at Gartner Catalyst 2013.
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
In the past year, we’ve seen a significant shift in how we are asked to authenticate to web applications. The trend is moving from relying on simple username & passwords to wider scale use of two-factor, risk-based & multi-factor authentication (MFA), such as software tokens, one-time password (OTP), and various forms of device identification. What does it all mean & is it something your organization needs?
The simple answer is…multi-factor authentication needs to be on the radar of every organization, as passwords are no longer enough to protect users. Passwords are too easy to crack or steal & hackers are indiscriminant. From an operational perspective, organizations are losing money through high volumes of help desk tickets related to logins & password resets. Strong passwords are still just too weak of a defense in today’s business world.
Join us at 11amET on Tuesday, April 1st for an interactive webcast with our team of subject matter experts to learn more about how to turn this new requirement into a seamless feature of your current environment.
GDPR & Customer IAM: The Real Winners Won’t Stop At CompliancePing Identity
Listen to the on-demand recorded webinar here: http://bit.ly/2synQpD.
In the recording you will learn how customer identity and access management (Customer IAM) solutions can help you meet GDPR requirements out of the box, while also providing a single, unified customer profile, and enabling secure, seamless and personalized customer experiences across all channels and applications.
Note, this is a recorded webinar which took place on 27 June, 2017. For more information on GDPR and how Ping's leading Customer IAM solution can turn a compliance challenge into an opportunity for your organization, visit www.pingidentity.com/GDPR.
In developing for IoT, security is not often the highest priority: APIs exposed without care and devices deployed with default passwords become gateways to your network and your data. Many best practices can be used to thwart attacks on your devices, but they have to be thought through from the first architectural design. This session covers many recent IoT attacks, their consequences, and how they could have been prevented. It also explores the many security levels one device can have, from totally exposed to completely secured against physical tampering and identity theft.
Biometric Identification Evolves to Provide Unprecedented Security & ReliabilitySamsung SDS America
Since it was first introduced in 1858, biometric technology has come a long way. Today, highly advanced, highly accurate biometric technologies can authenticate identity using a person’s fingerprint, iris/eye, facial features, and voice, to name a few. With the rise in identity and data theft, the global financial services industry is ramping up its use of biometrics to provide convenient, reliable, and highly secure protection.
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesPing Identity
Customer identity and access management (CIAM) is a high-priority imperative in the age of the customer. If your customers can’t register or log in for service, and can’t conduct transactions in an easily usable manner, it really doesn’t much matter how your website, mobile app, or phone channel is architected; they may move on to your competition.Learn how customer experience influences IAM and security and what actions you can take to meet both sets of goals.
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
Rajiv Dholakia, Nok Nok Labs
Basics of how FIDO protocols work, how they fit into the broader identity ecosystem, the benefits of the design and the state of implementation/deployment in the market; appropriate for both technical and non-technical individuals, giving orientation before diving into the details of the specific FIDO protocols.
Smarter Commerce Summit - IBM MobileFirst ServicesChris Pepin
IBM's industry-leading business and technology services for strategy/design and development/deployment of mobile applications, devices, communication and IT networks are an integral component of the IBM MobileFirst portfolio. Learn how we can help you begin, accelerate and manage your journey to becoming a mobile-first enterprise.
How to keep your IT environment secure using IAM while deploying BYOD and mobile
presentation delivered at the BYOD and Mobility Forum, London on 26 March 2014
The Future of CASBs - A Cloud Security Force AwakensBitglass
By now you are likely familiar with Cloud Access Security Brokers (CASBs) and understand how they fit into your broader security and cloud strategy. What should organizations be looking for in a CASB? What capabilities are here or on the horizon that can provide improved data protection in the cloud?
Bitglass and (ISC)2 presents the final episode of the CASB series where we will examine where cloud security is headed, discussing agentless and agent-based solutions, the growing number of cloud apps in use and the importance of easy deployment. Learn why cross-app security will become increasingly valuable as organizations look to third-party solutions for deep visibility, behavior analytics, and more.
The session theme is "Threat Management, Next Generation Security Operations Center".
The session focuses how security information and event management can help enterprises to collects data from the heterogeneous landscape to have incident response plans and have automation in the entire security operations framework.
The session is handled by The session will be handled by Mr.Ravi Shankar Mallah, Architect / IBM security Specialist – Resilient & i2.
Ravi has over 13+ years of experience in the field of Cyber security. Over the course of his career he has been involved in building & running multiple enterprise level SOC while taking care of both perimeter and internal security of these setup. He also enjoys real life experience of various Security related technologies such as SIEM, SOAR, IPS, firewalls, Vulnerability management, Anti-APT solutions etc.
In his current role at IBM he is working as an Architect and enjoys the role of specialist for Incident Response Platform (IRP) and Threat Hunting
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
Scalable enterprise mobility solutions: How to give your employees tools they need without sacrificing user experience and security.
Consumerization of IT and BYOD are here – and it’s a GOOD thing. Today's dynamic workplaces and hyper-competitive markets drive demand for more mobile productivity solutions. Nearly 70% of enterprise employees report making better decisions, being more productive and happier if they are allowed to use mobile devices and cloud-based tools. Yet, IT organizations often resist these trends because of cost and risk associated with multi-platform, multi-device ecosystem having access to corporate data and resources.
In this webinar, product experts from Sencha and Centrify will help your organization embrace BYOD and SaaS in a cost-effective, scalable way. Sencha Space is an advanced platform for securely deploying mobile apps and delivering a consistent, elegant, mobile user experience to end-users. Users can launch any mobile web app, or HTML5 app in a secure, managed environment. Combining Space with secure, Active Directory- or Cloud-Based Identity and Access Management (IAM) from Centrify gives IT visibility and control over mobile platforms and SaaS / in-house apps while improving user experience and reducing security risk.
An Internet of Things solution will always need to connect devices, collect data, assemble events and do so in a way that is managed. With this introduction to the IBM Internet of Things Foundation, learn how all of this is delivered in a cloud hosted service and make it the platform on which you build your next set of innovations.
Try it out in the IBM Bluemix IoT Zone:
http://bluemix.net/solutions/iot
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2015/09/successful-industrial-iot-patterns/
By seeding Internet of Things devices and interconnecting the edge to Cloud services, teams create an opportunity to increase customer satisfaction, enhance customer loyalty, and more adeptly fulfill customer needs. By enabling your organization to intimately understand the end user experience, product limitations, and usage patterns, IoT and M2M helps you intelligently realize more efficient business processes, optimize product design, and reshape business models.
In this webinar, John Mathon will share insights into how enterprise organizations are extending their architecture, DevOps processes, and security policies to overcome today's IoT and M2M challenges and seize opportunity right now.
Web 3.0 – From Buzzword to Security with Schellmansaastr
Douglas Barbin, Managing Principal & Chief Growth Officer @ Schellman
Avani Desai, CEO @ Schellman
Blockchain, Cryptocurrency, NFTs, DigitalID, etc. There are lots of topics out there that capture the public’s
attention and technology professionals at the same time. The goal of this presentation is to provide a basic
understanding of core web 3.0 technologies including blockchain(s) and the role of identity management in
a more decentralized computing environment. No buzzwords, no long-winded explanations, just real use-
cases and perspectives on where SaaS providers should focus their attention in this emerging space.
MobileIron's Enterprise Solution for Mobile Web BrowsingMobileIron
The Web@Work Enterprise Mobile Browser enables immediate, secure access to internal websites and web applications without a separate VPN connection. Web@Work preserves a native and high-fidelity web browsing experience.
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Epistemic Interaction - tuning interfaces to provide information for AI support
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUNS & MODERN CITIES
1. Outsmarting the Smart City
DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUNS
MODERN CITIES&
2. 2 Page
Researcher Bios
• Daniel Crowley (@dan_crowley)
• Research Baron at IBM X-Force Red
• Pen tester since 2004
• Locksport enthusiast and past competition winner
• Actually holds the title of Baron (in Sealand)
3. 3 Page
Researcher Bios
• Jennifer Savage (@savagejen)
• Security Researcher at Threatcare
• Black Hat review board member
• Experience includes:
̶ development
̶ vulnerability assessment
̶ vulnerability management
̶ penetration testing
̶ security research
4. 4 Page
Researcher Bios
• Mauro Paredes (@mauroparedes)
• Managing Consultant at IBM X-Force Red
• Passion for security flaws and their corrections
• Formerly developer, net/server admin, security architect
• Pen tester for many years
• 20+ years infosec experience in multiple industries
5. 5 Page
What kind of tech makes a city “smart”?
• Industrial Internet of Things
• Urban Automation
• Public Safety / Emergency Management
• Intelligent Transportation Systems
• Metropolitan Area Networks
6. 6 Page
Limited citizen privacy and risk management options
• You don’t have to buy an Alexa
• You can buy a non-smart TV
• You can buy a feature phone (or forego a cell phone)
• You can buy an ancient car
• Can you move to a city that isn’t “smart”?
7. 7 Page
V2I, V2V, OBD-III and DSRC
Connected vehicles communicate with each other, and with city infrastructure, as travel occurs.
The proposed OBD-III standard raises privacy and due process concerns.
8. 8 Page
Hangzhou “City Brain”
“In China, people have less concern with privacy, which allows us to move faster”
- Xian-Sheng Hua, manager of AI at Alibaba at World Summit AI in 2017
9. 9 Page
Smart streetlights with cameras
GE’s Bill Ruh says it’s up to each city to set policies around the data
collected by the sensors and how it can be used.
10. 10 Page
Facial recognition
In 2017 the former head of Singapore’s civil service Peter Ong said Singapore
wants to deploy facial recognition technology to all 110,000 lampposts in the country.
11. 11 Page
Dubai robotic police force
“By 2030, we will have the first smart police station which won’t require human employees” -
Brigadier Khalid Nasser Al Razouqi, Dubai Police’s general director of the Smart Services Department
13. 13 Page
Search Engines
• Customer case studies
• News reports
• Smart City Open Data Initiatives
• Some city contracts are public by law
̶ Google: “purchase order” “smart device” site:gov
14. 14 Page
Public Systems Are Already Mapped
• IANA (Internet Assigned Numbers Authority) ranges
• Internet infrastructure search engines
̶ SHODAN
̶ Censys
̶ etc
15. 15 Page
Physical Recon
• Visual observation
• Wireless recon
̶ WiFi
̶ Monitor Unlicensed Bands
̶ Zigbee
̶ LoRaWAN
• Log off and go outside
18. 18 Page
News Reports
“How Austin brought the human touch to smart city planning”
Digital Trends - July 31, 2017
“Austin, TX to test autonomous transit shuttles”
Smart Cities Dive - June 28, 2018
“Austin reinventing itself into a Smart City”
Austin Business Journal - Jul 30, 2017
“Austin is getting its own “smart” street”
The Architect’s Newspaper - August 23, 2017
“How Can Austin Achieve Smart City Status?”
KUT - Mar 14, 2017
28. 28 Page
i.LON SmartServer and i.LON 600
Default Web credentials
Default FTP credentials
Unauthenticated API calls (SmartServer only)
Plaintext communications
Authentication bypass
Cleartext password file on FTP
Replace binaries via FTP to execute code
Fiddle with ICS gear
Change IP address of i.LON
Gain access Do bad things
34. 34 Page
V2I Hub: What it does
• Manages Vehicle to Infrastructure comms
• Modular infrastructure
• Mostly SPaT (signal phase and timing) related
35. 35 Page
V2I Hub v2.5.1
Hard-coded admin account
Various API key issues
XSS
SQLi in API
Missing authentication
Track vehicles
Send false safety messages
Create traffic
…or just power it down
Gain access Do bad things