Presentation on practical responses to misinformation as part of hybrid warfare, including the use of infosec frameworks to frame attacks and responses.
Corporate social media communication - EPHEC - 26/11/2018Denys Malengreau
Intervention auprès des étudiants de 3e bac en marketing de la haute école entrepreneuriale EPHEC, le 26 novembre 2018.
▼ Connect
LinkedIn : linkedin.com/in/dmlg
SlideShare : slideshare.net/denysmalengreau
Twitter : twitter.com/d_mlg
Periscope : periscope.tv/d_mlg
YouTube : bit.ly/d_mlg
Corporate social media communication - EPHEC - 26/11/2018Denys Malengreau
Intervention auprès des étudiants de 3e bac en marketing de la haute école entrepreneuriale EPHEC, le 26 novembre 2018.
▼ Connect
LinkedIn : linkedin.com/in/dmlg
SlideShare : slideshare.net/denysmalengreau
Twitter : twitter.com/d_mlg
Periscope : periscope.tv/d_mlg
YouTube : bit.ly/d_mlg
MIMA Summit Social Marketing 101 presentationNathan Wright
Social Marketing 101 presentation given by Greg Swan of Weber Shandwick and Nathan T. Wright of Lava Row at the 2009 MIMA Summit in Minneapolis, Minnesota.
Social Media Strategies (July 2011) at Seattle's School of Visual Conceptssocial3i
This deck was used for a 101 level workshop on Social Media Strategies, presented by Social3i Consulting in July 2011 at Seattle's School of Visual Concepts.
Keynote: Six Hidden Opportunities for Social Media IntegrationMediaPost
Now more than ever, social media success has to come from both inside and outside of the social media department. This session lays out six simple points of "unlikely integration" inside existing organizations. These points are where great social media ideas and work are hiding inside the traditional arms of clients and agencies. The presentation will be geared to inspire leaders of social media and return them to work with a mission for collaboration using the processes and resources they already have.
KEYNOTE
Jason Clement, Executive Director of Integration, TBWA\Digital Arts Network @jasonclement
MIMA Summit Social Marketing 101 presentationNathan Wright
Social Marketing 101 presentation given by Greg Swan of Weber Shandwick and Nathan T. Wright of Lava Row at the 2009 MIMA Summit in Minneapolis, Minnesota.
Social Media Strategies (July 2011) at Seattle's School of Visual Conceptssocial3i
This deck was used for a 101 level workshop on Social Media Strategies, presented by Social3i Consulting in July 2011 at Seattle's School of Visual Concepts.
Keynote: Six Hidden Opportunities for Social Media IntegrationMediaPost
Now more than ever, social media success has to come from both inside and outside of the social media department. This session lays out six simple points of "unlikely integration" inside existing organizations. These points are where great social media ideas and work are hiding inside the traditional arms of clients and agencies. The presentation will be geared to inspire leaders of social media and return them to work with a mission for collaboration using the processes and resources they already have.
KEYNOTE
Jason Clement, Executive Director of Integration, TBWA\Digital Arts Network @jasonclement
Similar to Practical Influence Operations, presentation at Sofwerx Dec 2018 (20)
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
10. Bodacea Light Industries, 2018
Nationstates: Qanon campaigns
10
“Action: continuous barrage of
memes. All SM platforms
Hashtags: #HRCvideo
#releasethevideo #maga #QAnon
Use top trending hashtags along
with your posts. Share and
retweet as much as possible”
26. Bodacea Light Industries, 2018
Individual: report trolls/botnets
26
“Twitter (reportedly)
suspended over 70 million
accounts”
“Facebook created a human
crisis team after algorithms
failed it”
You’ve already heard a lot today about misinformation. I’ll just add a little to that.
Misinformation is deliberately false information. One example is the “fake news” sites above, containing misinformation that’s used to gain advertising money, with clickbait tweets that bring people to them. Some of these currently contain the typical aliens and healthcure material, but many are political and trading on strong emotions like fear and useful divisions in society.
Image: screenshot of http://www.sawthis.one/ 2018-07-08
“A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.”
Source: wikipedia
Online misinformation is huge. A few hundred trolls and thousands of bots can affect millions of people at a time.
This is the scale that nationstate-run groups and pages, dedicated to creating division and confusion, typically work at.
Here are some of the Russian-owned Facebook groups shown to Congress: these high volumes of shares and interactions might include a lot of botnet activity, but are still not insignificant.
Misinformation is also moving from online to offline. Several times now, misinformation actors have sent invites to opposing groups to demonstrate at the same time in the same place.
https://twitter.com/JuliaDavisNews/status/994704834577215495
https://twitter.com/donie/status/957246815056908288
Misinformation is information that’s deliberately false (actually that’s disinformation, but “misinformation” as a term won). The smallest form of online misinformation is ‘joke’ viral content, for example in every disaster there’s someone who puts up an image of a shark in the street.
Image: http://www.politifact.com/truth-o-meter/statements/2017/aug/28/blog-posting/there-are-no-sharks-swimming-streets-houston-or-an/ and pretty much any major US disaster
And then, if you look, you can find organising pages for campaigns. Here are two Qanon “meme war organising page”. Qanon is a major group, but is just one of many. Note that this is from March/April, and has a specific date on it, targetting a specific event.
Familiarity backfire effect
Memory traces
Emotions = stronger traces
Here are some common brain vulnerabilities. My favourites are the familiarity backfire effect, where if you repeat a message with a negative in it, people remember the message without the negative, and that when people read, they take false information in as true before rejecting it - and in that fraction of a second, build other assertions off the false information, even if they *know* the original information is false.
This is targetting groups. This is one of the congress adverts set
This stuff is everywhere online: the expected places (FB, twitter, reddit, eventbrite, medium etc) but also comment streams, payment and event sites.
Social media buys reach and scale. 100 good bots = long game; 10000 ba ones = short but effective
You can also use other advertising techniques, and things like that familiarity backfire. Botnets are very useful for this, and very cheap, at about $150 for a difficult-to-find “aged” set, to a few dollars per thousand for Russian recent bots. Buy the bots, use any of the handy online guides to set them up messaging or retweeting etc, or use some simple pattern matching or AI to make them harder to find.
One big weakness for attackers is that they have to tell you about themselves. They leave a lot of “artefacts” - ways to find them.
botsentinal.com
Here are some of them, including hashtags, URLs, adverts. A simple media search with twitter, tweetdeck etc will find a lot of these. On the right are the artifacts tracked as part of the Canadian elections.
There’s also a lot of content in fact check sites(Snopes etc); if you have the resources, then it’s also possible to pay someone to go look at an area being discussed.
Sometimes misinformation propagation is more subtle. These are a good place to look for that too.
Here are some of them, including hashtags, URLs, adverts. A simple media search with twitter, tweetdeck etc will find a lot of these. On the right are the artifacts tracked as part of the Canadian elections.
You *can* report to platforms. So far this has been pretty underwhelming, but if we did it at scale, it could be interesting.
What would be good in an ideal system includes:
Realtime botnet removal
Realtime troll dampening
Etc
But that’s not where we are, so here’s some others.
Two things: advertising works by putting adverts into slots on pages. We can track unlabelled political ads, we can see the fakenews pages and pages associated with them, and we can see botnets going to pages to drive up their ad revenue. For communities, you can report ads on fake pages to brands.
And as an individual, there are still things you can do. One of these is to work with other people to block misinformation sources and channels. Many anti-harassment apps can be repurposed for this.
My favourite communities are the Lithuanian elves. Formed as an anonymous online group. They fight back every day against Russian misinformation, using a combination of humour and facts. It seems to be working.
Other cool things to do include overwhelming misinformation hashtags with other content, and hacking search terms to make disambiguation pages appear above misinformation sites.
Another group that’s got some traction is VOST (Virtual Operation Support Team), a team that supports responders in disasters: VOST Panama also used humour and “fake stamps” to counter misinformation, and helped me run a deployment on this during Hurricane Irma (when people also reported misinformation to Fema and Buzzfeed).
You can also help in rebuilding damaged communities: this is The Commons Project, that uses a combination of bots, humans and peace techniques for this.
Image: SANS sliding scale of cyber security
This is a mock-up of the Global Disinformation Index
I’m leading a team working on writing a misinformation equivalent to the ATT&CK TTP framework.
There are still a lot of bots out there, but tactics, techniques and procedures are changing rapidly: we’re starting to see an early-infosec-style split into script-kiddie style crude botnets and more carefully crafted responsive bots.
image: https://medium.com/@MediaManipulation/tracking-disinformation-by-reading-metadata-320ece1ae79b