Bitcoin's future threats: what’s real and what’s not? Audience votes after panelists release a whitepaper and overview key case studies on: remote exploitation(31), mining resources theft(17), wallet theft(10), fraud or scam(10), crime or terrorism(10), insider threat(8), DDoS(7), phishing(6), coin loss(4), software bug or human error(3), social engineering(1), 51% attack(1), government bans(1). - See more at: https://www.rsaconference.com/events/us15/agenda/sessions/1710/bitcoins-future-threats-experts-roundtable-based-on#sthash.MtLRNA1w.dpuf
How can we avoid\prevent a ransomware attack Please check https://firewall.firm.in/preventing-ransomware/ , Use Sophos Antivirus & Firewall
Sophos Central Platform Manage all your Sophos Antivirus & Firewall from a single, cloud-based console.
Synchronized Security
Next-gen security with real-time intelligence sharing between your endpoints and firewall.
“No other company is close to delivering this type of communication between endpoint and network security products.” Please contact us on sales@itmonteur.net
Exploits in the Cryptocurrency Craze: What You Must Know to Protect Your Organization
As long as cybercriminals can make a profit, businesses and their data will always be a target. However, this is just the beginning to the new attack vectors and threats organizations are now facing. Learn about a few of the trends and recent attack methods that our research labs have discovered pertaining to nefarious block-chaining and illegal drive-by crypto-mining. We will uncover how these attacks are being delivered and how your company or personal electronic devices may be at risk—without you even knowing it.
Additionally, we will identify the essential security measures that your customers must incorporate to protect themselves and their company.
Attend this session and learn:
• The current/future state of drive-by and crypto-mining within the cryptocurrency realm
• TTP’s (Techniques, Tactics, Procedures) used to assist in illegal block-chaining activities
• Best of breed security practices needed to mitigate and protect yourself and organization from these new drive-by block-chaining attack vectors
Last but not least, a couple of tips and things to think of if you are the CIO/CISO of an organization from a 10 year old “start up”
Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion.
This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves.
This presentation covers the most recent cyber security news.
Check it out on our blog here: https://www.securable.io/blog/infosec-monthly-news-recap-april-2017
Stealing PINs via Phone Sensors
The World’s Ending: Dallas Tornado Siren Hacked
1,175 Hotel’s Breached: Credit Card Info
All Your Bank Are Belong to Us: Brazilian Bank Heist
Apple.com Homograph Phishing Concept
Darkweb Excited about latest NSA dump by Shadow Brokers
WA University Med School Phish - 80k Records
ATM Hacks, 15$ And Some Hardware
Amazon 3rd Party Sellers Hit By Hackers
Coordinated cyber attacks known as op qatar terrorizes qatar once againizoologic
The ongoing Gulf feud between the small but rich country of Qatar versus its biggest friends and neighbouring countries of Saudi Arabia, UAE, Egypt and Bahrain continued their year-long conflict with more cyber-attacks in mind. #OpQatar Hacks are targeting and leaking sensitive information from their citizens and agencies once again.
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
The CryptoLocker Malware encrypts certain files with a private key and demands payment to regain access to the files. Nick Bilogorskiy, Director of Security Research, presents this deep dive into CryptoLocker and looks at the latest information around what is called one of the two most sophisticated and destructive forms of malicious software in existence. (The other being Gameover Zeus.)
Malware’s Most Wanted is a monthly series to inform IT security professionals on the details of the most dangerous advanced persistent threats. Attendees receive a special edition t-shirt.
How can we avoid\prevent a ransomware attack Please check https://firewall.firm.in/preventing-ransomware/ , Use Sophos Antivirus & Firewall
Sophos Central Platform Manage all your Sophos Antivirus & Firewall from a single, cloud-based console.
Synchronized Security
Next-gen security with real-time intelligence sharing between your endpoints and firewall.
“No other company is close to delivering this type of communication between endpoint and network security products.” Please contact us on sales@itmonteur.net
Exploits in the Cryptocurrency Craze: What You Must Know to Protect Your Organization
As long as cybercriminals can make a profit, businesses and their data will always be a target. However, this is just the beginning to the new attack vectors and threats organizations are now facing. Learn about a few of the trends and recent attack methods that our research labs have discovered pertaining to nefarious block-chaining and illegal drive-by crypto-mining. We will uncover how these attacks are being delivered and how your company or personal electronic devices may be at risk—without you even knowing it.
Additionally, we will identify the essential security measures that your customers must incorporate to protect themselves and their company.
Attend this session and learn:
• The current/future state of drive-by and crypto-mining within the cryptocurrency realm
• TTP’s (Techniques, Tactics, Procedures) used to assist in illegal block-chaining activities
• Best of breed security practices needed to mitigate and protect yourself and organization from these new drive-by block-chaining attack vectors
Last but not least, a couple of tips and things to think of if you are the CIO/CISO of an organization from a 10 year old “start up”
Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion.
This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves.
This presentation covers the most recent cyber security news.
Check it out on our blog here: https://www.securable.io/blog/infosec-monthly-news-recap-april-2017
Stealing PINs via Phone Sensors
The World’s Ending: Dallas Tornado Siren Hacked
1,175 Hotel’s Breached: Credit Card Info
All Your Bank Are Belong to Us: Brazilian Bank Heist
Apple.com Homograph Phishing Concept
Darkweb Excited about latest NSA dump by Shadow Brokers
WA University Med School Phish - 80k Records
ATM Hacks, 15$ And Some Hardware
Amazon 3rd Party Sellers Hit By Hackers
Coordinated cyber attacks known as op qatar terrorizes qatar once againizoologic
The ongoing Gulf feud between the small but rich country of Qatar versus its biggest friends and neighbouring countries of Saudi Arabia, UAE, Egypt and Bahrain continued their year-long conflict with more cyber-attacks in mind. #OpQatar Hacks are targeting and leaking sensitive information from their citizens and agencies once again.
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
The CryptoLocker Malware encrypts certain files with a private key and demands payment to regain access to the files. Nick Bilogorskiy, Director of Security Research, presents this deep dive into CryptoLocker and looks at the latest information around what is called one of the two most sophisticated and destructive forms of malicious software in existence. (The other being Gameover Zeus.)
Malware’s Most Wanted is a monthly series to inform IT security professionals on the details of the most dangerous advanced persistent threats. Attendees receive a special edition t-shirt.
No company is safe from a Ransomware attack (malicious forms of software programmed to steal company data and hold it for "ransom"). However, technology has allowed us to mitigate these attacks by implementing proper recovery systems that can ensure that cyber criminals will never see a dime from your business.
The PPT gives introduction about the ransomware attack which took place in 2013. It also have terms related to cyber security that may be useful to understand the event.
The aim of this PPT is to provide comprehensive information on the cyber attack called Brute Force Attack, including but not limited to its aim, its types and the measures that need to be taken to keep at bay such a cyber attack.
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
Cryptolocker and other ransomware brought crisis to thousands of businesses last year. The malware made millions by encrypting victims’ files and demanding ransoms to unlock them. Some companies lost everything. Others, including local police departments, had to pay a hefty ransom to recover their data.
Today, Cryptolocker is gone, but ransomware is growing stronger. New variants such as CryptoWall and Critroni are infecting users, locking their files, and demanding higher ransoms. How can you protect your IT business and clients from this growing threat?
Join Calyptix Security for a conversation on crypto-ransomware, where it’s headed, and how to avoid a ‘crypto crisis’ at your office. You’ll get straight-forward advice on how to stop this threat from impacting your business network security and clients.
Video recording of this webinar took place on March 12, 2015
Senior Network Analyst Warren Finch discussed the use of web-based crypto miners and how the crypto miners could be used maliciously for crypto jacking at PacNOG 23 in the Marshall Islands from 3 to 7 December 2018.
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
In March of this year, a Romanian man killed himself and his 4-year old son because of a ransomware he received after visiting adult websites. This "police impersonation" malware instructed him to pay a massive fine or else go to jail for 11 years. Ransomware isn't a new threat; however, it introduced new life with CryptoLocker, the very first variant to perform encryption correctly, thussignificantly inhibiting security researchers and their typical countermeasures. Due to its unique nature, CryptoLocker is one of the few current malware campaigns that spawned its own working group focused around remediation. As time progressed, other ransomware copycat campaigns emerged, some of which got media attention even though they were nothing but vaporware.
This talk will focus on what the threat intelligence community did in response to this threat, including the development of near-time tracking of its infrastructure and what can be learned in order to manage new threats as they emerge.
TRITON: The Next Generation of ICS MalwareThomas Roccia
This presentation is about the industrial malware dubbed Triton that targeted Safety Industrial System in a oil and gas plant in 2017. It was presented during the CNES COMET event about Industrial Threats.
The life of breached data and the attack lifecycleJarrod Overson
OWASP RTP Presentation on Data breaches, credential spills, the lifespan of data, credential stuffing, the attack lifecycle, and what you can do to protect yourself or your users.
http://blackhat.com/us-13/briefings.html#Grossman
Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary javascript -- even malicious javascript! You are SUPPOSED to use this “feature” to show ads, to track users, and get clicks, but that doesn’t mean you have to abide. Absolutely nothing prevents spending $10, $100, or more to create a massive javascript-driven browser botnet instantly. The real-world power is spooky cool. We know, because we tested it… in-the-wild.
With a few lines of HTML5 and javascript code we’ll demonstrate just how you can easily commandeer browsers to perform DDoS attacks, participate in email spam campaigns, crack hashes and even help brute-force passwords. Put simply, instruct browsers to make HTTP requests they didn’t intend, even something as well-known as Cross-Site Request Forgery. With CSRF, no zero-days or malware is required. Oh, and there is no patch. The Web is supposed to work this way. Also nice, when the user leaves the page, our code vanishes. No traces. No tracks.
Before leveraging advertising networks, the reason this attack scenario didn’t worry many people is because it has always been difficult to scale up, which is to say, simultaneously control enough browsers (aka botnets) to reach critical mass. Previously, web hackers tried poisoning search engine results, phishing users via email, link spamming Facebook, Twitter and instant messages, Cross-Site Scripting attacks, publishing rigged open proxies, and malicious browser plugins. While all useful methods in certain scenarios, they lack simplicity, invisibility, and most importantly -- scale. That’s what we want! At a moment’s notice, we will show how it is possible to run javascript on an impressively large number of browsers all at once and no one will be the wiser. Today this is possible, and practical.
Cryptography, as we know, is the study of techniques for secure communication. It is highly impossible to hack a blockchain, or a private key as trying to break an algorithm protected by cryptography would require an unfeasible amount of computational power
Driven by recent increases in cryptocurrency values, Cryptojacking is poised to be a center of conversation. It’s one of the latest innovations in hacking in which a victim’s computer is enlisted to mine cryptocurrency. Unlike ransomware, this attack steals processor cycles in an attempt to mine Monero and other currencies, typically without the user’s knowledge or consent.
CoinMiners are on the rise, trending so high that in the last couple of month they almost completely replaced ransomware in both media and the research community. Unlike ransomware which profit from rapid encryption of user’s data taken hostage, CoinMiners profit comes from high jacking computer resources. As long as the CoinMiner stays undetected and stealth, the higher its author profit.
In this talk we will focus on the unexplored territory of CoinMiner evasive maneuver and functionality to avoid getting found by its victims and provide tactics and tools to combat them.
After the Data Breach: Stolen CredentialsSBWebinars
Credentials don’t start out on the dark web - they end there.
When usernames and passwords are compromised in a data breach, the consequences extend far beyond the victim organization due to rampant password reuse. For this reason, NIST recently recommended that organizations check users’ credentials against a set of known compromised passwords. However, by patroning dark web forums and paying for spilled credentials, enterprises indirectly support the criminal ecosystem. Furthermore, attackers often don’t publicly post stolen data until months or years after the breach, if at all. Is there a better way to follow NIST guidelines and protect users from account takeover?
Join Justin Richer, co-author of NIST Digital Identity Guidelines 800-63B, and Gautam Agarwal, Blackfish Product Manager, for a lively discussion on NIST’s password recommendations and how best to prevent account takeover fraud at your organization.
Agenda:
The Threat of Stolen Credentials
Reasoning Behind NIST’s Password Recommendations
Ways to Manage a Password “Breach Corpus”
How Blackfish Helps Organizations Follow NIST Guidelines
Lost in the Ether: How Ethereum Hacks Are Shaping the Blockchain FuturePriyanka Aash
Valued at over $24 billion in total, Ether is the second largest crypto currency, only behind Bitcoin. In the last two years, cybercriminals have exploited code flaws, web app vulnerabilities and social engineering to steal over $100 million in Ether crypto currency. This session will cover smart contracts and the Ethereum Virtual Machine as well as a history of how these heists have shaped Ethereum.
Learning Objectives:
1: Gain a basic understanding of the Ethereum Virtual Machine and smart contracts.
2: Understand common security flaws in blockchain technology implementation.
3: Consider the legal implications of attacks against fully distributed entities.
(Source: RSA Conference USA 2018)
No company is safe from a Ransomware attack (malicious forms of software programmed to steal company data and hold it for "ransom"). However, technology has allowed us to mitigate these attacks by implementing proper recovery systems that can ensure that cyber criminals will never see a dime from your business.
The PPT gives introduction about the ransomware attack which took place in 2013. It also have terms related to cyber security that may be useful to understand the event.
The aim of this PPT is to provide comprehensive information on the cyber attack called Brute Force Attack, including but not limited to its aim, its types and the measures that need to be taken to keep at bay such a cyber attack.
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
Cryptolocker and other ransomware brought crisis to thousands of businesses last year. The malware made millions by encrypting victims’ files and demanding ransoms to unlock them. Some companies lost everything. Others, including local police departments, had to pay a hefty ransom to recover their data.
Today, Cryptolocker is gone, but ransomware is growing stronger. New variants such as CryptoWall and Critroni are infecting users, locking their files, and demanding higher ransoms. How can you protect your IT business and clients from this growing threat?
Join Calyptix Security for a conversation on crypto-ransomware, where it’s headed, and how to avoid a ‘crypto crisis’ at your office. You’ll get straight-forward advice on how to stop this threat from impacting your business network security and clients.
Video recording of this webinar took place on March 12, 2015
Senior Network Analyst Warren Finch discussed the use of web-based crypto miners and how the crypto miners could be used maliciously for crypto jacking at PacNOG 23 in the Marshall Islands from 3 to 7 December 2018.
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
In March of this year, a Romanian man killed himself and his 4-year old son because of a ransomware he received after visiting adult websites. This "police impersonation" malware instructed him to pay a massive fine or else go to jail for 11 years. Ransomware isn't a new threat; however, it introduced new life with CryptoLocker, the very first variant to perform encryption correctly, thussignificantly inhibiting security researchers and their typical countermeasures. Due to its unique nature, CryptoLocker is one of the few current malware campaigns that spawned its own working group focused around remediation. As time progressed, other ransomware copycat campaigns emerged, some of which got media attention even though they were nothing but vaporware.
This talk will focus on what the threat intelligence community did in response to this threat, including the development of near-time tracking of its infrastructure and what can be learned in order to manage new threats as they emerge.
TRITON: The Next Generation of ICS MalwareThomas Roccia
This presentation is about the industrial malware dubbed Triton that targeted Safety Industrial System in a oil and gas plant in 2017. It was presented during the CNES COMET event about Industrial Threats.
The life of breached data and the attack lifecycleJarrod Overson
OWASP RTP Presentation on Data breaches, credential spills, the lifespan of data, credential stuffing, the attack lifecycle, and what you can do to protect yourself or your users.
http://blackhat.com/us-13/briefings.html#Grossman
Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary javascript -- even malicious javascript! You are SUPPOSED to use this “feature” to show ads, to track users, and get clicks, but that doesn’t mean you have to abide. Absolutely nothing prevents spending $10, $100, or more to create a massive javascript-driven browser botnet instantly. The real-world power is spooky cool. We know, because we tested it… in-the-wild.
With a few lines of HTML5 and javascript code we’ll demonstrate just how you can easily commandeer browsers to perform DDoS attacks, participate in email spam campaigns, crack hashes and even help brute-force passwords. Put simply, instruct browsers to make HTTP requests they didn’t intend, even something as well-known as Cross-Site Request Forgery. With CSRF, no zero-days or malware is required. Oh, and there is no patch. The Web is supposed to work this way. Also nice, when the user leaves the page, our code vanishes. No traces. No tracks.
Before leveraging advertising networks, the reason this attack scenario didn’t worry many people is because it has always been difficult to scale up, which is to say, simultaneously control enough browsers (aka botnets) to reach critical mass. Previously, web hackers tried poisoning search engine results, phishing users via email, link spamming Facebook, Twitter and instant messages, Cross-Site Scripting attacks, publishing rigged open proxies, and malicious browser plugins. While all useful methods in certain scenarios, they lack simplicity, invisibility, and most importantly -- scale. That’s what we want! At a moment’s notice, we will show how it is possible to run javascript on an impressively large number of browsers all at once and no one will be the wiser. Today this is possible, and practical.
Cryptography, as we know, is the study of techniques for secure communication. It is highly impossible to hack a blockchain, or a private key as trying to break an algorithm protected by cryptography would require an unfeasible amount of computational power
Driven by recent increases in cryptocurrency values, Cryptojacking is poised to be a center of conversation. It’s one of the latest innovations in hacking in which a victim’s computer is enlisted to mine cryptocurrency. Unlike ransomware, this attack steals processor cycles in an attempt to mine Monero and other currencies, typically without the user’s knowledge or consent.
CoinMiners are on the rise, trending so high that in the last couple of month they almost completely replaced ransomware in both media and the research community. Unlike ransomware which profit from rapid encryption of user’s data taken hostage, CoinMiners profit comes from high jacking computer resources. As long as the CoinMiner stays undetected and stealth, the higher its author profit.
In this talk we will focus on the unexplored territory of CoinMiner evasive maneuver and functionality to avoid getting found by its victims and provide tactics and tools to combat them.
After the Data Breach: Stolen CredentialsSBWebinars
Credentials don’t start out on the dark web - they end there.
When usernames and passwords are compromised in a data breach, the consequences extend far beyond the victim organization due to rampant password reuse. For this reason, NIST recently recommended that organizations check users’ credentials against a set of known compromised passwords. However, by patroning dark web forums and paying for spilled credentials, enterprises indirectly support the criminal ecosystem. Furthermore, attackers often don’t publicly post stolen data until months or years after the breach, if at all. Is there a better way to follow NIST guidelines and protect users from account takeover?
Join Justin Richer, co-author of NIST Digital Identity Guidelines 800-63B, and Gautam Agarwal, Blackfish Product Manager, for a lively discussion on NIST’s password recommendations and how best to prevent account takeover fraud at your organization.
Agenda:
The Threat of Stolen Credentials
Reasoning Behind NIST’s Password Recommendations
Ways to Manage a Password “Breach Corpus”
How Blackfish Helps Organizations Follow NIST Guidelines
Lost in the Ether: How Ethereum Hacks Are Shaping the Blockchain FuturePriyanka Aash
Valued at over $24 billion in total, Ether is the second largest crypto currency, only behind Bitcoin. In the last two years, cybercriminals have exploited code flaws, web app vulnerabilities and social engineering to steal over $100 million in Ether crypto currency. This session will cover smart contracts and the Ethereum Virtual Machine as well as a history of how these heists have shaped Ethereum.
Learning Objectives:
1: Gain a basic understanding of the Ethereum Virtual Machine and smart contracts.
2: Understand common security flaws in blockchain technology implementation.
3: Consider the legal implications of attacks against fully distributed entities.
(Source: RSA Conference USA 2018)
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
Virus Bulletin 2018: Lazarus Group a mahjong game played with different sets ...Peter Kálnai
Lazarus Group: a mahjong game played with different sets of tiles
https://www.virusbulletin.com/virusbulletin/2019/06/vb2018-paper-lazarus-group-mahjong-game-played-different-sets-tiles/
BSides Boston and RI 2013
Video (BSides RI: http://www.irongeek.com/i.php?page=videos/bsidesri2013/2-0-booting-the-booters-stressing-the-stressors-allison-nixon-and-brandon-levene)
DISCLAIMER: For an improve rendering please check the original source on our drive : https://docs.google.com/presentation/d/1akI0F7CYqff7xJuPklrQiYE4xymv6bU1FHHjvP9lBLY/edit#slide=id.g12c452509f1_2_41
Also more details provided on our github page: https://github.com/crowdsecurity/fundraising-decks
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsBeau Bullock
This presentation covers the basics of what cryptocurrencies are, some major hacks, and a walk through of vulnerabilities emerging from cryptocurrency ecosystems.
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsBeau Bullock
This presentation covers the basics of what cryptocurrencies are, some major hacks, and a walk through of vulnerabilities emerging from cryptocurrency ecosystems.
"While blockchain is immensely popular and sometimes even overrated, this technology still faces some issues due to the immature and inexperienced user community. Without saying, this sets the stage for numerous scam schemes. Our aim is to make the cryptocurrency fraud list of the 5 most common risk factors of blockchain projects. We strive to ensure the security of your crypto interaction by raising your awareness of swindler strategies and market volatility.
This topic will be interested for those who look at:
- cryptocurrency scam risk factors
- cryptocurrency scam
- cryptocurrency fraud
- cryptocurrency fraud list
- is cryptocurrency fraud
This is addopted presentation. To review the longread, visit https://axisbits.com/blog/Cryptocurrency-Scam-Risk-Factors"
Fighting Cybercrime Using the BlockchainPriyanka Aash
Bitcoin is sometimes described as the “currency of criminals,” and we all see stories about how criminals use bitcoin to move money and extract ransoms. But did you know that law enforcement also uses the blockchain—bitcoin’s distributed, immutable, permanent record of transactions—to investigate cybercrime? Come learn more about how bitcoin’s underlying technology helps fight cybercrime
(Source: RSA Conference USA 2017)
In 2016, the presenters co-founded the ‘nomoreransom’ platform to provide an answer to victims of ransomware. Supported by Amazon’s AWS and Barracuda technology, they never estimated that they had created the largest honeypot ever. In this presentation they will share in short what nomoreransom is, how victims can use it, but moreover insights in the daily attacks we are facing.
Bitcoin has exploded in popularity and skyrocketed in value. Proponents of blockchain, the technology that makes cryptocurrency possible, now want to apply it to a wide range of other applications like identity management, verifiable records and digital assets such as stocks. Is the industry building new systems on a cryptographically weak foundation? What threats does blockchain face?
(Source: RSA Conference USA)
Cybercriminals are eroding trust in voice services with 5.1 billion robocalls a month duping consumers with phone scams. The robocall strike-force has socialized the STIR/Shaken (Secure Telephony Identity Revisited/Signature-based handling of Asserted Information using tokens) framework to combat robocalling. Learn about the framework, limitations and security architectures for robust implementation.
Learning Objectives:
1: Become part of the cybersecurity community that is aware of voice crime specifically robocalling.
2: Review the framework that many service providers are working on to thwart.
3: Support your voice professional counterparts in implementing secure architectures.
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017CASCouncil
The web is moving towards a 100% Encrypted Web—but can we get it, right? Understanding the surge in use of https for malware and phishing, the renewed importance of revocation checking, the role of browser UI design in protecting users, the renewed importance of identity in TLS certificates, and the latest industry studies and initiatives for a safer Internet.
Similar to RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case Studies (20)
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
11. #RSAC
Questions
Which threat vector will impact Bitcoin’s future most?
How anonymous is Bitcoin?
Will we see more of CryptoLocker clones in the future demanding
Bitcoin for encrypted file ransom?
Which threat vector is likely under-rated?
What opportunities and impact will Bitcoin bring to the security
industry?
How to boost Bitcoin’s wide adoption?
23. #RSAC
Mining resources theft
Botnets - Some also have injects for bitcoin theft, i.e this Zeus modification:
https://bigrc.biz/threads/%D0%BF%D1%80%D0%BE%D0%B4%D0%B0%D0%BC-botnet-evolution-
%D0%B1%D0%BE%D1%82%D0%BD%D0%B5%D1%82.9505/
25. #RSAC
Wallet theft
Endpoint wallet stealers
Dell: Nearly 150 Strains of Malware Are After Your Bitcoins
Bitcoin-featured banking malware
Trojaned browser plugins
26. #RSAC
Bitcoin malware trends
Malware is and will be an important tool for coin thieves against
end users
Attack wallet files or website logins
Desktop and mobile
Interest from malware authors is proportional to the Bitcoin price
and adoption in their target demographic
Dropped in 2014 along with price [Symantec]
As adoption grows, average technical savvy of user will drop
30. #RSAC
Defending Against Bitcoin Malware
For now, most Bitcoin malware will simply be standard financial
trojans. Use traditional methods of detection
Behavioral analysis: processes scanning for ‘wallet.dat’,
‘wallet.aes.json’ or Base58Check strings all potentially suspicious
Put private keys offline and into cold storage; use offline signing
Security proportional to amount of funds stored, even during
upward price swings
Multi-stage signing protocols such as P2SH multisig, Shamir’s
Secret Sharing, or threshold sigs distribute risk
31. #RSAC
Crime and terrorism
Bitcoin as gaming credits (ex: gambling)
Bitcoin as payment protocol for criminal trade
Bitcoin used to fund or to donate to terrorists
Bitcoin as means to launder money
32. #RSAC
Insider threat
Current operators or employees
Ex-employees
Fake “compromises”
US Department of Justice: US Secret
Service agent "diverted" more
than $800,000 in Bitcoins to
his personal accounts
38. #RSAC
Questions
Which threat vector will impact Bitcoin’s future most?
How anonymous is Bitcoin?
Will we see more of CryptoLocker clones in the future demanding Bitcoin
for encrypted file ransom?
Does cryptocurrency promote ransomware
Which threat vector is likely under-rated?
What opportunities does Bitcoin bring to the security industry?
How will Bitcoin impact the security industry?
How to boost Bitcoin’s wide adoption?
This question pertains to custodial services. One of the benefits of
Bitcoin is that it eliminates intermediaries and counter-party risk.
However, many users appreciate the convenience and potential security
of custodial companies, which re-introduce some of those negative
elements that Bitcoin seeks to eliminate. In some cases, this has
resulted in lost coins due to mismanagement, insider threats, or
fraud. Is custodial Bitcoin a good or bad thing? Will we see more or
less of it in the future? How can custodial companies prove that to
users that they are liquid (e.g proof of reserves)?
Keylogging, screenshot and video capture. Focused on obtaining login credentials
Usually escrow funds are in danger with these marketplaces.
Other exchanges have adopted 2 of 3 multisig escrow to prevent theft of escrow funds.
Force had abused his positions as a DEA agent and compliance officer at digital currency exchange CoinMKT to freeze a customer’s account and transfer $297,000 worth of cryptocoins to his personal account
Both Force and Bridges had set up front companies and associated bank accounts where illegally-acquired $820k were deposited
This question pertains to custodial services. One of the benefits of
Bitcoin is that it eliminates intermediaries and counter-party risk.
However, many users appreciate the convenience and potential security
of custodial companies, which re-introduce some of those negative
elements that Bitcoin seeks to eliminate. In some cases, this has
resulted in lost coins due to mismanagement, insider threats, or
fraud. Is custodial Bitcoin a good or bad thing? Will we see more or
less of it in the future? How can custodial companies prove that to
users that they are liquid (e.g proof of reserves)?