Outgoing Dutch PM will take over from Jens Stoltenberg as secretary-general in October

More congratulations are coming in from European leaders.

Mark Rutte, the outgoing Dutch prime minister and incoming Nato secretary-general, is a well-liked figure among heads of state and government.

Continue reading...

💾

© Photograph: Johanna Geron/Reuters

💾

© Photograph: Johanna Geron/Reuters

Pine writes, directs and stars – alongside Danny DeVito and Annette Bening – in this rambling comedy mystery about a shaggy, quirky pool attendant

Chris Pine is usually a likable screen presence but he’s let down here by a flimsy script and over-indulgent direction – which could have something to do with the co-screenwriter (Chris Pine) and the first-time director (er, Chris Pine). You can see what he was going for: a knockabout stoner neo-noir paying homage to old-school Los Angeles, but this is more like Chinatown without the savagery, or Inherent Vice without the brains, or The Big Lebowski without the drugs.

Pine’s character is very much a watered-down version of Jeff Bridges’ Dude (the strongest thing he consumes is an egg cream mocktail). He’s a shaggy, aimless slacker who lives in a trailer next to the apartment-complex pool he tends with zen-like focus. As his character name, Darren Barrenman, forewarns, he’s little more than a collection of quirks: he makes origami gifts; meditates underwater at the bottom of his pool; types soul-baring letters to Erin Brockovich. He also dresses in short shorts and a pink blazer, but later seems to have a bottomless dressing-up wardrobe, and regularly campaigns about public transport at the city council with the aid of hand-made dioramas. None of this really makes any sense.

Continue reading...

💾

© Photograph: Landmark Media/Alamy

💾

© Photograph: Landmark Media/Alamy

The Handala hacker group has claimed responsibility for breaching Zerto, an Israeli firm specializing in critical cybersecurity services. The Zerto cyberattack reportedly yielded a substantial 51 terabytes of data, potentially exposing sensitive information integral to Zerto's operations. Zerto is renowned for its pivotal role in disaster recovery synchronization and site recovery, providing essential services utilized by numerous global enterprises. The cyberattack on Zerto by Handala, a group sympathetic to Palestinian causes and named after a symbol of Palestinian resilience, highlights the increasing intersection of geopolitical tensions and cybersecurity threats.

Handala Hacker Group Claims Responsibility for Zerto Cyberattack

[caption id="attachment_78661" align="alignnone" width="1280"] Source: X[/caption] According to the threat actor's post, Handala hacker group claims that they have targeted Zerto and also shared multiple screenshots on dashboards associated with the cybersecurity company. The group, previously claimed cyberattack on Israel’s radars and allegedly took down Iron Dome missile defense systems. The Handala hacker group draws its inspiration from the iconic figure created by Palestinian cartoonist Naji al-Ali. The character, depicted as a ten-year-old with hands clasped behind his back, symbolizes defiance against imposed solutions and solidarity with the marginalized Palestinian population. Since al-Ali's tragic assassination in 1987, Handala has remained a potent symbol of Palestinian identity, prominently displayed across the West Bank, Gaza, and Palestinian refugee camps. The cyberattack on Zerto marks another chapter in Handala's campaign, aligning their actions with broader movements supporting Palestinian rights globally. The group's activities have resonated within these movements, akin to its adoption by the Boycott, Divestment, and Sanctions movement and the Iranian Green Movement. Despite the bold claims by the Handala hacker group, official confirmation from Israeli authorities regarding the extent and impact of the cyberattack is pending. However, security experts within Israel have expressed concerns over the plausibility of Iranian involvement in cyber operations targeting critical Israeli infrastructure.

The Implication of Cyberattack on Zerto

The Cyber Express reached out to Handala for further insights into their motives and objectives behind the Zerto cyberattack. As of the latest update, no formal response has been received, leaving the claims and motivations of the attack unverified. The incident highlights the ongoing cybersecurity challenges faced by firms operating in sensitive sectors, exacerbated by geopolitical tensions and sophisticated cyber threats. The implications of the Zerto breach are profound, highlighting vulnerabilities in cybersecurity defenses and the need for robust measures to protect critical infrastructure. As stakeholders await further developments, The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged Zerto cyberattack or any official confirmation from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

OK, that's actually something that I just made up, but if such an award existed, would not the following win it? "Here's a tricky ethical conundrum – how much can you command yourself to care about the suffering of a monumental dickhead?" While being mindful of the gendered nature of the included slur (thanks Metafilter!) I nonetheless submit to you the tribulations (SLGuardian) faced by West London curator Ben Moore, courtesy of the Guardian's Lucy Mangan's review of The Stormtrooper Scandal.

One choice quote: "Furious trading ensues and Moore and the cryptobros take a cut of everything and make (estimated) millions. Then some of the artists become aware that pictures of their work have been taken and sold without permission. To the apparent total surprise of Moore, this matters and ultimately ends in the NFTs becoming worthless." Oh ho ho, did you say NFT? And also, somehow, Star Wars? Fair warning: I have yet to see the film, but with a writeup like this, you can be sure it's in my watchlist. Currently airing on BBC2, here's hoping we'll find it on SBS soon enough. Creepto derision not just welcome, but encouraged! (And has anyone else noticed a dramatic increase in the spicyness of Guardian reviews?)

The history of gelato is long. There's also a timeline over at a Gelato-Inspired Resource. Gelato can ostensibly be made at home. Yelp has you covered with 10 Best Gelato Near Philadelphia, but for finding the good stuff in Italy, ask over at National Geographic, Rick Steves, or chronacedigusto. Note that gelato is not ice cream. Hit up Gelato Festival for world rankings. You can eat your gelato like the Romans do it, or you can adorn it with seasonal fruit or other accompaniment.

In a high-stakes clash within the crypto verse, Kraken, a leading U.S. cryptocurrency exchange, has accused blockchain security firm Certik of illicitly siphoning $3 million from its treasury and attempting extortion. The dispute shows the significant tensions between ethical hacking practices and corporate responses and underscores the complexities and challenges within the bug bounty ecosystem.

Accusations from Kraken

Nick Percoco, Kraken's chief security officer, took to social media platform X (formerly known as Twitter) to accuse an unnamed security research firm of misconduct. According to Percoco, the firm - later revealed to be Certik - breached Kraken’s bug bounty program rules. Instead of adhering to the established protocol of promptly returning extracted funds and fully disclosing bug transaction details, Certik allegedly withheld the $3 million and sought additional compensation, Percoco claimed. Percoco claimed that "the ‘security researcher’ disclosed this bug to two other individuals who they work with who fraudulently generated much larger sums. They ultimately withdrew nearly $3 million from their Kraken accounts. This was from Kraken’s treasuries, not other client assets." He said that after contacting the researchers, instead of returning the funds they "demanded a call with their business development team (i.e. their sales reps) and have not agreed to return any funds until we provide a speculated $ amount that this bug could have caused if they had not disclosed it. This is not white-hat hacking, it is extortion!" Percoco said that in the decade-long history of Kraken’s bug bounty program, the company had never encountered researchers who refused to follow the rules. The program stipulates that any funds extracted during bug identification must be immediately returned and accompanied by a proof of concept. The researchers are also expected to avoid excessive exploitation of identified bugs. The dispute escalated as Certik reportedly failed to return the funds and accused Kraken of being “unreasonable” and unprofessional. Percoco responded that such actions by security researchers revoke their “license to hack” and classify them as criminals.

“As a security researcher, your license to “hack” a company is enabled by following the simple rules of the bug bounty program you are participating in. Ignoring those rules and extorting the company revokes your “license to hack”. It makes you, and your company, criminals.”

Certik's Response to Kraken

Following Kraken’s public accusations, Certik disclosed its involvement and countered Kraken’s narrative by accusing the exchange of making unreasonable demands and threatening its employees. Certik claimed Kraken demanded the return of a “mismatched” amount of cryptocurrency within an unfeasible timeframe without providing necessary repayment addresses. The company provided an accounting of its test transactions to support its claims. Certik shared its intent to transfer the funds to an account accessible to Kraken despite the complications in the requested amount and lack of repayment addresses.

“Since Kraken has not provided repayment addresses and the requested amount was mismatched, we are transferring the funds based on our records to an account that Kraken will be able to access.” - CertiK

CertiK’s Take on Kraken’s Defense Systems

Certik defended its actions and instead highlighted the inadequacy of Kraken’s defense systems. The firm pointed out that the continuous large withdrawals from different testing accounts, which were part of their testing process, should have been detected by Kraken’s security measures. Certik questioned why Kraken’s purportedly robust defense systems failed to identify such significant anomalies. “According to our testing result: The Kraken exchange failed all these tests, indicating that Kraken’s defense in-depth-system is compromised on multiple fronts. Millions of dollars can be deposited to ANY Kraken account. A huge amount of fabricated crypto (worth more than 1M+ USD) can be withdrawn from the account and converted into valid cryptos. Worse yet, no alerts were triggered during the multi-day testing period. Kraken only responded and locked the test accounts days after we officially reported the incident.” - CertiK The blockchain security firm said the fact behind their white hat operation is that “millions dollars of crypto were minted out of air, and no real Kraken user’s assets were directly involved” in these research activities. The firm also said that the dispute with the cryptocurrency exchange is actually shifting focus away from a more severe security issue at Kraken. “For several days, with many fabricated tokens generated and withdrawn to valid cryptos, no risk control or prevention mechanisms were triggered until reported by CertiK,” it said. “The real question should be why Kraken’s in-depth defense system failed to detect so many test transactions.” Regarding the money siphoned, Certik said, “Continuous large withdrawals from different testing accounts was a part of our testing.” With an aim of transparency, the security firm disclosed details of all testing deposit transactions and the timeline of how the bug bounty saga played out on X. [caption id="attachment_78192" align="aligncenter" width="698"] Timeline of the Kraken vs CertiK zero-day and bug bounty dispute (Source: CertiK on platform X)[/caption]

Disclosure of Product Flaws Treads a Fine Line

The news of the escalated dispute comes on the heels of another incident where a white hat hacker - after following bug bounty ethics - was threatened by the legal team of the company to “cease and desist.” Andrew Lemon, an offensive security expert, responsibly reported a critical vulnerability to an unnamed company that manufactured and sold a traffic control system. The vulnerability allowed a remote unauthenticated attacker to bypass security and gain full control of a traffic controller, giving them the ability to changing stoplights and modify traffic flow, Lemon explained in a LinkedIn post. But to Lemon’s surprise, instead of acknowledging and addressing the bug with the engineering team, its legal team threatened to sue him under the Computer Fraud and Abuse Act. “I Received a letter from a company's legal team instead of engineering after responsibly disclosing a critical vulnerability in a traffic control system I purchased from eBay,” he said. “The company's response? In order for them to acknowledge the vulnerability, hardware must be purchased directly from them or tested with explicit authorization from one of their customers, they threatened prosecution under the Computer Fraud and Abuse Act, and labeled disclosure as irresponsible, potentially causing more harm.” Security Engineer Jake Brodsky responded saying, “Legally they're not wrong for writing such a letter or even bringing a court case against the researcher. However, ethically, because it pits professional organizations against each other for no good reason, it is problematic.” Disclosure of product flaws treads a very fine line. On the one hand, nobody likes the publicity that follows. On the other hand, if nobody says anything, the only way we can improve is in the aftermath of an investigation where fortunes are lost and people get hurt.

Implications for the Bug Bounty Ecosystem

The Kraken-Certik dispute and the one highlighted by Andrew Lemon raises critical questions about the operational dynamics and ethical boundaries within bug bounty programs. These programs are designed to incentivize security researchers to identify and report vulnerabilities, offering financial rewards for their efforts. However, these cases reveal potential pitfalls when communication and mutual understanding between parties break down. The ethical framework of bug bounty programs relies on clear rules and mutual trust. Researchers must adhere to the program’s guidelines, including the immediate return of any extracted funds and full disclosure of their findings. On the other hand, companies must provide clear instructions and maintain professional interactions with researchers. There is a need for well-defined protocols and communication channels between companies and researchers. Ensuring transparency and clarity in expectations can prevent misunderstandings and conflicts, fostering a more cooperative environment for cybersecurity improvements.

In high-tech labs, workers are generating data to train A.I. algorithms to design better medicine, faster. But the transformation is just getting underway.

The just-before or the just-after tell a story; whether of becoming, or of letting go. For over 12 years, Mary Jo Hoffman has been taking a daily image of a gathered natural object (usually plants, sometimes dead birds and in one case, a live toad). Click on "details" at the bottom right of each object for, well, details. Hoffman on technique: "I spend a lot of time waiting for the sun to go behind a cloud so I can get softer lighting."

In high-tech labs, workers are generating data to train A.I. algorithms to design better medicine, faster. But the transformation is just getting underway.

Justice Alito Caught on Tape Discussing How Battle for America 'Can't Be Compromised' [ungated] - "In a new, secret recording, the Supreme Court justice says he 'agrees' that the U.S. should return to a place of godliness."

The recording, which was provided exclusively to Rolling Stone, captures Windsor approaching Alito at the event and reminding him that they spoke at the same function the year before, when she asked him a question about political polarization. In the intervening year, she tells the justice, her views on the matter had changed. "I don't know that we can negotiate with the left in the way that needs to happen for the polarization to end," Windsor says. "I think that it's a matter of, like, winning." "I think you're probably right," Alito replies. "On one side or the other — one side or the other is going to win. I don't know. I mean, there can be a way of working — a way of living together peacefully, but it's difficult, you know, because there are differences on fundamental things that really can't be compromised. They really can't be compromised. So it's not like you are going to split the difference." Windsor goes on to tell Alito: "People in this country who believe in God have got to keep fighting for that — to return our country to a place of godliness." "I agree with you. I agree with you," replies Alito, who authored the Supreme Court's 2022 Dobbs decision, which reversed five decades of settled law and ended a constitutional right to abortion.

Justice Alito questions possibility of political compromise in secret recording - "Martha-Ann Alito spoke to Windsor about her flags on another recording made at the dinner, according to an additional edited recording the filmmaker posted online. She said she wanted to fly a religious flag because 'I have to look across the lagoon at the Pride flag for the next month', an apparent reference to celebratory LGBTQ+ displays during Pride month in June." Supreme Court's Alito appears to back US return to 'godliness' in secret recording - "The 'Appeal to Heaven' flag has come to symbolize hopes by some conservative activists for a more Christian-centered U.S. government." Secret recording puts spotlight on Alito's strong conservative views on religious issues - "The justice has consistently backed religious Christian groups in Supreme Court cases and has often spoke about freedom of religion being under attack." Alito's 'Godliness' Comment Echoes a Broader Christian Movement - "Justice Samuel Alito's secretly recorded remarks come as many conservatives have openly embraced the view that American democracy must be grounded in a Christian worldview."

The unguarded moment added to calls for greater scrutiny by Democrats, many of whom are eager to open official investigations into outside influence at the Supreme Court. But the core of the idea expressed to Mr. Alito, that the country must fight the decline of Christianity in public life, goes beyond the questions of bias and influence at the nation's highest court. An array of conservatives, including antiabortion activists, church leaders and conservative state legislators, has openly embraced the idea that American democracy needs to be grounded in Christian values and guarded against the rise of secular culture. They are right-wing Catholics and evangelicals who oppose abortion, same-sex marriage, transgender rights and what they see as the dominance of liberal views in school curriculums. And they've become a crucial segment of former President Donald J. Trump's political coalition, intermingled with the MAGA movement that boosted him to the White House and that hopes to do so once again in November. The movement's rise has been evident across the country since Mr. Trump lost re-election in 2020. The National Association of Christian Lawmakers formed to advance Christian values and legislation among elected officials. This week in Indianapolis, delegates to the Southern Baptist Convention, the largest Protestant denomination in America, are voting on issues like restricting in vitro fertilization and further limiting women from pastoral positions. [US Southern Baptists effort to enshrine ban on women pastors falls short (earlier: Southern Baptists finalize expulsion of two churches with female pastors), US Southern Baptists condemn IVF procedure] And in Congress, Mike Johnson, a man with deep roots in this movement and the Alliance Defending Freedom, a conservative Christian legal advocacy group, is now speaker of the House. Now, Supreme Court justices have become caught up in the debate over whether America is a Christian nation. While Justice Alito is hardly openly championing these views, he is embracing language and symbolism that line up with a much broader movement pushing back against the declining power of Christianity as a majority religion in America. The country has grown more ethnically diverse and the share of American adults who describe themselves as religiously unaffiliated has risen steadily over the past decade. Still, a 2022 report from the Pew Research Center found that more than four in 10 adults believed America should be a "Christian nation." Justice Alito's agreement isn't the first time he has embraced Christian ways of talking about the law and his vision for the nation. Shortly after the Supreme Court overturned Roe v. Wade two years ago, a ruling for which Justice Alito wrote the majority opinion, the justice flew to Rome and addressed a private summit on religious liberty hosted by the University of Notre Dame. His overarching concern was the decline of Christianity in public life, and he warned of what he saw as a "growing hostility to religion, or at least the traditional religious beliefs that are contrary to the new moral code that is ascendant." "We can't lightly assume that the religious liberty enjoyed today in the United States, in Europe and in many other places will always endure," he said, referencing Christians "torn apart by wild beasts" at the Colosseum before the fall of the Roman Empire... [T]he resonance of the Sacred Heart goes beyond simply an abstract religious concept, just as the Pride flag does. Each is notable for the vision of America that they symbolize, and the different visions of marriage, family and morality that they represent. For one slice of America that celebrates L.G.B.T.Q. rights, June is Pride Month. For another devout, traditional Catholic slice, June is a time to remember the Sacred Heart.

Justice Alito, in secretly recorded audio, apparently agrees nation needs to return to place of 'godliness' - "In the edited clips that were posted to X, Windsor approached Martha-Ann Alito at the event and seemingly expressed sympathy for 'everything that you're going through' and that it 'was not okay.' 'It's okay because if they come back to me, I'll get them,' Martha-Ann Alito said, referring to the news media. 'I'm gonna be liberated, and I'm gonna get them.' ... Windsor then turned the conversation to the stir caused by the 'Appeal to Heaven' flag, to which Martha-Ann Alito said the 'feminazis believe that [Justice Alito] should control me. So, they'll go to hell, he never controls me,' she added." In Secret Recordings, Alito Endorses Nation of 'Godliness.' Roberts Talks of Pluralism. - "The two justices were surreptitiously recorded at a Supreme Court gala last week by a woman posing as a Catholic conservative."

The justice's comments appeared to be in marked contrast to those of Chief Justice Roberts, who was also secretly recorded at the same event but who pushed back against Ms. Windsor's assertion that the court had an obligation to lead the country on a more "moral path." "Would you want me to be in charge of putting the nation on a more moral path?" the chief justice said. "That's for people we elect. That's not for lawyers." Ms. Windsor pressed the chief justice about religion, saying, "I believe that the founders were godly, like were Christians, and I think that we live in a Christian nation and that our Supreme Court should be guiding us in that path." Chief Justice Roberts quickly answered, "I don't know if that's true." He added: "I don't know that we live in a Christian nation. I know a lot of Jewish and Muslim friends who would say maybe not, and it's not our job to do that." The chief justice also said he did not think polarization in the country was irreparable, pointing out that the United States had managed crises as severe as the Civil War and the Vietnam War. When Ms. Windsor pressed him on whether he thought that there was "a role for the court" in "guiding us toward a more moral path," the chief justice's answer was immediate. "No, I think the role for the court is deciding the cases," he said.

MIT Technology Review’s How To series helps you get things done. 

If you post or interact with chatbots on Facebook, Instagram, Threads, or WhatsApp, Meta can use your data to train its generative AI models beginning June 26, according to its recently updated privacy policy. Even if you don’t use any of Meta’s platforms, it can still scrape data such as photos of you if someone else posts them.

Internet data scraping is one of the biggest fights in AI right now. Tech companies argue that anything on the public internet is fair game, but they are facing a barrage of lawsuits over their data practices and copyright. It will likely take years until clear rules are in place. 

In the meantime, they are running out of training data to build even bigger, more powerful models, and to Meta, your posts are a gold mine. 

If you’re uncomfortable with having Meta use your personal information and intellectual property to train its AI models in perpetuity, consider opting out. Although Meta does not guarantee it will allow this, it does say it will “review objection requests in accordance with relevant data protection laws.” 

What that means for US users

Users in the US or other countries without national data privacy laws don’t have any foolproof ways to prevent Meta from using their data to train AI, which has likely already been used for such purposes. Meta does not have an opt-out feature for people living in these places. 

A spokesperson for Meta says it does not use the content of people’s private messages to each other to train AI. However, public social media posts are seen as fair game and can be hoovered up into AI training data sets by anyone. Users who don’t want that can set their account settings to private to minimize the risk. 

The company has built in-platform tools that allow people to delete their personal information from chats with Meta AI, the spokesperson says.

How users in Europe and the UK can opt out 

Users in the European Union and the UK, which are protected by strict data protection regimes, have the right to object to their data being scraped, so they can opt out more easily. 

If you have a Facebook account:

1. Log in to your account. You can access the new privacy policy by following this link. At the very top of the page, you should see a box that says “Learn more about your right to object.” Click on that link, or here. 

Alternatively, you can click on your account icon at the top right-hand corner. Select “Settings and privacy” and then “Privacy center.” On the left-hand side you will see a drop-down menu labeled “How Meta uses information for generative AI models and features.” Click on that, and scroll down. Then click on “Right to object.” 

2. Fill in the form with your information. The form requires you to explain how Meta’s data processing affects you. I was successful in my request by simply stating that I wished to exercise my right under data protection law to object to my personal data being processed. You will likely have to confirm your email address. 

3. You should soon receive both an email and a notification on your Facebook account confirming if your request has been successful. I received mine a minute after submitting the request.

If you have an Instagram account: 

1. Log in to your account. Go to your profile page, and click on the three lines at the top-right corner. Click on “Settings and privacy.”

2. Scroll down to the “More info and support” section, and click “About.” Then click on “Privacy policy.” At the very top of the page, you should see a box that says “Learn more about your right to object.” Click on that link, or here. 

3. Repeat steps 2 and 3 as above. 

The Toronto District School Board is investigating a recent ransomware attack that affected its testing environment. The Toronto board is Canada's largest school board, serving approximately 238,000 students across 600 schools in the city of Toronto. The board stated that it had taken immediate action and launched an investigation upon becoming aware of possible intrusion.

Toronto District School Board's Investigation Underway

The school board stated that the incident had affected its testing environment, which had been used to evaluate new technology and programs before being deployed on systems. The board's cybersecurity team had taken immediate action upon discovering the incident, securing systems and preserving data. The Toronto District School Board had notified details of the incident to the Toronto police and the Information and Privacy Commissioner of Ontario. [caption id="attachment_77136" align="alignnone" width="2800"] Source: www.tdsb.on.ca[/caption] In its letter of notification sent to parents and guardians, the Toronto District School Board stated that it had launched an investigation with the aid of third-party experts to fully assess the nature and scope of the incident. This includes potential compromise of its networks or breach of sensitive personal information. [caption id="attachment_77137" align="alignnone" width="1770"] Source: www.tdsb.on.ca[/caption] The letter added, "If it is determined that any personal information has been impacted, we will provide notice to all affected individuals. We understand that news of a cyber incident is concerning, but please know that we are doing everything possible to learn more about what occurred and address this situation.

Impact Unknown; More Details Expected Soon

Despite the attack, the district school board's systems remained fully operational and functional. While only the school's testing environment had been affected, Humber College cybersecurity expert Francis Syms remained concerned over the incident, as personal information is sometimes used on test environments. He added that test environments are usually not secured by multifactor authentication, potentially making data easier to access. However, he admitted that he was not aware of the testing system being used, as he was not part of the investigation team. The Toronto District School Board did not clarify whether the testing environment or its data contained any personal information. Ryan Bird, a spokesperson from the school district board, disclosed to CityNews Toronto that the full extent of the breach was unknown, or if any personal data had been compromised in the attack, but further details would be revealed by the end of the day. The Cyber Express team has reached out to the Toronto District School Board for further details and investigation results, but no responses have been received as of yet. Toronto's cybersecurity defenders have observed an uptick in cyberattacks in recent years, from both financially-motivated hackers and 'hacktivists' disrupting public systems. Some attacks occur during sensitive times such as elections, global conflicts, or visits by foreign leaders. However, ransomware attacks remain the most common form of attacks. City officials have been working with several agencies to rebuild trust in the safety of public systems and services. Charles Finlay, Toronto resident and executive director at Rogers Cybersecure Catalyst, had earlier stated to the Toronto Star, “I think the city has to be more forthcoming about what it is doing to ensure that those services are secure from cyber-attacks.” The City had witnessed several attacks on its public institutions such a Cl0p ransomware intrusion into the  City of Toronto's computer systems as well as an attack last year on the Toronto Public Library's computer systems. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The Banksy Museum does not own or display any actual Banksys but rather 167 decent-enough reproductions of them, life-size murals and paintings on panels treated to look like exterior walls that stretch through an exhibition space, designed to resemble the street. Max Lakin for the New York Times

Isabella Gomez Sarmiento for Morning edition:Museum founder Hazis Vardar says, "Banksy changed the rules. If you want to organize something about Banksy, you have to change the rules also," he said on a recent walk through the exhibit. Natasha Gural at Forbes supplies a more in-depth review: 4 Ways To See Beyond Graffiti At The Banksy Museum In New York Banksy Museum website

For years, mycologists and hobbyists alike have been using DNA sequencing on foraged fungi.

Inspired by the search for the Death Valley Germans (mefi previously), Antti Suanto and his brother decided to build themselves a remote-controlled sidescan sonar boat, and an underwater ROV, and attempt to solve two long-cold missing person cases in the waters of northern Finland.

In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the […]

The post Ticketmaster Data Breach and Rising Work from Home Scams appeared first on Shared Security Podcast.

The post Ticketmaster Data Breach and Rising Work from Home Scams appeared first on Security Boulevard.

💾

Souvenirs. Previously on MeFi: A Brief History of Souvenir Restaurant Matches. Iconic souvenir, Kokeshi dolls from Japan. Fanfare: Mad Men: Souvenir. Ask: Modern urban Athens souvenirs; Not a souvenir, more a neat token...; What's a creative souvenir?; souvenir/souvenirs tag. MeFites, tell us about your souvenirs!

"The defendants marketed to investors most in need of income and least able to afford a loss by advertising their schemes as a train to 'financial freedom' and 'freedom from the plantation,'" the suit said. "Cynthia Petion knew that 'it's never the ones who grew up rich who invest in these programs.'" from 'Jesus was the best affiliate marketer in the world': How a 'Reverend CEO' allegedly stole $1 billion in a crypto scam [MarketWatch]

Attorney General James Sues Cryptocurrency Companies NovaTechFx and AWS Mining for Defrauding Investors of More Than $1 Billion [NYAG] New York Sues Novatech Over $1 Billion Crypto Pyramid Scheme [Finance Feeds]

AI has been a major focus of the Gartner Security and Risk Management Summit in National Harbor, Maryland this week, and the consensus has been that while large language models (LLMs) have so far overpromised and under-delivered, there are still AI threats and defensive use cases that cybersecurity pros need to be aware of. Jeremy D’Hoinne, Gartner Research VP for AI & Cybersecurity, told conference attendees that hacker uses of AI so far include improved phishing and social engineering – with deepfakes a particular concern. But D’Hoinne and Director Analyst Kevin Schmidt agreed in a joint panel that there haven’t been any novel attack technique arising from AI yet, just improvements on existing attack techniques like business email compromise (BEC) or voice scams. AI security tools likewise remain underdeveloped, with AI assistants perhaps the most promising cybersecurity application so far, able to potentially help with patching, mitigations, alerts and interactive threat intelligence. D’Hoinne cautions that the tools should be used as an adjunct to security staffers so they don’t lose their ability to think critically.

AI Prompt Engineering for Cybersecurity: Precision Matters

Using AI assistants and LLMs for cybersecurity use cases was the focus of a separate presentation by Schmidt, who cautioned that AI prompt engineering needs to be very specific for security uses to overcome the limitations of LLMs, and even then the answer may only get you 70%-80% toward your goal. Outputs need to be validated, and junior staff will require the oversight of senior staff, who will more quickly be able to determine the significance of the output. Schmidt also cautioned that chatbots like ChatGPT should only be used for noncritical data. Schmidt gave examples of good and bad AI security prompts for helping security operations teams. “Create a query in my <name of SIEM> to identify suspicious logins” is too vague, he said. He gave an example of a better way to craft a SIEM query: “Create a detection rule in <name of SIEM> to identify suspicious logins from multiple locations within the last 24 hours. Provide the <SIEM> query language and explain the logic behind it and place the explanations in tabular format.” That prompt should produce something like the following output: [caption id="attachment_75212" align="alignnone" width="300"] SIEM query AI prompt output (source: Gartner)[/caption] Analyzing firewall logs was another example. Schmidt gave the following as an example of an ineffective prompt: “Analyze the firewall logs for any unusual patterns or anomalies.” A better prompt would be: “Analyze the firewall logs from the past 24 hours and identify any unusual patterns or anomalies. Summarize your findings in a report format suitable for a security team briefing.” That produced the following output: [caption id="attachment_75210" align="alignnone" width="300"] Firewall log prompt output (source: Gartner)[/caption] Another example involved XDR tools. Instead of a weak prompt like “Summarize the top two most critical security alerts in a vendor’s XDR,” Schmidt recommended something along these lines: “Summarize the top two most critical security alerts in a vendor’s XDR, including the alert ID, description, severity and affected entities. This will be used for the monthly security review report. Provide the response in tabular form.” That prompt produced the following output: [caption id="attachment_75208" align="alignnone" width="300"] XDR alert prompt output (source: Gartner)[/caption]

Other Examples of AI Security Prompts

Schmidt gave two more examples of good AI prompts, one on incident investigation and another on web application vulnerabilities. For security incident investigations, an effective prompt might be “Provide a detailed explanation of incident DB2024-001. Include the timeline of events, methods used by the attacker and the impact on the organization. This information is needed for an internal investigation report. Produce the output in tabular form.” That prompt should lead to something like the following output: [caption id="attachment_75206" align="alignnone" width="300"] Incident response AI prompt output (source: Gartner)[/caption] For web application vulnerabilities, Schmidt recommended the following approach: “Identify and list the top five vulnerabilities in our web application that could be exploited by attackers. Provide a brief description of each vulnerability and suggest mitigation steps. This will be used to prioritize our security patching efforts. Produce this in tabular format.” That should produce something like this output: [caption id="attachment_75205" align="alignnone" width="300"] Web application vulnerability prompt output (source: Gartner)[/caption]

Tools for AI Security Assistants

Schmidt listed some of the GenAI tools that security teams might use, ranging from chatbots to SecOps AI assistants – such as CrowdStrike Charlotte AI, Microsoft Copilot for Security, SentinelOne Purple AI and Splunk AI – and startups such as AirMDR, Crogl, Dropzone and Radiant Security (see Schmidt’s slide below). [caption id="attachment_75202" align="alignnone" width="300"] GenAI tools for possible cybersecurity use (source: Gartner)[/caption]

Elon Musk’s Starlink has connected an isolated tribe to the outside world — and divided it from within.

© Victor Moriyama for The New York Times

Residents have been covering their trees in mesh to protect them from the emerging broods, and the effect is pretty eerie.

A new program, backed by Cornell Tech, M.I.T. and U.C.L.A., helps prepare lower-income, Latina and Black female computing majors for artificial intelligence careers.

OpenAI may be changing how the world interacts with language. But inside headquarters, there is a homage to the written word: a library.

© Christie Hemm Klok for The New York Times

The unusual sight of aurora borealis was visible around the world.

© Robert F. Bukaty/Associated Press

Our columnist spent the past month hanging out with 18 A.I. companions. They critiqued his clothes, chatted among themselves and hinted at a very different future.

© Jason Allen Lee

Windows’ celebrated CLI (Command-Line Interpreter) is a treasure trove of hidden features, tools, and settings. Command Prompt lets you tap into every area of your Operating System, from creating new folders to formatting internal and external storage. To help you navigate cmd.exe like a pro, we’ve prepared a compressive list of cool CMD commands to […]

The post 80+ Essential Command Prompt (CMD) Commands appeared first on Heimdal Security Blog.