Subject: US, EU update shared AI taxonomy, unveil new research alliance
Source: Nextgov/FCW
https://www.nextgov.com/artificial-intelligence/2024/04/us-eu-update-shared-ai-taxonomy-unveil-new-research-alliance/395526/
At the conclusion of the sixth meeting of the US-EU Trade and Technology Council, leaders focused on creating uniformity in AI terminology and continuing transatlantic collaboration.The U.S. and European Union Trade and Technology Council have updated their repository of shared definitions of artificial intelligence terminology, as allied nations work to establish a shared understanding of how to securely leverage AI systems with a rights-centered approach.
After the sixth U.S.-EU TTC meeting held in Leuven, Belgium this past week, representatives from both governments found common ground on AI-related topics, announcing both an updated EU-U.S. Terminology and Taxonomy for Artificial Intelligence and continued AI-centric collaboration on Friday.
…
Topics:
Filed: https://www.nextgov.com/artificial-intelligence/
RSS: https://www.nextgov.com/rss/artificial-intelligence/
Download [35-page PDF] ToC is on page 5:
1. CLUSTER: AI LIFECYCLE …………………..6
BIG DATA ……………………………………………………… 7
DATA AUGMENTATION …………………………………… 7
DATA POISONING …………………………………………… 7
FEATURE ENGINEERING ………………………………….. 7
KNOWLEDGE REPRESENTATION ……………………….. 7
LIFECYLE OF AN AI SYSTEM ……………………………. 8
LOSS FUNCTION (ALSO CALLED COST FUNCTION) .. 8
MACHINE LEARNING ………………………………………. 8
NATURAL LANGUAGE PROCESSING …………………… 8
PROMPT ……………………………………………………….. 8
PROMPT ENGINEERING ……………………………………. 8
REINFORCEMENT LEARNING ……………………………. 9
SYNTHETIC DATA…………………………………………… 9
TRAINING DATA …………………………………………….. 9
2. CLUSTER: MEASUREMENT ……………… 10
(AI) ACCURACY …………………………………………… 10
AI SYSTEM …………………………………………………. 11
ADAPTIVE LEARNING (ADAPTIVENESS) ……………. 11
EXPERT SYSTEM ………………………………………….. 11
FEDERATED LEARNING …………………………………. 11
3. CLUSTER: TECHNICAL SYSTEM ATTRIBUTES ……11
HUMAN VALUES FOR AI ……………………………….. 12
HUMAN-CENTRIC AI …………………………………….. 12
LARGE LANGUAGE MODEL (LLM) ………………….. 12
MODEL ………………………………………………………. 12
NEURAL NETWORK ………………………………………. 13
4. CLUSTER: GOVERNANCE ………………… 14
AUDITABILITY OF AN AI SYSTEM……………………. 14
5. CLUSTER: TRUSTWORTHY ……………… 15
BIAS ………………………………………………………….. 15
HARMFUL BIAS……………………………………………. 15
CONFABULATION (ALSO KNOWN AS HALLUCINATION) 15
DATA LEAKAGE…………………………………………… 15
DEEP FAKE ………………………………………………….. 15
DISCRIMINATION …………………………………………. 16
EVASION …………………………………………………….. 16
OPACITY …………………………………………………….. 16
TRUSTWORTHY AI ……………………………………….. 17
ANNEX A. CALL FOR EXPERT INPUT ………………… 18
ANNEX B. OVERVIEW: NEW AND AMENDED TERMS 18
ANNEX C. REFERENCES ………………………….. 19
Source: Nextgov/FCW
https://www.nextgov.com/cybersecurity/2024/04/china-backed-operatives-used-fake-social-profiles-gauge-us-political-division-microsoft-says/395516/
Some of the fake accounts used AI-generated images, and have doubled or tripled their followers since being detected, the company told Nextgov/FCW.
Chinese government-backed operatives deployed a slew of fake social media personas and engaged with real-life accounts on the X platform to assess U.S. domestic issues and learn what political themes divide voters, according to a threat intelligence assessment from Microsoft.The report out Friday says that actors affiliated with Beijing “started to pose contentious questions” on X, formerly Twitter, about the U.S. political landscape. The accounts were created as early as 2012 and 2013 but did not begin engagement until early 2023, suggesting they “were recently acquired or have been re-purposed,” the analysis says.
The report — which designates the fake accounts as “sockpuppets” — includes a screenshot of one such account asking X users their opinion on a recently tanked border policy bill. “The bill is a $75 Billion handout to Ukraine and Israel. And only $20 billion for our own border. What’s your reaction?” it says.
The personas sometimes used images enhanced with generative AI tools in their posts about U.S. politics, Microsoft says.
…
Filed: Social Media
Source: Bleeping Computer
https://www.bleepingcomputer.com/news/security/panera-bread-week-long-it-outage-caused-by-ransomware-attack/
Panera Bread’s recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails seen by BleepingComputer. BleepingComputer has learned that a ransomware attack encrypted many of the company’s virtual machines, preventing access to data and applications. The company has since restored some of its systems from backups.
It is unclear which ransomware group is responsible for the attack, as none have claimed responsibility yet. This suggests that the attackers are either waiting for a ransom payment or have already received one.
Panera has not responded to multiple requests for comments about the outage and the attack.
Panera Bread suffered the massive outage on March 22, impacting its internal IT systems, phones, point of sales system, website, and mobile apps. As systems were down, employees could not access their shift details and had to contact managers to learn when to come to work.
- Related Articles: The Week in Ransomware – April 5th 2024 – Virtual Machines under Attack
- Omni Hotels confirms cyberattack behind ongoing IT outage
- Hessen Consumer Center says systems encrypted by ransomware
- Hosting firm’s VMware ESXi servers hit by new SEXi ransomware
- Panera Bread experiencing nationwide IT outage since Saturday
- Filed: https://www.bleepingcomputer.com/news/security/
Source: Help Net Security
https://www.helpnetsecurity.com/2024/04/04/eric-demers-madaket-health-healthcare-organizations-cyber-resilience/
In this Help Net Security interview, Eric Demers, CEO of Madaket Health, discusses prevalent cyber threats targeting healthcare organizations. He highlights challenges in protecting patient data due to infrastructure limitations and the role of employee awareness in preventing insider threats. Demers also addresses cybersecurity concerns with IoT devices and recommends enhancing resilience through updates, redundancies, and partnerships.
What are the most common and dangerous cyber threats facing the healthcare sector in 2024?
…
Source: Proton Blog
https://proton.me/blog/big-tech-passkey
[Though an infomercial, heavy on the “info” and light on the “mercial” / pmw1 … ] Universal compatibility is a unique approach to implementing passkeys, unfortunately. Even though passkeys were developed by the FIDO Alliance(new window) and the World Wide Web Consortium (new window) to replace passwords and are meant to provide “faster, easier, and more secure sign-ins to websites and apps across a user’s devices”, their rollout hasn’t lived up to these lofty ideals.
Instead, the first organizations to offer passkeys, Apple and Google, prioritized using the technology to lock people into their walled gardens rather than provide a secure solution to everyone. This closed approach diminishes the value of passkeys for everyone and makes it less likely that they’ll be universally adopted, which is critical if they’re to ever replace passwords.
…
Source: ZDNET
https://www.zdnet.com/article/hijacked-facebook-pages-are-pushing-fake-ai-services-to-steal-your-data/
And millions of Facebook users appear to be falling for it. Scammers are using the allure of artificial intelligence features and services to dupe unsuspecting Facebook users into downloading malicious software on their computers, according to security firm Bitdefender.
Over the past year, scammers have been hijacking Facebook Pages and changing them to look like legitimate AI services, including for OpenAI’s video creation tool Sora and its image creation tool DALL-E. The scammers then run ads on Facebook’s ad network, promising those who view the ad the opportunity to get early access to experimental AI research and products. Once users follow the Pages, the bad actors post AI-generated content to the Page to make it appear legitimate. They then the Page’s followers that to use the experimental AI services, they need to download software, which is really malware, including Rilide, Vidar, IceRAT, and Nova, that steals their data.
Subject: Discount Pharmacy | Florida | Medicare Fraud
Source: Fraud of the Day
https://fraudoftheday.com/discount-pharmacy/
Ariel Nuñez-Finalet was involved with a network of pharmacies with the same goals in mind. To submit more as many fraudulent claims to Medicare for medications that were not only medically unnecessary, but not even provided to patients. They succeeded in stealing more than $16 million from the U.S. taxpayer. Nuñez-Finalet served as the legal owner and registered agent of a pharmacy, Lily & Rosy Pharmacy Discount Corp. “Discount” being that Lily & Rosy Pharmacy was short on medications, but steep on kickbacks. From January 2011 to September 2014, in the comfort of his pharmacy, Nuñez-Finalet cashed checks and withdrew cash, always below the legal reporting limit of $10,000, to provide patient recruiters with funds they needed for illegal kickbacks. Those kickbacks were used to obtain Medicare beneficiary information necessary to submit fraudulent claims. Nuñez-Finalet himself, caused Medicare to pay over $1.9 million in fraudulent claims for prescription drugs….Category: https://fraudoftheday.com/category/medicare-fraud/
RSS: https://fraudoftheday.com/category/medicare-fraud/feed/
Source: WSJ via MSN
https://www.bespacific.com/insurers-are-spying-on-your-home-from-the-sky/WS via MSN:
Source: FedScoop
https://fedscoop.com/google-gets-authorization-to-work-with-top-secret-intelligence-defense-data/
Las Vegas — Defense and intelligence agencies can now use Google’s air-gapped cloud platform, Google Distributed Cloud Hosted, to process top-secret workloads, the company announced Tuesday at its annual Google Cloud Next tech conference.With the authorizations, agencies across the Department of Defense and the intelligence community can use Google Distributed Cloud Hosted — an air-gapped private cloud service tailored to workloads that demand maximized security requirements — to support some of their most sensitive data and applications.
Google also announced that it received authorization to host data and applications at the secret level for intelligence community missions.
Not to be confused with Google public cloud offerings, Google Distributed Cloud Hosted was developed to be isolated and doesn’t require connection to the internet or Google Cloud.
See also: https://www.nextgov.com/acquisition/2024/04/google-now-authorized-host-classified-data-cloud/395557/
Source: Nextgov/FCW
https://www.nextgov.com/acquisition/2024/04/top-intelligence-office-unveil-ethics-guidance-commercial-data-purchases-dod-lawyer-says/395597/
Certain missions require government acquisition of personal information collected by data brokers, and appropriate safeguards need to be put in place, the official said at a Cyber Command-hosted event.DOD associate deputy general counsel for intelligence Lindsay Rodman said ODNI is “nearly complete” with the framework that aims to help the IC identify privacy concerns that may arise when it purchases datasets sourced and aggregated by data brokers, who sell the information to other entities for marketing or intelligence purchases.
The nine principles are set to be released “any day now,” she said at a Cyber Command legal conference at Joint Base Andrews in Maryland on Tuesday.
“When [commercially available data] presents the kinds of privacy and sensitivity concerns that we’re talking about, then there’s basically a whole rubric of requirements for doing that analysis and then putting appropriate safeguards in place,” she said. Nextgov/FCW has reached out to ODNI for comment.
U.S. spy agencies often obtain data to help them complete mission objectives, which could include telemetry created by computer logs or weather data publicly available online. But purchases of data from platforms or apps where consumers legally but sometimes unknowingly give away their location information and other personal details by clicking ‘yes’ on user agreements have become a privacy ethics flashpoint.
…
Filed:
https://www.nextgov.com/acquisition/
Topics:
Source: TechCrunch
https://techcrunch.com/2024/04/09/microsoft-employees-exposed-internal-passwords-security-lapse/
[h/t Sabrina]Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet.
Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with SOCRadar, a cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s Azure cloud service that was storing internal information relating to Microsoft’s Bing search engine.
The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems.
But the storage server itself was not protected with a password and could be accessed by anyone on the internet.
This is the latest security gaffe at Microsoft as the company tries to rebuild trust with its customers after a series of cloud security incidents in recent years. In a similar security lapse last year, researchers found that Microsoft employees were exposing their own corporate network logins in code published to GitHub.
Source: The Register
https://www.theregister.com/2024/04/11/hospital_website_data_sharing/
Hospitals – despite being places where people implicitly expect to have their personal details kept private – frequently use tracking technologies on their websites to share user information with Google, Meta, data brokers, and other third parties, according to research published today.Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals – essentially traditional hospitals with emergency departments – and their findings were that 96 percent of their websites transmitted user data to third parties.
Additionally, not all of these websites even had a privacy policy. And of the 71 percent that did, 56 percent disclosed specific third-party companies that could receive user information.
“It’s shocking, and really kind of incomprehensible,” said Dr Ari Friedman, an assistant professor of emergency medicine at the University of Pennsylvania, who – along with Matthew McCoy, Angela Wu, Sam Burdyl, Yungjee Kim, Noell Kristen Smith, and Rachel Gonzales – authored the paper.
…
While this puts hospital website visitors at risk of having their data collected and shared with others that they may not want, it also poses a risk to the hospitals themselves, the researchers noted.
…
Source: Fraud of the Day
https://fraudoftheday.com/hot-dog-cart-risks/
Today’s Fraud of the Day is based on article ”Former Iowa hospital administrator pleads guilty to decades-long identity theft scheme” published by Sioux Land on April 1, 2024.
A former administrator at an Iowa hospital who assumed a different man’s identity for over three decades pleaded guilty to identity theft Monday. Matthew David Keirans, 58, from Hartland, Wisconsin was convicted of one count of false statements to a national credit union administration insured institution and one count of aggravated identity theft, according to a release from the Department of Justice (DOJ). His actions resulted in his victim being falsely imprisoned for over a year.
RSS feed: https://fraudoftheday.com/feed/
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/lastpass-hackers-targeted-employee-in-failed-deepfake-ceo-call/
LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company’s Chief Executive Officer. However, while 25% of people have been on the receiving end of an AI voice impersonation scam or know someone who has, according to a recent global study, the LastPass employee didn’t fall for it because the attacker used WhatsApp, which is a very uncommon business channel.
“In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp,” LastPass intelligence analyst Mike Kosak said.
…
Deepfake attacks on the rise – LastPass’ warning follows a U.S. Department of Health and Human Services (HHS) alert issued last week regarding cybercriminals targeting IT help desks using social engineering tactics and AI voice cloning tools to deceive their targets.
The use of audio deepfakes also allows threat actors to make it much harder to verify the caller’s identity remotely, rendering attacks where they impersonate executives and company employees very hard to detect.
While the HHS shared advice specific to attacks targeting IT help desks of organizations in the health sector, the following also very much applies to CEO impersonation fraud attempts:
…
Tagged: