Connect with us

A cybersecurity company providing services to one in five election jurisdictions across the United States has teamed up with another company to beef up digital protections.

Image: iStockphoto, hermosawave

Two cybersecurity companies focused on election security are teaming up ahead of the November elections to protect dozens of states from a variety of potential attacks on voting infrastructure.

This week SpyCloud and CyberDefenses announced a partnership that will see the companies help one in every five election jurisdictions in the United States with cybersecurity around digital election tools. 

Multiple investigations from the Congress and the FBI showed there was an unprecedented amount of foreign interference in the 2016 vote that came in a variety of forms. Attackers from multiple countries, most prominently Russia, flooded social media with disinformation, launched devastating hacks on specific candidates and levied unsuccessful, but widespread, election infrastructure cyberattacks on all 50 states.

“We are all too aware of foreign attempts to undermine the sanctity of U.S. elections, and we’re proud to do our part with CyberDefenses to help stop them,” said Douglas Lingenfelter, director of SpyCloud’s Federal practice. “Unfortunately, criminals are relentless and innovative in their attacks, so we are constantly updating our data and methods to help election officials stay ahead.”

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

Despite increased concern and awareness about the attempts to attack elections, US elections are operated by state and county governments, many of which are small and ill-equipped to confront cyberthreats. 

More than 120 election officials across 31 states told the Brennan Center that their voting equipment was outdated and needed to be replaced before the election in 2020. Two-thirds of respondents said they did not have the funding they needed to get this done in time, even with all of the new money appropriated by Congress. 

Some 45 states are still using aging voting tools that are no longer made, making them extremely susceptible to attacks and breaches. On top of the outstanding software-related cybersecurity concerns inherent in using equipment that can’t be updated or patched, election commissions reportedly can’t even find replacement parts to physically maintain the machines. 

While the Department of Defense has confirmed that no actual votes were changed in 2016, all 50 states reported attempts to break into their system.

According to a press release, officials from CyberDefenses said the company “provides election jurisdictions with security services, including assessments that evaluate their processes and risks to cyberattacks” while SpyCloud focuses on breach data and fraud prevention solutions that help back up CyberDefenses’ assessments and continuously check election-related accounts against breach data used by criminals.

SEE: Identity theft protection policy (TechRepublic Premium)

The SpyCloud statement said the company focuses its efforts on breach data collection and a curation platform that handles account takeover prevention and fraud investigation solutions. CyberDefenses calls itself an “award-winning Managed Security Services Provider.”

There are more than 3,000 county governments and dozens of Secretary of State offices charged with administering and protecting local and federal elections. In reports released by the Defense Department, CISA and other government agencies, these county election departments are often the first places attackers look to infiltrate because they are generally smaller, have smaller staffs, and may not be as sophisticated as other offices. 

“SpyCloud is instrumental to the work we do in ensuring that every vote counts,” said Armando Ordonez, CEO of CyberDefenses. “It gives county governments an ‘over-the-horizon view’ of the cybercriminal landscape, with advanced information to protect elections from fraud and foreign interference, before it’s too late.”

The companies will be providing local election administrators with expertise, assessments, and recommendations to fill any gaps that may still exist in cybersecurity. SpyCloud’s statement said the company has people watching the dark web to search for any potential stolen credentials related to elections and election staff members, county elected officials, and device suppliers. 

Dark web monitoring has become a key component of security efforts because stolen credentials are still the easiest way many cyberattackers go after complicated systems. SpyCloud says it has a database of “more than 100 billion assets” that ituses to check all election-related accounts against. 

“Using SpyCloud’s recovered breach assets, CyberDefenses alerts the county when it cannot be determined whether the user logging in is legitimate or a criminal leveraging stolen credentials,” the press statement said. 

“When accounts are at risk, they can be locked down until they are re-secured with a password reset or step-up authentication procedure. CyberDefenses also uses SpyCloud’s data, including hundreds of millions of assets to research the infrastructure used in election fraud campaigns.”

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

In a white paper sent to TechRepublic, the company explained that election security has moved far beyond just protecting the physical voting machines, which is still an issue as well. After what happened in 2016, every person involved in an election in the United States has to be aware of how easy it is for someone to lock down a device using ransomware or steal passwords in other ways. 

Due to the coronavirus pandemic, a significant number of ballots will be sent through the mail, meaning the official count may not be released on the night of Election Day. But this is already causing problems both politically and with election cybersecurity. 

FBI officials sent out a memo this week expressing fear that election websites may be hacked to show false results before the votes have even been counted. In addition to the hacking of local election sites, there may also be a significant amount of disinformation online related to the results as well, with cyberattackers using dummy sites or fake portals to release fraudulent results and confuse the public. 

“SpyCloud’s ability to continuously monitor suppliers as well makes their partnership essential to our mission,” Ordonez said. 

“Anyone doing business with the county needs to be secure themselves, so they are not an entry point for bad actors attempting to interfere with elections. CyberDefenses also alleviates some of the burden by defining policies that counties can extend to their supplier network; fundamentals that must be met in order to remain a partner.”

Also see

Source link

Continue Reading


AWS re:Invent Day 1: Top 5 announcements include machine learning, storage innovations, and container capabilities


CEO Andy Jassy covered 24 new product announcements in his three-hour keynote on the first day of the virtual Amazon Web Services event.

Aurora is the fastest growing service in the history of AWS, CEO Andy Jassy said in announcing the next version of Amazon Aurora Serverless at AWS re:Invent.

The newest products and services from Amazon Web Services (AWS) extend cloud tools and services to on-prem installations, reduce the cost of machine learning operations, and create more storage options. AWS CEO Andy Jassy announced 24 new capabilities during the keynote at the first day of AWS re:Invent which is a virtual event this year. The news covered everything from customer service platforms and computer vision algorithms to machine learning operations and serverless deployments.

Jassy said the company has been focused on listening to customers and inventing more options for instances, containers, and serverless deployments. Reducing costs is always a priority as well, he said, so AWS engineers looked for ways to make common operations more cost efficient.

Here is a look at all the product news AWS announced today.

More support for machine learning

Jassy said that machine learning has been growing rapidly, and a lot of the costs are related to inference, not necessarily training the data initially. He said that cloud providers have not focused on reducing those costs. 

“Alexa has reduced their cost of inference by 30% and lowered their latency by 25% using our Inf1 instances,” he said.

SEE: Cloud data storage policy (TechRepublic Premium)

AWS is also working on reducing costs for training models with Habana Gaudi-based Amazon EC2 instances that will be available in 2021. AWS Trainium is another option for reducing costs and will be available in the second half of 2021. 

The company also announced five new industrial machine learning services:

  • Monitron for end-to-end machine monitoring that includes sensors, gateway, and machine learning service to detect abnormal equipment conditions that may require maintenance
  • Lookout for Equipment to give customers with existing equipment sensors the ability to use AWS machine learning models to detect malfunctions
  • AWS Panorama Appliance for customers with existing cameras in industrial facilities to use computer vision to improve quality control and workplace safety
  • AWS Panorama Software Development Kit (SDK) to allow industrial camera manufacturers to embed computer vision capabilities in new cameras
  • Lookout for Vision to use AWS-trained computer vision models on images and video streams to find flaws in products or processes

Axis, ADLINK Technology, BP, Deloitte, Fender, GE Healthcare, and Siemens Mobility are using these new machine learning services, according to a press release.

Bringing cloud container capabilities on prem

Jassy claimed that two thirds of the containers in the cloud run on AWS. AWS has three offerings for containers: Elastic Kubernetes Service, Elastic Container Service, and Fargate.

He said all three offerings continue to grow like weeds, and that many customers use all three services to accommodate a particular team or use case.

Jassy said customers have requested options to manage containers on premises as they make the transition to the cloud. The four new container capabilities announced today extend the same cloud tools to on-prem containers:

  • ECS Anywhere enables customers to run Amazon Elastic Compute Services in their own data centers
  • Amazon EKS Anywhere provides the ability to run Amazon Elastic Kubernetes Services in their own data centers
  • AWS Proton provides a new service to automate container and serverless application development and deployment
  • Amazon Elastic Container Registry Public provides developers a way to share and deploy container software publicly

New storage innovations

In his keynote presentation, Jassy emphasized the need to constantly reinvent products and services and to build what customers want. He said Amazon customers have been asking for more options for global content distribution, storage compliance, and data-sharing. These four storage innovations announced Tuesday meet those needs: 

  • Amazon EBS io2 Block Express volumes: A storage area network (SAN) built for the cloud, with up to 256,000 IOPS, 4,000 MB/second throughput, and 64 TB of capacity
  • Next-generation Amazon EBS Gp3 volumes: A new iteration that gives customers the ability to provision additional IOPS and throughput performance independent of storage capacity and is priced 20% lower per GB than previous generation volumes
  • Amazon S3 Intelligent-Tiering: Now includes S3 Glacier Archive and Deep Archive access to existing Frequent and Infrequent access tiers to automatically reduce storage costs for objects that are rarely accessed
  • Amazon S3 Replication (multi-destination): The ability to replicate data to multiple S3 buckets simultaneously in the same AWS Region or any number of AWS Regions 

Supporting a move to serverless installations

Aurora is the fastest growing service in the history of AWS, Jassy said in announcing the next version of Amazon Aurora Serverless

SEE: Top cloud providers in 2020: AWS, Microsoft Azure, and Google Cloud, hybrid, SaaS players (TechRepublic)

This new capability is designed in part to make it easier to migrate from SQL Server to Amazon Aurora. This new iteration includes these features:

  • Aurora Serverless v2 to accommodate hundreds of thousands of transactions in a fraction of a second, delivering up to 90% cost savings compared with provisioning for peak capacity
  • Babelfish for Aurora PostgreSQL to provide the ability to run SQL Server applications directly on Amazon Aurora PostgreSQL with little to no code changes 
  • Open source Babelfish for PostgreSQL to extend the benefits of the Babelfish for Amazon Aurora PostgreSQL translation layer which will be coming in 2021 under the permissive Apache 2.0 license in GitHub

Expanding analytics capabilities

Rahul Pathak, vice president of analytics at AWS, said in a press release that these new services represent an order-of-magnitude performance improvement for Amazon Redshift. These new services make it easier for customers to move data between data stores and to ask natural language questions in their business dashboards and receive answers in seconds, according to the company. The new options include:

  • Advanced Query Accelerator for Amazon Redshift provides a new hardware-accelerated cache to improve query performance  
  • AWS Glue Elastic Views lets developers build materialized views that automatically combine and replicate data across multiple data stores
  • Amazon QuickSight Q is a machine learning-powered capability lets users type questions about their business data in natural language and receive highly accurate answers in seconds

Five new capabilities for Amazon Connect 

Amazon Connect is the company’s customer service-in-a-box offering. John Hancock, Capital One, Intuit, Best Western, Fujitsu, GE Appliances, and Square use the service to make customer service more efficient, according to AWS. The new features announced today include

  • Connect Wisdom provides contact center agents with real-time information 
  • Connect Customer Profiles gives agents a unified profile of each customer  
  • Real-Time Contact Lens offers a new option for contact center managers to use during a call
  • Connect Tasks automates, tracks, and manages tasks for contact center agents
  • Connect Voice ID delivers real-time caller authentication using machine learning-powered voice analysis

Also see

Source link

Continue Reading


Skoltech scientists run a ‘speed test’ to boost the production of carbon nanotubes


Skoltech researchers have investigated the procedure for catalyst delivery used in the most common method of carbon nanotube production, chemical vapor deposition (CVD), offering what they call a “simple and elegant” way to boost productivity and pave the way for cheaper and more accessible nanotube-based technology. The paper was published in the Chemical Engineering Journal.

Skoltech scientists run a ‘speed test to boost the production

Image credit: Skoltech/Pavel Odinev

Single-walled carbon nanotubes (SWCNT), tiny rolled sheets of graphene with a thickness of just one atom, hold huge promise when it comes to applications in materials science and electronics. That is the reason why so much effort is focused on perfecting the synthesis of SWCNTs; from physical methods, such as using laser beams to ablate a graphite target, all the way to the most common CVD approach, when metal catalyst particles are used to “strip” a carbon-containing gas of its carbon and grow the nanotubes on these particles.

“The road from raw materials to carbon nanotubes requires a fine balance between dozens of reactor parameters. The formation of carbon nanotubes is a tricky and complex process that has been studied for a long time, but still keeps many secrets,” explains Albert Nasibulin, a professor at Skoltech and an adjunct professor at the Department of Chemistry and Materials Science, Aalto University School of Chemical Engineering.

Various ways of enhancing catalyst activation, in order to produce more SWCNTs with the required properties, have already been suggested. Nasibulin and his colleagues focused on the injection procedure, namely on how to distribute ferrocene vapor (a commonly used catalyst precursor) within the reactor.

They grew their carbon nanotubes using the aerosol CVD approach, using carbon monoxide as a source of carbon, and monitored the synthesis productivity and SWCNT characteristics (such as their diameter) depending on the rate of catalyst injection and the concentration of CO2 (used as an agent for fine-tuning). Ultimately the researchers concluded that “injector flow rate adjustment could lead to a 9-fold increase in the synthesis productivity while preserving most of the SWCNT characteristics”, such as their diameter, the share of defective nanotubes, and film conductivity.

“Every technology is always about efficiency. When it comes to CVD production of nanotubes, the efficiency of the catalyst is usually out of sight. However, we see a great opportunity there and this work is only a first step towards an efficient technology,” Dmitry Krasnikov, a senior research scientist at Skoltech and co-author of the paper, says.

Source: Skoltech

Source link

Continue Reading


Instagram Is Featuring a Giving Tuesday Shared Story to Highlight Accounts That Are Donating

instagram giving tuesday 1606818177431

Instagram is featuring a ‘Giving Tuesday’ story at the front of the stories section on the app today. It will highlight accounts you follow that have used the ‘I Donated’ or ‘Donation’ stickers. This is part of Instagram’s plan to encourage users to donate during the charitable season that lasts till Giving Tuesday. On its main and creators handles, the Facebook-owned company is also highlighting creators who are helping to make a difference in their communities.

Soon, Instagram will be testing a more permanent way for users to create and share fundraisers for non-profits within their feed. The company said in a blog post that with this new upcoming feature, users will be able to link to any eligible non-profit directly within their posts.

The “I Donated” or the “Donation” stickers, meanwhile, will be added to a shared story for a limited time. On using the donation sticker, your story will be added to the shared Giving Tuesday story on Instagram.

Besides spotlighting creators who are helping to make a difference in their communities on Instagram’s main handle and creators handle, the company is also offering tips on how you can give back — such as volunteering, making donations or simply making a kind gesture to someone in need.

The Facebook owned company noted some other ways users can show love to small businesses on the app, such as using “Support Small Businesses” or “Buy Black” stickers on Stories to highlight businesses to their followers. Other ways to encourage small businesses mentioned by Instagram include ordering directly from restaurants via Instagram and the @shop account which showcases people behind businesses and lets users shop directly.

Meanwhile, Facebook has also introduced new features to give back during the season. The tech giant has pledged to match up to $7 million in eligible donations to US non-profits made on Facebook on Giving Tuesday, (today). Drives was also launched on Facebook in the US — a Community Help feature that makes it easier to collect food, clothes, and other necessities for those in need.

iPhone 12 Pro Series Is Amazing, but Why Is It So Expensive in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Source link

Continue Reading