chief security officer

Artificial Intelligence Security Research released Inspect, an open-source testing platform designed to assess the safety and performance of AI models.Inspect detects the core knowledge, reasoning and autonomy of AI models, fostering the development of the global AI community, and Inspect becomes a cornerstone of AI security research.

According to The Guardian, Google Cloud Services recently suffered a major, never-before-seen misconfiguration incident that resulted in the deletion of a cloud subscription account for Australia's UniSuper fund and a week-long disruption in service.
UniSuper is a not-for-profit pension fund that manages a massive $125 billion with over half a million investors.
Although UniSuper made data backups in two cloud regions of Google Cloud, this major incident was caused by account deletions, resulting in the loss of both backups at the same time, which did not provide protection.
It was good that UniSuper had data backed up with other storage providers as well, which minimized the damage caused by this incident and accelerated the process of UniSuper's recovery of data on Google Cloud.

A critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks PAN-OS software has been actively exploited by the hacker group UTA0218 in an attack campaign codenamed "Operation Midnight Eclipse". The vulnerability allows attackers to plant a Python backdoor program, gain system privileges, and perform lateral movement and data theft on the victim's network. Affected devices include PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the GlobalProtect gateway and device telemetry enabled.Palo Alto Networks has issued a security advisory with a remediation patch, and recommends users update as soon as possible.

The development of China's data factor market is on the road from resourceization to assetization, and the typical feature of data assetization is that data can play its role as a factor of production through circulation in a wider range outside the generating subject.
In terms of specific data asset valuation methods, the main ones elaborated in the existing literature are the cost method, the market method, the income method and the valuation technique method. For the cost method, although it has the characteristics of simple operation and easy landing, it also has the disadvantages of easy underestimation of value and difficult to accurately measure. For the market approach, although it can be more objective, truly reflect the value of data assets, and easy to be accepted by the market, but because of the need to have an open and active trading market, so it is difficult to practice on a wide scale in the short term. For the income approach, although it can better highlight the intrinsic value of the data, but due to the difficulty of reliable measurement of the future earnings of data assets, it is also difficult to land in the operation. For the valuation technique method, although it combines the advantages of fully reflecting the true value of data, not requiring an active market, and not having to accurately measure the future earnings of data assets, it is still in the exploratory stage because it requires a large amount of data on the value of data assets to be obtained in advance to train the model.

Up to 100 malicious artificial intelligence (AI)/machine learning (ML) models have been found in the Hugging Face platform.

Significant progress has been made in the field of AIGC (AI Generated Content). However, technological advances always come with new challenges, and security issues in the AIGC field have come to the fore. The report will deeply analyze the security risks of AIGC and propose solutions.

Large Internet enterprises in the exploration of enterprise information security, and gradually put forward the concept of security operations. For the ultimate guarantee of enterprise security needs, but also as an important responsibility of security operations, it is necessary to close the loop on all aspects of enterprise security through security operations practitioners.

There are a wide variety of cybersecurity-related certifications, and there are international cybersecurity experts who have conducted a detailed inventory. You may wonder if there is an inventory of the development and status of cybersecurity certifications. Please refer to the Security Certification Roadmap.

Encryption of critical business data is an important measure to prevent leakage and unauthorized access to an organization's sensitive information. By implementing strong encryption technologies and strategies, organizations can mitigate business risks in the development of digital transformation and maintain the confidentiality, integrity and availability of their core data assets. But how should organizations choose the right encryption technologies, methods and tools?

Google has open sourced the Magika artificial intelligence (AI) file recognition tool.Magika utilizes deep learning models to improve the accuracy and speed of file type recognition. This tool is primarily geared for use by cybersecurity personnel to more accurately detect binary and text file types.