Today is your last chance to pre-order the Samsung Galaxy A54 5G smartphone for under $200
Today is your last chance to pre-order the Samsung Galaxy A54 5G smartphone for under $200. Learn more about this Samsung deal here.
Bayer’s New American CEO to Study Wounded Pharma Giant Before Acting
Bill Anderson said he needs time to get to know the German owner of Monsanto before offering any remedies for the its woes.
A Boss’s Guide to Leading Through Layoff Fears
Rule No. 1 for managing rattled employees: Be upfront about what you do and don’t know.
Justine Bateman is embracing getting older: How to feel beautiful and accept aging
Justine Bateman doesn’t mind seeing herself get older. Here’s what we can learn from her attitude toward aging.
Why the Giants were bolder this offseason about taking on injury risks
Joe Schoen has been careful not to gamble on players with risky injury histories, but this year he’s willing to roll the dice a bit more, and with good reason.
https://nypost.com/2023/04/05/why-the-giants-have-become-bolder-about-adding-injury-risks/
The Robots Have Finally Come for My Job
Could ChatGPT lay waste to millions of professional jobs, including journalists? Not if they figure out their real value.
FBI seizes Genesis Market, a notorious hacker marketplace for stolen logins
U.S. and international law enforcement agencies have seized Genesis Market, a notorious hacker marketplace used to acquire compromised credentials and digital browser fingerprints.
The FBI announced the takedown, dubbed “Operation Cookie Monster,” on Wednesday. Genesis Market domains now display a notice stating that the U.S. law enforcement officials have executed a seizure warrant. “Genesis Market’s domains have been seized by the FBI pursuant to a seizure warrant issued by the United States District Court for the Eastern District of Wisconsin,” the message reads.
In addition to the FBI, the notice says the takedown involved law enforcement agencies from the United Kingdom, Europe, Australia, Canada, Germany, Poland and Sweden.
The operation also saw about 120 people arrested and 200 searches carried out globally. The U.K’s National Crime Agency said it arrested 19 suspected site users, including two men aged 34 and 36, who are being held on suspicion of fraud and computer misuse. A senior FBI official told TechCrunch that arrests have also been made in the United States, but exact numbers were not confirmed.
“This is the biggest operation of its kind. We’re not just going after administrators or taking sites down; we’re going after users on a global scale,” the official said. They added that by obtaining Genesis Market’s computer systems, officials have identified approximately 59,000 users of the marketplace.
The FBI also provided data breach notification website Have I Been Pwned with “millions” of email addresses and passwords from the Genesis Market, which internet users can check to see if they were compromised.
Genesis Market has been active since 2017 as an invitation-only online marketplace that sells stolen credentials, cookies, and digital browser fingerprints gathered from compromised systems. These fingerprints, or “bots,” included IP addresses, session cookies, plugins and operating system details, enabling attackers to impersonate victims’ browsers to access their online banking and subscription services, such as Amazon and Netflix, without needing the victim’s password or two-factor token.
Before its shutdown, Genesis claimed that these browser fingerprints would be kept up to date for as long as it retained access to a compromised device.
“In other words, Genesis customers aren’t making a one-time buy of stolen information of unknown vintage; they’re paying for a de facto subscription to the victim’s information, even if that information changes,” Yusuf Arslan Polat, senior threat researcher at Sophos, said in an analysis of Genesis Market last year.
Even up to its seizure, the number of infected devices for sale on the marketplace was growing in size.
“In 2021, over 20,000 new bots a month were being added to the site,” said Cyril Noel-Tagoe, principal researcher at cybersecurity and bot management company Netacea. “The market was temporarily down in the middle of 2022, however despite this, by March 2023, the number of bots available for sale had grown to over 450,000.”
The FBI said that Genesis Market, since its inception, offered access to data stolen from over 1.5 million compromised computers worldwide containing over 80 million account access credentials. While overall financial losses have not yet been determined, the FBI says Genesis has made at least $8.7 million from the sale of stolen credentials, but noted that complete total losses likely exceed tens of millions of dollars.
According to reports, the now-defunct marketplace has been linked to millions of financially motivated cyber incidents globally. In June 2021, the hackers who breached gaming giant Electronic Arts claimed to gain access to the gaming giant by purchasing a $10 bot from Genesis Market that let them log into a company Slack account.
“As a result of the Genesis Market’s seizure, we expect to see an exodus of sellers and customers to competitor marketplaces,” Noel-Tagoe tells TechCrunch. “There are multiple other illicit marketplaces selling logs and credentials, although not on the scale of the Genesis Market. Alternatively, if a significant core of the Genesis Market administrators evade law enforcement, they may splinter off and create a new version of the site.”
The takedown of Genesis Market comes just weeks after the FBI gained access to the infamous BreachForums hacking forum and arrested a 20-year-old New York man accused of running the site. It also comes after U.S. law enforcement last year announced the takedown of SSNDOB, a notorious marketplace used for trading the personal information — including Social Security numbers — of millions of Americans.
Updated with additional information from the FBI.
FBI seizes Genesis Market, a notorious hacker marketplace for stolen logins by Carly Page originally published on TechCrunch
https://techcrunch.com/2023/04/05/fbi-genesis-market-seized-stolen-logins/
Cubs vs. Reds prediction: Ex-Mets starter will propel Chicago
The Cubs are the picks over the Reds for Stitches on Wednesday.
https://nypost.com/2023/04/05/cubs-vs-reds-prediction-ex-mets-starter-will-propel-chicago/
Cranium launches out of KPMG’s venture studio to tackle AI security
Several years ago, Jonathan Dambrot, a partner at KPMG, was helping customers deploy and develop AI systems when he started to notice certain gaps in compliance and security. According to him, no one could explain whether their AI was secure — or even who was responsible for ensuring that.
“Fundamentally, data scientists don’t understand the cybersecurity risks of AI and cyber professionals don’t understand data science the way they understand other topics in technology,” Dambrot told TechCrunch in an email interview. “More awareness of these risks and legislation will be required to ensure these risks are addressed appropriately and that organizations are making decisions on safe and secure AI systems.”
Dambrot’s perception led him to pitch KPMG Studio, KPMG’s internal accelerator, on funding and incubating a software startup to solve the challenges around AI security and compliance. Along with two other co-founders, Felix Knoll (a “growth leader” at KPMG Studio) and Paul Spicer (a “product owner” at KPMG), and a team of about 25 developers and data scientists, Dambrot spun out the business — Cranium.
To date, Cranium, which launches out of stealth today, has raised $7 million in venture capital from KPMG and SYN Ventures.
“Cranium was built to discover and provide visibility to AI systems at the client level, provide security reporting and monitoring, and create compliance and supply chain visibility reporting,” Dambrot continued. “The core product takes a more holistic view of AI security and supply chain risks. It looks to address gaps in other solutions by providing better visibility into AI systems, providing security into core adversarial risks and providing supply chain visibility.”
To that end, Cranium attempts to map AI pipelines and validate their security, monitoring for outside threats. What threats, you ask? It varies, depending on the customer, Dambrot says. But some of the more common ones involve poisoning (contaminating the data that an AI’s trained on) and text-based attacks (tricking AI with malicious instructions).
Cranium makes the claim that, working within an existing machine learning model training and testing environment, it can address these threats head-on. Customers can capture both in-development and deployed AI pipelines, including associated assets involved throughout the AI life cycle. And they can establish an AI security framework, providing their security and data science teams with a foundation for building a security program.
“Our intent is to start having a rich repository of telemetry and use our AI models to be able to identify risks proactively across our client base,” Dambrot said. “Many of our risks are identified in other frameworks. We want to be a source of this data as we start to see a larger embedded base.”
That’s promising a lot — particularly at a time when new AI threats are emerging every day. And it’s not exactly a brand-new concept. At least one other startup, HiddenLayer, promises to do this, defending models from attacks ostensibly without the need to access any raw data or a vendor’s algorithm. Others, like Robust Intelligence, CalypsoAI and Troj.ai, offer a range of products designed to make AI systems more robust.
Cranium is starting from behind, without customers or revenue to speak of.
The elephant in the room is that it’s difficult to pin down real-world examples of attacks against AI systems. Research into the topic has exploded, with more than 1,500 papers on AI security published in 2019 on the scientific publishing site Arxiv.org, up from 56 in 2016, according to a study from Adversa. But there’s little public reporting on attempts by hackers to, for example, attack commercial facial recognition systems — assuming such attempts are happening in the first place.
For what it’s worth, SYN managing partner Jay Leek, an investor in Cranium, thinks there’s a future in AI robustness. It goes without saying that of course he would, given he’s got a stake in the venture. Still, in his own words:
“We’ve been tracking the AI security market for years and have never felt the timing was right,” he told TechCrunch via email. “However, with recent activity around how AI can change the world, Cranium is launching with ideal market conditions and timing. The need to ensure proper governance around AI for security, integrity, biases and misuse has never been more important across all industries. The Cranium platform instills security and trust across the entire AI lifecycle, ensuring enterprises achieve the benefits they hope to get from AI while also managing against unforeseen risks.”
Cranium currently has around 30 full-time employees. Assuming business picks up, it expects to end the year with around 40 to 50.
Cranium launches out of KPMG’s venture studio to tackle AI security by Kyle Wiggers originally published on TechCrunch
Commentary: The best theater in L.A. right now? It’s in Pasadena
Pasadena Playhouse’s producing artistic director, Danny Feldman, has proved that growth is still possible in a time of spiraling crisis for American theater.