CyberInsights Weekly #18
Your weekly dose of learnings from cybersecurity news
I. Cataloguing threats to ML systems
Microsoft, along with 12 other organisations, has released the ‘adversarial ML threat matrix’. They have created a library of ML threats and mapped it to the MITRE ATT&CK framework.
Threats to machine learning, you ask? Read about the Adversarial machine learning 101 here.
CISO Check:
Do you have an inventory of the AI & ML based systems used in your organisation?
Do you perform threat modelling of these systems?
II. Checking for breached passwords
The CISO’s woes with checking for use of breached passwords continue. Have I been pawned APIs are available for developers, but integrating with authentication systems like active directory requires some skills.
A recent article discusses a few mechanisms for checking breached passwords in your active directory. There is a reference to a free password audit tool that can do this.
While we have no idea if this works well, it is worth exploring.
CISO Check:
How do you detect the use of breached passwords in your customer and corporate applications?
If your applications rely on third party credential service providers, how do you check for breached password usage?
III. Quote of the week
On the Internet, nobody knows you’re a dog. - Peter Steiner, New Yorker
Have an original interesting cybersecurity quote? Let us know in the comments and we will publish it along with your name in our quotes section.