New Phishing Tactic Hijacks Email Protections to Mask Links

These attacks illustrate how sophisticated phishing tactics have become, exploiting email protection services to mask malicious links. This tactic makes phishing emails appear more legitimate and harder to detect by both users and email filters. To safeguard against such threats, it is crucial to verify the authenticity of emails, avoid clicking on links from unexpected sources, and implement comprehensive security measures, including multi-factor authentication and regular updates to security systems. Staying informed about the latest phishing strategies can significantly reduce the risk of falling victim to these attacks.


FREE PDF Download: DOWNLOAD
* We do not require any contact information for download.

Building a Basic Chatbot with TensorFlow and JavaScript

chatbot.js Breakdown and Explanation

This guide explains how to create a simple chatbot using TensorFlow and JavaScript. The chatbot utilises the Universal Sentence Encoder (USE) model to comprehend user input and generate appropriate responses. We'll cover the steps to set up the environment, preprocess data, create and train the model, and build a web interface for chatbot interaction.

This script sets up a basic chatbot using TensorFlow.js and the Universal Sentence Encoder. It recognises user intents from inputs and provides corresponding responses.


Download FREE PDF of the breakdown here: FREE PDF Download

Download FREE complete “chatbot.js” script here: FREE complete script download

*We do not ask for and/or collect personal details or credentials for downloads.

Google's Gemini AI caught scanning Google Drive hosted PDF files without permission! GDPR violation!

Recently, Google’s Gemini AI has been under scrutiny for allegedly scanning PDF files hosted on Google Drive without user permission. This issue has raised significant concerns, particularly in Europe, where the General Data Protection Regulation (GDPR) enforces strict rules on data privacy and user consent.

Overview of the Incident

Google’s Gemini AI, touted as a cutting-edge AI model designed to enhance various applications, has reportedly been accessing and scanning PDF files stored in users' Google Drive accounts without explicit permission. Users discovered that the AI could read and analyse these documents, raising alarms about privacy and data security​.

GDPR and Privacy Violations

The GDPR, which came into effect in May 2018, sets rigorous standards for data protection and privacy in Europe. One of its core principles is that personal data should not be processed without clear and explicit consent from the user. This regulation aims to ensure that individuals have control over their personal data and are informed about how it is being used.

Key GDPR Principles Potentially Violated by Google’s Gemini AI

Lawfulness, Fairness, and Transparency: Under GDPR, data processing must be lawful, fair, and transparent to the data subject. The reported actions of Gemini AI scanning files without user consent violate this principle as users were neither informed nor did they consent to such scanning.

Purpose Limitation: Data should only be collected for specified, explicit, and legitimate purposes. Using AI to scan documents without informing users contravenes this rule as the users were not aware that their data would be used in this manner.

Data Minimization: Only data that is necessary for the specified purpose should be collected and processed. Scanning entire documents without clear justification or user consent goes against this principle.

Consent: GDPR requires that users give explicit consent for data processing activities. The lack of a feature to disable the AI’s scanning functionality further aggravates the situation, as users cannot opt-out of this data processing.

Implications of the Breach by GOOGLE’s Gemini AI

The unauthorized scanning by Gemini AI could have severe repercussions for Google. Under GDPR, companies can be fined up to 4% of their global annual revenue or €20 million (whichever is higher) for serious breaches. This incident could lead to significant financial penalties and damage to Google’s reputation if found in violation of GDPR.

Impact on Users and Broader Concerns

For users, especially those in Europe, this breach is a gross violation of their privacy rights. It undermines trust in digital platforms and raises broader concerns about data security and the ethical use of AI. Users expect their data to be handled with utmost care and transparency, and incidents like this highlight the potential for misuse and the need for stringent oversight.

Moving Forward

To address these concerns, Google will need to take immediate and transparent steps to rectify the issue. This includes:

Transparency: Clearly informing users about how their data is being used by AI technologies like Gemini.

Consent Mechanisms: Implementing robust consent mechanisms that allow users to opt-in or out of such features.

Compliance: Ensuring that all data processing activities comply with GDPR and other relevant data protection laws.

Conclusion for GOOGLE’s Gemini AI

The case of Google’s Gemini AI scanning Google Drive hosted PDF files without permission is a stark reminder of the importance of data privacy and compliance with regulations like GDPR. It emphasizes the need for companies to adopt transparent data practices and respect user consent to maintain trust and avoid legal repercussions.

Tech Giants' Energy Consumption: Environmental Impact and Sustainable Solutions

In recent years, Google and Microsoft have become some of the world's largest energy consumers, each using more power annually than many medium-sized countries. In 2023, both tech giants consumed approximately 24 terawatt-hours (TWh) of electricity, surpassing the total electricity consumption of countries like Iceland and Ghana. This massive energy consumption is primarily driven by their extensive data centres, which support a wide range of services including search engines, cloud computing, and artificial intelligence (AI) applications.

Download a FREE PDF outlining the details here: FREE PDF

*We do not ask for details, credentials or personal information

From Flames to Fame: Navigating Personal Challenges and Celebrating Professional Milestones

Dear Esteemed Colleagues and Friends,

I trust this message finds you in better shape than I currently am!

The opening act of my 2024 could best be described as a dramatic blend of misfortune and triumph. A few days back, I engaged in an unscheduled tango with adversity, resulting in first-degree burns on my left hand. Thankfully, my quick dancing footwork spared my face and eyes from making an unwanted cameo in this fiery dance. My recovery playlist for the next 3 to 4 months features a heavy rotation of bandage wraps and the hit single, "Every 2 to 3 Days at the Medical Center." Let's just say, I've inadvertently kick-started a new trend in hand accessories.

On a brighter note, amidst this personal pyrotechnic mishap, I received a beacon of excellent news. EC-Council, my training courses vendor I've been in harmony with for the past two decades, has decided to encore my performance with the prestigious Instructor Circle Of Excellence Award 2023 (https://www.eccouncil.org/ec-council-global-awards/). This isn't my first tour with this accolade, but let me tell you, this time it feels like I've gone platinum.

This award is the proverbial cherry atop a Sundae of two decadent, fulfilling decades with EC-Council products. It's a testament to the incredible feedback loop we've created together—your support, incredible student feedback, critiques, and applause have been instrumental in this achievement. For that, I owe you all a standing ovation.

So, as I juggle my new, somewhat less desirable role as a part-time mummy (of the bandaged variety) and a full-time Cybersecurity Professional, I look forward to what the future holds. Here's to more accolades, hopefully less spontaneous combustion, and a reminder that sometimes, life throws you a curveball—or in my case, a fireball—but we always come out stronger (and perhaps a bit more charred).

Thank you once again for your unwavering support.

May our future endeavors be accident-free and our victories plentiful.

Toasting to our continued success and safety

Regards

Dimitrios Zacharopoulos

Talk to your databases using AI and Vanna!

Vanna is an innovative tool available on GitHub that facilitates chatting with SQL databases. It achieves accurate Text-to-SQL generation using Large Language Models (LLMs) in conjunction with Retrieval-Augmented Generation (RAG).

This approach allows for effective and precise interaction with databases through natural language queries. The tool is developed using Jupyter Notebook and Python, with its source code and documentation accessible for users interested in implementing or contributing to its development.

For more details and to explore the tool further, visit Vanna on GitHub (https://github.com/vanna-ai/vanna)

Wokwi online IoT simulator

Wokwi is an online simulation tool that enables the development and testing of Internet of Things (IoT) projects in a browser environment. It supports various platforms like Arduino (Uno, Mega, Nano), ESP32, STM32, and Pi Pico.

Users can start projects using popular programming languages including Rust and MicroPython. Wokwi is suitable for simulating IoT and Arduino projects, with features like an ESP32 NTP Clock, MicroPython MQTT Weather Logger, and more.

It's an innovative tool for developers and hobbyists to experiment and learn without needing physical hardware.

For more detailed information, please visit https://wokwi.com

Benefits of AI in Business

Unlocking the AI Revolution in Business

Welcome to the grand adventure of Artificial Intelligence (AI) in business! From the silent heroics of everyday AI, optimizing tasks and enhancing productivity, to the dazzling world of Generative AI, painting masterpieces from data, our journey begins. AI is no longer science fiction; it's our business partner.

Generative AI, the Picasso of tech, crafts music, art, and more. It's your Swiss Army knife, crystal ball, and secret weapon. Efficiency soars, innovation accelerates, and personalization thrives with AI by your side.

But beware the quirks - unreliable data, ethical dilemmas, and quality control pitfalls. Before you dive in, ask the tough questions, ensure transparency, and protect privacy.

Join us on this AI Odyssey, where the future is bright, and AI is your guiding star. Let's conquer the ever-evolving world of business together!

DOWNLOAD YOUR FREE COPY TODAY!:
Benefits of: Artificial Intelligence in Business
https://www.obi.academy/free-downloads

(we respect your privacy and we do not require any email address or contact details for downloading)

In today's world of misinformation and disinformation one cannot trust companies anymore with Internet data, so we need to archive ourselves to be sure!

ArchiveBox is an open-source, self-hosted web archiving solution that allows users to save and archive web content. It's designed to take various inputs like URLs, browser history, bookmarks, and content from services like Pocket and Pinboard, and then save them in multiple formats including HTML, JavaScript, PDFs, and media files.

The tool is versatile and can be set up in several ways, including as a command-line tool, a web app, and a desktop application (which is still in the alpha stage). It's compatible with multiple operating systems such as Linux, macOS, and Windows.

One of the key features of ArchiveBox is its ability to save snapshots of URLs in various formats like HTML, PDF, PNG screenshots, and WARC, among others. This ensures that the content is preserved in durable and accessible formats for long-term access.

The installation process varies based on the operating system and includes methods such as using Docker, Homebrew (for macOS), apt (for Debian/Ubuntu), or pip for a Python-based installation. After installation, you need to initialize a new directory for your archive collection and can then start adding URLs to this collection. There's also an option to schedule regular imports from different sources.

ArchiveBox provides a self-hosted web UI that allows users to view and manage their archived content. For command-line enthusiasts, it offers a comprehensive command-line interface to manage the archive.

The developers of ArchiveBox emphasize the importance of it being free and open-source, without the need for signing up for any service, and storing all data locally. This approach aligns with the tool's goal to ensure that users can keep a personal archive of internet content that they find valuable.

This is an invaluable tool if you wish to stay ahead of the curb and not be fooled by the data on the internet by either misinformation of disinformation, which is today an epidemic and systemic problem online.

For more detailed information on the installation process, usage, and features of ArchiveBox, you can visit their GitHub page (https://github.com/ArchiveBox/ArchiveBox) and official documentation https://archivebox.io/).

CurlyQ enhances the functionality of the curl command

CurlyQ is a utility tool developed by Brett Terpstra, designed to enhance the functionality of the curl command, which is commonly used for transferring data to or from a server. CurlyQ provides a more user-friendly interface and adds several features useful for tasks like web scraping and processing web data.

Some key features of CurlyQ include:

Enhanced Curl Functionality: It acts as a helper for the curl command, allowing users to easily grab web page contents and providing a breakdown of metadata, page images, links, and even handling dynamic pages loaded through JavaScript.

Scripting Pipeline Integration: CurlyQ is designed for use in scripting pipelines, simplifying tasks like extracting page titles, finding images, or validating links on a web page. It allows querying of results based on various attributes.

Element Retrieval: The tool incorporates Nokogiri, enabling element selection using CSS selectors or XPaths, and supports output in JSON or YAML formats.

Failure Handling: CurlyQ includes multiple User Agent strings and custom headers to handle request failures, retrying with different User Agent strings if necessary. It also has the capability to handle gzipped data.

Screenshot Capability: It can take screenshots of web pages in different modes like full page, visible page, or print output. This feature particularly works well with Firefox.

JSON Response Handling: CurlyQ has limited support for handling JSON responses, focusing on GET requests and providing response headers along with the parsed JSON results.

CurlyQ is still under development, with plans for future enhancements like adding POST capabilities and further developing its web scraping functionality. Terpstra encourages feedback from users to improve and expand the tool's capabilities.

For more detailed information and updates, you can visit the GitHub page of CurlyQ (https://github.com/ttscoff/curlyq) and Brett Terpstra's blog post (https://brettterpstra.com/2024/01/10/introducing-curlyq-a-pipeline-oriented-curl-helper/) introducing CurlyQ.

Dimitrios Zacharopoulos
Noabot is a modified version of the infamous Mirai malware and it's now attacking SSH connections with weak credentials

In a recent Ars Technica article a discussion on a new and sophisticated worm that has been targeting Linux devices globally for the past year was documented. This worm, named NoaBot, is a modified version of the infamous Mirai malware. Originally, Mirai became notorious in 2016 for initiating large-scale Distributed Denial-of-Service (DDoS) attacks. The unique aspect of Mirai is its ability to infect devices and then use them as a platform to spread to other vulnerable devices, a characteristic that categorizes it as a worm because it self-replicates.

The main difference with NoaBot, compared to traditional Mirai attacks, is its method of propagation and the nature of the attack. Instead of exploiting weak Telnet passwords, NoaBot targets SSH connections with weak passwords. Once it infects a device, it doesn't just stop there. Unlike the original Mirai, which was primarily used for launching DDoS attacks, NoaBot installs a cryptomining application on the infected devices. This cryptomining malware is designed to be difficult to detect, employing unique methods to conceal its activities.

The worm's approach, combining the use of common hacking techniques with new, more covert methods of operation, makes it particularly dangerous. Given the large bandwidth capacities of many infected devices, the worm can generate significant amounts of junk traffic, empowering the botnet substantially.

This situation highlights the ongoing threat posed by cybercriminals and underscores the need for robust cybersecurity measures. Key preventive actions include using strong and unique passwords, especially for SSH connections, and staying updated with the latest malware detection tools and cybersecurity practices.

For more detailed information, you can read the full article on Ars Technica (https://upmytech.com/linux-devices-are-under-attack-by-a-never-before-seen-worm-ars-technica/), and additional insights are available on Digital Chew (https://digitalchew.com/2024/01/10/virulent-mirai-based-malware-worm-attacks-linux-devices-globally/).

SSH-Snake, a tool developed for automatic traversal of networks using SSH private keys

joshua.hu, introduces SSH-Snake, a tool developed for automatic traversal of networks using SSH private keys. This tool is designed to find SSH private keys on the current system, identify potential hosts or destinations for these keys, and then attempt SSH connections to all discovered destinations.

SSH-Snake is unique in its recursive ability to repeat these tasks at each new destination, making it self-replicating and self-propagating.

The tool's primary function initially was to create visual representations of systems accessed via compromised SSH private keys, aiding in understanding network connections and dynamics.

For more detailed information, please visit the website: https://github.com/MegaManSec/SSH-Snake

9 Steps To - Effective Strategies for Integrating AI Automation into Your Process Orchestration Workflows

The document "9 Steps To - Effective Strategies for Integrating AI Automation into Your Process Orchestration Workflows" by Dimitrios Zacharopoulos, published by Obipixel Ltd & Obi.Academy, offers a comprehensive guide on integrating AI-powered automation into business process orchestration. It covers various aspects such as the potential of AI automation, predictive and generative AI, challenges in AI implementation, augmented intelligence, and custom AI integrations.

Key topics include:

  • The Potential of AI-Powered Automation: Discussing the transformative impact of AI in various domains.

  • Process Orchestration Possibilities: Exploring how AI can be used to orchestrate complex business processes.

  • Predictive AI: The use of AI for predicting future trends based on data insights.

  • Generative AI: Focusing on the creative potential of AI in automating and enhancing processes.

  • Challenges in AI Automation: Addressing common obstacles and how to overcome them.

  • Augmented Intelligence: Enhancing decision-making processes with AI assistance.

  • Custom AI Integrations: Tailoring AI solutions to specific business needs for improved process orchestration.

The guide emphasises the importance of a strategic approach to AI integration, highlighting the benefits of enhanced efficiency and the potential for innovative solutions in process management. It's designed for both technical and business professionals seeking to leverage AI for process improvement and competitive advantage.


DOWNLOAD YOUR FREE COPY TODAY!:
9 Steps To - Effective Strategies for Integrating AI Automation into Your Process Orchestration Workflows
https://www.obi.academy/free-downloads

(we respect your privacy and we do not require any email address or contact details for downloading)

Macs can now inform Apple if any liquids have been detected in the USB-C ports

Apple's warranty policy does not cover damage from liquids, even for its water-resistant devices such as iPhones, Apple Watches, and certain AirPods models. To identify liquid exposure, Apple employs various detection methods. In their latest Mac computers, Apple has introduced a system to detect liquid presence in USB-C ports. As reported by 9to5Mac, macOS Sonoma 14.1 features a new system component called “liquiddetectiond.” This tool is specifically designed to detect when a Mac has come into contact with liquids, particularly monitoring each USB-C port for any signs of liquid exposure.

The system, known as "Liquid Detection and Corrosion Mitigation Daemon," functions similarly to a feature in iPhones and iPads. In these devices, the system alerts users when liquid is detected in the connector, advising them to disconnect the charging cable to avoid damage. On Macs, this daemon appears to be focused more on gathering diagnostic data rather than providing direct alerts to users. It's speculated that Apple might use this data to help technicians determine whether a Mac qualifies for complimentary repairs under certain conditions.

In addition to this new digital detection method, Apple's laptops and some keyboards already include Liquid Contact Indicators (LCI). These indicators, placed strategically within the devices, change color upon contact with liquids, aiding in the assessment of liquid damage. The addition of a digital detector in USB-C ports is another step to ensure accurate diagnostics when evaluating liquid exposure in Macs.

Currently, it remains unclear if this new detection system is compatible with all Macs running the latest macOS version or if it is exclusive to Macs with the M3 chip, possibly due to additional hardware requirements.

https://9to5mac.com/2023/11/03/macs-liquids-detected-in-usb-c-ports/

DARPA Moves Forward on X-65 Technology Demonstrator

Aurora Flight Sciences has been chosen by DARPA to construct a large-scale X-plane, showcasing the feasibility of using active flow control (AFC) actuators as the main mechanism for flight control. This forms Phase 3 of the Control of Revolutionary Aircraft with Novel Effectors (CRANE) initiative.

Rewinding to December 1903, when the Wright brothers achieved a breakthrough in aviation with the first fully controllable aircraft using wing warping, nearly every subsequent aircraft has relied on traditional, movable external control surfaces for maneuvering.

The innovative X-65 aircraft disrupts this long-standing design approach by employing air jets from a pressurized source to manipulate airflow over its surface. Utilizing AFC effectors on multiple surfaces, it controls the aircraft's roll, pitch, and yaw. This design, devoid of external moving parts, aims to reduce weight and complexity while enhancing performance.

https://www.darpa.mil/news-events/2024-01-03

What has changed with the Apple M3 chips?

If you peruse the initial evaluations of Apple's latest Macs powered by the M3 chip, you might get the impression that not much has altered within their CPU cores, aside from some number tweaks and an increase in the peak frequency of their P cores. With my early arrival of the MacBook Pro 16-inch M3 Max, this article offers an initial assessment of the modifications within their CPU cores and how these changes may influence your selection of the right chip for your next Apple silicon Mac. In line with Apple's approach, I will draw comparisons between the M1 and M3 chips, as, in most of the aspects discussed here, the M2 CPU cores did not undergo as significant a transformation from those found in the M1, and I have had the opportunity to test four different M1 models.

Download FREE Article