For Immediate Release 23 August 2023 Alyce achieves critical information security milestone Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation, today announced that it has helped its client, Alyce, Inc., complete the Service Organization Control (SOC) 2 Type […]
For Immediate Release 27 July 2023 H2O.ai receives a SOC 2 Type 2 Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped H2O.ai., successfully complete the Service Organization Control (SOC) 2 Type 2 […]
For Immediate Release 28 March 2023 H2O.ai receives a SOC 2 Type 1 Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped H2O.ai., successfully complete the Service Organization Control (SOC) 2 Type 1 […]
For Immediate Release 24 February 2023 Sense receives a SOC 2 Type 2 Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped Sense Labs, Inc. (Sense) successfully complete the Service Organization Control (SOC) […]
This is really interesting research from a few months ago:
Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners.We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key,” the mechanism is hidden and cannot be detected by any computationally-bounded observer. We demonstrate two frameworks for planting undetectable backdoors, with incomparable guarantees…
For Immediate Release 23 February 2023 Silverbills receives a SOC 2 Type 2 Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped Silverbills successfully complete the Service Organization Control (SOC) 2 Type 2 […]
The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “The Cyber Defense Assistance Imperative Lessons from Ukraine.”
Its conclusion:
Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others. But this is not the end of the road—the ability to provide cyber defense assistance will be important in the future. As a result, it is timely to assess how to provide organized, effective cyber defense assistance to safeguard the post-war order from potential aggressors…
Here’s a story about a hacker who reprogrammed a device called “Flipper Zero” to mimic Opticom transmitters—to turn traffic lights in his path green.
As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the device receive data (or transmit it, with the right firmware in approved regions) on the same wireless frequencies as keyfobs and other devices. Most traffic preemption devices intended for emergency traffic redirection don’t actually transmit signals over RF. Instead, they use optical technology to beam infrared light from vehicles to static receivers mounted on traffic light poles…
Original release date: February 21, 2023CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2022-47986 IBM Aspera Faspex Code Execution Vulnerability
CVE-2022-41223 …
Original release date: February 21, 2023CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2022-47986 IBM Aspera Faspex Code Execution Vulnerability
CVE-2022-41223 …